Sync - with IP address
Hi guys,
I'm trying to improve our database by using the synchronisers since I have everything manually added in the past. Either AD or CSV look to be good.
However since this will be from an external domain, I guess it has to be CSV since I couldn't see a way to use AD with a VPN (SSH) tunnel?
While I was able to apply a RDP template to these sync'd connections; to be able to use the VPN connection I need the hostname to be 'localhost' rather than session/common/fqdn since they are all unknown without them being in local DNS or hosts file. I tried using 'localhost' in my template but it is ignored.
Also, because I use the VPN, it's configured with the $IP$ variable to connect to. Is it possible to populate that field within the connection properties from the synchronisers?
Maybe there are better ways, which I am open to as well.
All Comments (5)
If not built in, will I need to use a script.
Something like this? https://forum.devolutions.net/topic26523-add-the-ip-address-to-all-entries.aspx
Although, will need help with how to import from a csv for that.
I have just now found that I can create a SSH tunnel to the customer AD LDAP, and then add the tunnelled connection to the AD sync and that works. So I just need to change the hostname to localhost, and get the $IP$ for the VPN connection to be successful
Hello,
I'm thoroughly confused, adding our typical VPN section to our synchronizer family would be a good idea, but I do not understand how you've added a tunnelled connection to the AD sync.
Let's say that
Please respond to the following:
Sorry about those questions.
Maurice
I first have a putty connection to create the tunnel to the AD server (ie: 55555:10.1.1.1:389)
Then within the AD sync, I use 'localhost:55555' and add all of the ldap details.
It works to lookup and sync the servers within AD
However, without using any of the AD sync, the way I currently connect to each connection is I manually create the RDP session.
- The hostname (Computer) of the connection is 'localhost'
- The VPN settings in that session are to open SSH to the jump server using a dynamic port open a connection to the remote server (using $IP$ variable) since the IP of that server has manually been added to the Information properties.
I hope this helps explain?
Hello,
There are two topics in this thread
For that latter point, you also go through a SSH tunnel, but you are hitting the issue that we do not have support for a Dynamic port forwarder from within RDM. This would allow the definition of a single forwarder. We have completed the first phase which is to offer a dynamic forwarder. Phase two is to modify our own types to go through that dynamic port forwarder.
For now, we need to figure out the best way to handle your scenario with existing features. The most "seamless" method would be to have for each machine a pair of entries, the SSH tunnel and the RDP session that uses it. Since our Sync family creates a single entry for each host, we will need to process a whole folder to add or adapt a bunch of entries. All I can think of is a powershell script.
I can envision a few scenarios, but first we will need to confirm my understanding, second a little time to collaborate on this.
Please share your thoughts and Ideas.
Best regards,
Maurice
After fiddling with this for a little bit more, I have realised I have overcomplicated everything.
I have managed to perform the AD sync using the tunnelled ldap connection and changing the connection hostname to fqdn. I have applied the RDP template which creates the VPN connection to force localhost and use the $HOST$ variable to connect using fqdn.
I didn't realise the fqdn would work once connected to the ssh tunnel for dns lookups. This is why I was initially lost.
All sorted now.