Hi,

30.09.2009 13:38, baculalist AT encambio DOT com wrote:
> Hello List,
> 
> Although there's some information on 'Dealing_with_Firewalls.html'
> about this, it seems to not describe the solution to this problem.
> 
> Problem:
> A single storage daemon listens on 64.12.34.56 AND 192.168.1.2,
> and provides a certificate (myhost.domain.com corresponding to
> 64.12.34.56) to incoming connections from directors and file
> daemons. Incoming connections to 192.168.1.2 fail, because
> mycert.domain.com only resolves to the first of the two IP
> addresses. The configuration keyword TLS Require is set to
> 'yes' (as it should be.)

Definitely challenging :-)

> This seems to be a design problem in any daemon that can listen
> on multiple addresses. Because Kern just today said that he puts
> emphasis on design, I'm wondering what is wrong with this picture.
> 
> The OSs involved are Solaris IA32 and Linux X86_64, while all
> Bacula versions are 3.0.2. Should I post a bacula-sd.conf?
> 
> Tested solution:
> I've tried running two almost identical storage daemons. In this
> case there are two configuration files, only differening in the
> listening IP address and having two different certificates. Although
> this should work, running 'bacula-sd <options> -c second-sd.conf'
> fails silently and no new bacula-sd process is created.

Have you set a different Name, Working Directory and, most important, 
a different SDPort in the configuration?

> What is the proper way to go about listening on two subnets while
> presenting the proper certificate to incoming TLS connections?

I guess the Bacula TLS implementation would need some work. Apart from 
that, different host names with their "own" certificates might be 
required.

I guess this might become a feature request...

Arno

> Regards,
> Eduard
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
> http://p.sf.net/sfu/devconf
> _______________________________________________
> Bacula-users mailing list
> Bacula-users AT lists.sourceforge DOT net
> https://lists.sourceforge.net/lists/listinfo/bacula-users
> 

-- 
Arno Lehmann
IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück
www.its-lehmann.de

------------------------------------------------------------------------------
Come build with us! The BlackBerry&reg; Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9&#45;12, 2009. Register now&#33;
http://p.sf.net/sfu/devconf
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users