iPass Help
 
 
 

Running NetServer

This section describes a number of NetServer runtime commands. The following details are available:

Start NetServer

Typically the Netserver is installed in the iPass Product Directory /usr/ipass/netserver/ by version. The <NS_HOME> is linked to the running product version using a current_version symbolic link. e.g. 

   NS_HOME = "/usr/ipass/netserver/current_version"

To start the NetServer manually:

  1. Change directory to: <NS_Home>/bin
  2. Type: ./netserverd start

Stop NetServer

To stop NetServer:

  1. Change directory to: <NS_Home>/bin
  2. Type: ./netserverd stop

Kill NetServer

You can also stop the NetServer by using the kill command:

  • <NS_Home>/bin/netserverd kill. However, unlike the regular stop, this is a non-graceful stop and will immediately shut down any processes without closing them. It will also end all NetServer processes on the host, not just for the single NetServer. Only use the kill command if stop does not work.

Restarting NetServer

To restart (stop and then start) NetServer:

  1. Change directory to: <NS_Home>/bin
  2. Type: ./netserverd restart

ns_command

You can also perform many runtime functions by using the tool ns_command, in the <NS_Home>/bin directory. ns_command can only be used locally, not remotely.

Usage: ns_command.csh <options>

Where your options are:

  • shutdown: Causes the server to shutdown.
  • restart: Causes the server to restart.
  • software_update: Causes the server to do a software update.
  • reload_config: Causes the server to reload many (but not all) of the properties from the ipassNS.properties file. These are:
    • AutoUpdate flag, used to enable/disable automatic software update.
    • AAA Servers (AuthServer and AcctServer properties)
    • Log Rotation parameters.
    • DebugLevel of server.
    • For a complete reload, you should use the -restart switch.
  • dump_queue: Causes the server to dump the queue elements to a file.
  • version: Prints the server version.
  • file_upload: Uploads the file named to the upload server.
  • force_log_rotation: Causes the server to rotate/backup its log file.
  • sslc version: Print the version of the SSL-C Library.

Note: For any KeyStore changes the NetServer restart is required to take effect.

Help

NetServer has a help tool, found in your <NS_Home>/bin directory, which you can use to get information on the configurable properties in the ipassNS.properties file.

To list all server properties, run: ipassconfig.csh -listall

To describe usage of a property, run: ipassconfig.csh -help <property name>

Log Files

There are several important log files associated with NetServer operations. netserver.trace, located in <NS_Home> contains daily traffic statistics, including:

  • time
  • number of authorization requests, accepts, challenges and rejections
  • number of cache hits
  • number of accounting starts, stops and updates.
  • number of proxy requests
  • The nsdownload.trace file, located in <NS_Home>/logs, records software download activities. It also contains the number of pending or corrupted accounting files on the local NetServer system.
  • nsfailurecount: This log records any connection failures between NetServer and Transaction Servers and can help track which Transaction Servers have poor connectivity rates. (These messages will continue to also be logged in the netserver.trace file.) Connection failure messages only appear at DebugLevel=1 or greater. The TraceLogRotation properties will control when the file is backed up.

DebugLevel

The amount of debugging output in netserver.trace can be controlled by changing the value of the DebugLevel property. The range for this value is 0 to 5 (inclusive), where 0 produces the least amount of output, and 5 produces the highest.

Debug Level Logging Output
0 Only severe problems logged.
1 Error messages.
2 Error and Debug messages.
3 Error, Debug, and Packet parsing information.
4 Error, Debug, Packet parsing, and Packet dumping.
5 Detailed Packet and Debug information.
  • Property: DebugLevel
  • Default Value: 0

iPass recommends a debug level of 3 in a production environment.

Log File Deletion

A DebugLevel of 5 produces a great deal of output. This can cause the NS.trace file to grow very large, and may slow the processing time of the NetServer. To control this, you can set log files to be deleted after a specified period of time.

  • Property: LogDirFileDeletionAge
  • Default Value: 180 <days>

Get Version Tool

You can check your NetServer version by running the Get Version tool.

To check your NetServer version, in <NS_Home>/bin, run ns_get_version.csh.

Automatic Software Updates

NetServer can be configured to periodically poll the iPass update server for the latest version of NetServer, and then automatically install it.

AutoUpdate

If AutoUpdate is enabled, NetServer will check for any updates to NetServer, download and install them automatically, then restart.

  • Default Value: No
  • Valid Range: Boolean

UpdateInterval

This is the weekly time of day at which NetServer will check for any updates.

  • Default Value: Monday 02:00
  • Valid Range: <any day> <24 hour time>
  • To enable: set AutoUpdate to Yes.

Transaction Center List Update

In addition to software updates, NetServer will periodically poll the iPass update server for the most current list of iPass transaction servers. The file is called TCList. If there is a change to the list, the new servers will automatically be added to the list in ipassNS.properties. This feature is enabled automatically and does not need to be set.

KeyStore Failover/Retrieval

KeyStoreProperty is an optional attribute for IpassServer. If only one NS keystore has been provisioned, the attribute is not required. If there are multiple ns-type keystores available, this attribute should be included to indicate the “initial” keystore to use.

If KeyStoreProperty is not configured for an IpassServer with multiple keystores, then the NetServer will perform KeyStore failover logic based on the configuration number sequence order of KeyStoreType=“ns” in order to match it with one acceptable to the iPass Transaction Server. For example in ipassNS.properties Ipassservers configured and Keystores list as: 

IpassServer1=IpAddress=<server ip>,Port=<server host>
IpassServer2=IpAddress=<server ip>,Port=<server host>

KeyStore1=KeyStoreType=eap,KeyStorePath=$ipass.server.home/certs/eapserver.keystore,KeyPassword=UfGjld0YWEUjEIZUnNvIsA==,KeyStorePassword=UfGjld0YWEUjEIZUnNvIsA==
KeyStore2=KeyStoreType=ns,KeyStorePath=/usr/ipass/netserver/current_version/certs/ns1.keystore,KeyAlias=ns,CertAlias=ipassca,Salt=iPassNS,KeyPassword=XPavlIhNARgjEIZUnNvIsA==,KeyStorePassword=XPavlIhNARgjEIZUnNvIsA==
KeyStore3=KeyStoreType=ns,KeyStorePath=/usr/ipass/netserver/current_version/certs/ns3.keystore,KeyAlias=ns,CertAlias=ipassca,Salt=iPassNS,KeyPassword=Vu6viZxGH30jEIZUnNvIsA==,KeyStorePassword=Vu6viZxGH30jEIZUnNvIsA==

IpassServer1 tries to make connection with TServer using KeyStore2 ('ns' type keystore appearing 1st in the list).If fails to make connection due to SSL handshake error with KeyStore2 it then routes to KeyStore3. All KeyStores will be iterated in Round Robin manner.If in ipassNS.properties Ipasservers are configured as :
IpassServer1=IpAddress=<server ip>,Port=<server host>,KeyStore1=KeyStore3

In this case, IpassServer1 tries to make connection with TServer using KeyStore3 (as it is configured with IpassServer1).If fails to make connection due to SSL handshake error with KeyStore3 it then routes to KeyStore2 then again to KeyStore3.

Go to: Other Product Documents > NetServer Admin Guide

 

©2015 iPass Inc. All rights reserved. Terms of Use