Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 07-30-2019, 11:00 PM
dverbern dverbern is offline
Registered User
 
Join Date: Mar 2019
Posts: 28
VShell Connection Filter - what exactly does "Test filter" do?

Using VShell 4.04. Within Connection Filter screen, at bottom there is a "Test filter" area, where I can input either an IP or hostname and hit a "Test..." button. Today we've had a situation where a 3rd party was unable to connect to us and as a troubleshooting step, I input the IP that I knew this 3rd party connected from into this "Test filter" and hit the "Test" button and it returned "Access denied. Reverse IP lookup failed".

Fast forward a few minutes and when I test that same IP again I'm now getting the expected result, "Access allowed".

I entirely grant that this sounds like an issue within our environment, but I would like to know what VShell is doing under the hood when it determines whether the IP or hostname being entered into the "Test Filter" will return the "Access allowed" or "Access denied" responses.
Reply With Quote
  #2  
Old 07-31-2019, 12:57 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,024
Hi dverbern,
Quote:
...but I would like to know what VShell is doing under the hood when it determines whether the IP or hostname being entered into the "Test Filter" will return the "Access allowed" or "Access denied" responses.
It's a developer question. It may take a few days to get an answer.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by jdev; 07-31-2019 at 01:13 PM.
Reply With Quote
  #3  
Old 07-31-2019, 10:07 PM
dverbern dverbern is offline
Registered User
 
Join Date: Mar 2019
Posts: 28
Thank you Brenda, I would appreciate an answer, only because I've had some experiences of seemingly being unable to contact some 3rd parties via IP or hostname, then sometimes a short time later, I can and I don't have a ready explanation.

Here's another weird one - again, I can't guarantee this isn't our environment, but just say I type in an IP x.x.x.x in the Test field in the Connection Filter in VShell and hit Test - I've found that for a particular IP I'm testing at the moment, if I enter the IP properly (without any whitespace after it) it fails the test with "Access denied. Reverse IP lookup failed", whereas if I add at least one character of whitespace at the end of that same IP and hit Test, it succeeds, with "Access allowed". Seems strange.
Reply With Quote
  #4  
Old 08-01-2019, 08:45 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,024
Hi dverbern,
Quote:
...but just say I type in an IP x.x.x.x in the Test field in the Connection Filter in VShell and hit Test - I've found that for a particular IP I'm testing at the moment, if I enter the IP properly (without any whitespace after it) it fails the test with "Access denied. Reverse IP lookup failed", whereas if I add at least one character of whitespace at the end of that same IP and hit Test, it succeeds, with "Access allowed".
I do not see that in VShell 4.4.3, the current, official release. In fact, I get the opposite results. Adding a trailing space causes Access denied, just the IP address succeeds.

VShell 4.0.4 is pretty old (circa 2013). Why haven't you upgraded?

What problem is it you are trying to solve? Perhaps there have been enhancements since v4.0.4 that would aid in that objective.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 08-01-2019, 05:16 PM
dverbern dverbern is offline
Registered User
 
Join Date: Mar 2019
Posts: 28
Hi Brenda,

Thanks for testing, must be an issue limited to this older version we have. You're right, there may be benefits in us upgrading. I'm actually not certain how to proceed with an upgrade.

We have a large number of file exchanges depending on VShell and my original plan was to gradually document each of these exchanges, specifically record the actual authentication mechanisms used by each. I was then going to be able to quickly see whether any of those mechanisms was turned off by default (or not present ?) within newer VShell version, indicating where we might need to liaise with 3rd parties to give them time to adopt newer algorithms.
Reply With Quote
  #6  
Old 08-02-2019, 08:23 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,024
Hi dverbern,

I would say contact support@vandyke.com directly. We would want to check the OS to determine what version you can install, etc.

All our products are designed to upgrade in-place, over the top, but you will likely want to backup the config first and we can provide some guidance to that.

But, it does not hurt to have a link to some resources here:

Exporting and Importing the VShell for Windows Configuration

Upgrading VShell for Windows

Moving VShell for Windows to a Different Server

And also list a few bullet points of changes in each version:

*Security enhancements
Version 4.1:
  • SFTP trigger action
  • User group support for internal database
  • Support for ECDSA host keys*
  • Support for ECDH key-exchange algorithms*

Version 4.2:
  • VShellConfig in control panel
  • X.509 support per RFC 6187
  • FTPS client certificate authentication
  • Ability to generate 4096 bit key size*

Version 4.3:
  • LDAP support
  • Support for chacha20-poly1305@openssh.com authenticated encryption cipher*
  • Windows Server 2016 support

Version 4.4:
  • HTTP/HTTPS support (requires licenses at an additional cost)
  • Allow/deny certain SFTP commands (ie: RMDIR, REMOVE, RENAME, etc.)
  • SFTP virtual roots
  • Unix: Internal User Database support
  • Added support for the SHA2-512-EtM and SHA2-256-EtM MAC algorithms*
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 08-15-2019, 11:47 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,024
Hi dverbern,
Quote:
...but I would like to know what VShell is doing under the hood when it determines whether the IP or hostname being entered into the "Test Filter" will return the "Access allowed" or "Access denied" responses.
I have the info you requested, but cannot post it in the public forums. Please send an email to support@vandyke.com and use Attn Brenda - Forum Thread #13834 in the subject line.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:23 AM.