KevinIsaacson603951

Use the client through a proxy or ssh tunnel

Discussion created by KevinIsaacson603951 on Jan 8, 2015
Latest reply on Jan 9, 2015 by Jennifer_Jinhong_34
We have some major new security restrictions coming here and soon we won't be able to make direct connections from our desktop systems to the UC4 application servers.  I'm trying to figure out a way to tunnel client connections through an ssh tunnel via one of our secure bastion hosts.  I'm able to create the ssh tunnel and change the client uc4config.xml file to point it at the tunnel on my localhost.

 I just use this line in uc4config.xml:
cp ip="localhost" port="2210"
 And it establishes the initial gui connection to port 2210 on my localhost, which then gets tunneled through our secure bastion server and to the UC4 app server.  Awesome! Unfortunately this isn't the final connection.  The CP that I've connected to responds with a new CP and port to use, and includes the fqdn of my app server.  The client then disconnects and establishes it's final connection directly to my app server using the connection info that the CP gave it, thus bypassing the secure tunnel.  This is going to be a problem once the new firewall restrictions take effect in a few weeks. So, I need a way to force client connections to stay with the first CP they connect to.  Does anybody know of a way to do this?

Outcomes