Updates from October, 2009 Toggle Comment Threads | Keyboard Shortcuts

  • Andrew T Schwab 7:56 pm on October 27, 2009 Permalink | Reply
    Tags: FQDN, hostname, Network Bindings, OpenVPN, resolve, Untangle,   

    Untangle OpenVPN client stops resolving FQDNs in Windows 7? 

    We use the OpenVPN module in the Untangle Open Source Network Gateway for remote access at our school district.   Everything had been working flawlessly for over a year until suddenly right before I was set to leave for a two day conference, I turned on my Windows 7 RC1 Acer Aspire One netbook, fired up the OpenVPN GUI client and then proceeded to fail at connecting to my remote clients using RDP.    I immediately checked my desktop Windows 7 RC1 install and found the same problem.  Long story short, somehow I had lost the ability to resolve my hostnames  to their correct private IP addresses while connected to the VPN.  The work around for my trip was to connect using IP addresses, which I duly noted before leaving.

    Upon my return I decided to troubleshoot the problem.  I was able to rule out a server side issue because 1) no settings had changed since the last time it worked and 2) my Hackintosh OS X desktop system running the OpenVPN client Viscosity worked just fine.  So to rule out my netbook as the culprit, I dusted off my old Dell Inspiron 6400 laptop, which is also running Windows 7 RC1, and tried the OpenVPN GUI client on it.  I got the same frustrating thing, the VPN client connected fine, I just couldn’t resolve my internal DNS names correctly.  I was wondering if this was a problem with the OpenVPN client I was running (2.1rc15) or what else could have possibly changed on both these systems to have this affect.  I decided to try my last instance of Windows 7 RC1 and so fired up Virtual Box on my Hackintosh, started OpenVPN GUI and was pleasantly surprised to connect right away with RDP using my internal hostnames (fully qualified, of course).

    Now I knew it was something with Windows 7 on both my desktop, netbook and laptop.  But what could be affecting all three?  Many moons ago, Windows used to have odd problems associated with NIC binding orders.  I happened to notice in the ipconfig dump on the Virtual Box host that the TAP-Win32 adapter was listed first and as this was the NIC with the correct DNS settings to resolve my internal hostnames it looked like something I should check on the other systems.  Sure enough the desktop, netbook and laptop all had the TAP NIC listed in second place when I ran ipconfig /all.  Ah ha!  A quick google search for how to change Windows 7 NIC bindings (not where it used to be) turned up this gem from dillonator:

    Get to the Network Connections page under the control panel. (If you’re looking at the Network and Sharing Center, click on Change Adapter Settings.) Now hit the “alt” key and you should see the menu pop up. Click on Advanced and you should know where you’re going from there

    I love the fact that you have to press the ALT key to see the advanced settings options.  After moving my TAP-Win32 adapter (Local Area Connection 3) on my desktop to the top of the Connections list I was once again able to RDP into my remote hosts using their fully qualified domain names (FQDN).

    NIC Bindings

    I have no idea why or how the binding orders on three of my four Windows 7 RC1 installations changed or why my Virtual Box host was unaffected but I am happily VPNing with OpenVPN once more.   Any ideas on how this might have happened, please leave a comment.  Thanks.

     

    • Martin 12:32 am on May 4, 2011 Permalink | Reply

      Strange, I’ve got the same problem but from an opposite angle: I do NOT distribute DNS servers in the OpenVPN configuration, I rely on the DNS config given from the DHCP server since all host information is public in my case.

      If I check the different adapters the Ethernet interface got DHCP config on it and the TAP interface has no DNS configuration.

      If I use nslookup I got proper answers.
      If I connect via ip addresses to both public services and the private ones that is routed through the tunnel all works fine but if use “ping” or any client that relies on the system resolver libraries then all DNS queries fails.

      I followed this guide and changed adapter priority but no luck.
      I worked around the problem by giving out DNS info on the TAP interface but it is annoying.

      The Linux and OSX boxes works fine whitout this trick.

  • Andrew T Schwab 8:07 pm on October 21, 2009 Permalink | Reply
    Tags: , , extending the school year, motivation, pay for performance, , teacher,   

    Calling for more change, really? 

    U.S. Secretary of Education Arne Duncan is calling for a change in how perspective Teachers are taught in our nation’s schools of education.  I am a big fan of change and think it is great that the Secretary is addressing one of the foundations of the American Education System.  Not having gone through one of these schools of education myself however leaves me perhaps missing the point.  Any change in these institutions is not going to have a real effect for several years to come and it will do nothing to address the plight of the current generation of teachers now serving in the nation’s classrooms not to mention their students.

    So let me jump outside the box and offer a more radical prescription for change.  I think everyone agrees that while there are a myriad of factors that can affect student learning, teachers have the potential to have the most impact.  I also know that Duncan is pushing for pay for performance as a means to possibly motivate good teachers and move out “bad” ones.  Watch Dan Pink’s TED talk about the Science of Motivation and tell me you still think pay for performance is a good idea for the 21st Century.

    I don’t think pay is the issue but it makes for good politics.  So how then do you get all teachers to do better?  I think the answer is simple and yes, it will cost money.  What good teachers need is more time to prepare and collaborate with one another.  What struggling teachers need is more help and support (basically more time).  In a world where 50 minutes out of 450 is spent on “prep” and you are lucky to get 5 days of professional development a year, how can anyone be expected to keep their head above water, let alone master their profession and impact students without being an extraordinary person.  I think we’ve built failure into the system at a fundamental level.

    If it takes extraordinary effort to be a great teacher, how can one realistically expect every teacher to be great.  We can’t all be Teacher’s of the Year.  So changing the schools of education won’t make every graduate a great teacher (not that they shouldn’t change for other reasons but lets stay focused here).  I think one of Secretary Duncan’s other ideas, the longer school day/year, does have merit.  Extending the school day and year could address several issues if done right.  Dedicating some of that additional school time for teachers to develop their skills and adjust their instructional strategies and curriculum would help all teachers (and students); both the great and the mediocre.  More time for collaboration would also allow for implementing innovations like Danny Silva’s idea for 20% time in class which are now next to impossible given the lack of planning time in today’s system.  More hours at school would also have the added benefit of addressing pay, because no one should expect teachers to work additional days for free even though to be successful in the current system you absolutely have to.

    But how does extending the school day/year address the problem of the teacher that just won’t put in the effort?  I think just the additional work time would weed out a subset of teachers.  Add to that the requirement of continuous professional and course/curriculum development (a metric less subjective than observation) and you’ll start to see the bulk of the coasters and survivors drop away.  The institution of school has provided cover for under performing teachers (and administrators to be perfectly honest) because it does not promote (as a general rule) the development of teachers as professionals.  It is easier to hide away in a classroom for years teaching the same thing the same way than it is to improve, grow and change.  And everyone knows most of us are predisposed to take the easy route.

    As a second year VocEd teacher that came to the profession in a round about way, I can honestly say that teaching is the hardest job I’ve ever had.  And by hard I mean it tests me in new ways every day.  It forces me to think, to be creative and to challenge my preconceived notions on a daily basis.  I don’t know if this is sustainable in the long run, but I sure hope it is.  What I am proposing is a change so radical it calls for taking away the easy option and treating teachers like the professionals they should be.  If we are trying to build an education system for the next century, which I believe we should be doing, according to Dan Pink, the focus should be on empowering teachers through autonomy, mastery and purpose.  In that kind of environment, mediocrity and apathy cannot survive.  Pay has nothing to do with it.

     

  • Andrew T Schwab 2:42 pm on October 21, 2009 Permalink | Reply
    Tags: cloud computing,   

    Platform or Service, is Google the next Intel? 

    I recently watched the Triumph of the Nerds (again) and was struck by the role Intel played in the development of the PC market.  Intel developed microprocessors and dominated the market but they were not the ones that developed the PC, arguably the most important device ever to utilize their chips.  Intel built a platform (the x86 microprocessor) that enabled Apple and IBM to basically invent the PC market (sorry Ed Roberts).  Of course Intel didn’t do too bad either.  Until AMD came along they were the dominate chip maker, so much so that AMD basically copied their x86 architecture and made Intel compatible microprocessors.

    So what does all this have to do with Google?  Well, as a user of Google services such as gmail, reader and search I think it is easy to mislabel Google as a services company.  While it is true that many of their services do compete directly with Microsoft or Yahoo, Google is more than just a collection of services.  Take a look at their ingenious server rack design or their data center in a box and you can see their vision of platform.  Google’s very own microprocessors if you will.  Google has built a huge platform, a Google OS, on top of which they run search and many other services.

    Just as Intel has influenced the PC industry with their innovative chip designs and allowed for the explosive potential of the desktop computer, so too I believe will Google’s innovative interconnected processing platform have a huge impact on the future of computing for decades to come.  I think we have yet to see the Apples and IBMs emerge that will take advantage of the Google platform in the same way the PC did Intel processors but with the introduction of Google Wave as an open standard, I think it is only a matter of time until we do.

    And what of Microsoft in all this?  They are going to be late to the party as usual.

     

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: