This section describes a number of NetServer runtime commands. The following details are available:
Typically the Netserver is installed in the iPass Product Directory /usr/ipass/netserver/ by version. The <NS_HOME> is linked to the running product version using a current_version symbolic link. e.g.
NS_HOME = "/usr/ipass/netserver/current_version"
To start the NetServer manually:
To stop NetServer:
You can also stop the NetServer by using the kill command:
To restart (stop and then start) NetServer:
You can also perform many runtime functions by using the tool ns_command, in the <NS_Home>/bin directory. ns_command can only be used locally, not remotely.
Usage: ns_command.csh <options>
Where your options are:
Note: For any KeyStore changes the NetServer restart is required to take effect.
NetServer has a help tool, found in your <NS_Home>/bin directory, which you can use to get information on the configurable properties in the ipassNS.properties file.
To list all server properties, run: ipassconfig.csh -listall
To describe usage of a property, run: ipassconfig.csh -help <property name>
There are several important log files associated with NetServer operations. netserver.trace, located in <NS_Home> contains daily traffic statistics, including:
The amount of debugging output in netserver.trace can be controlled by changing the value of the DebugLevel property. The range for this value is 0 to 5 (inclusive), where 0 produces the least amount of output, and 5 produces the highest.
Debug Level | Logging Output |
---|---|
0 | Only severe problems logged. |
1 | Error messages. |
2 | Error and Debug messages. |
3 | Error, Debug, and Packet parsing information. |
4 | Error, Debug, Packet parsing, and Packet dumping. |
5 | Detailed Packet and Debug information. |
iPass recommends a debug level of 3 in a production environment.
Log File Deletion
A DebugLevel of 5 produces a great deal of output. This can cause the NS.trace file to grow very large, and may slow the processing time of the NetServer. To control this, you can set log files to be deleted after a specified period of time.
You can check your NetServer version by running the Get Version tool.
To check your NetServer version, in <NS_Home>/bin, run ns_get_version.csh.
NetServer can be configured to periodically poll the iPass update server for the latest version of NetServer, and then automatically install it.
If AutoUpdate is enabled, NetServer will check for any updates to NetServer, download and install them automatically, then restart.
This is the weekly time of day at which NetServer will check for any updates.
In addition to software updates, NetServer will periodically poll the iPass update server for the most current list of iPass transaction servers. The file is called TCList. If there is a change to the list, the new servers will automatically be added to the list in ipassNS.properties. This feature is enabled automatically and does not need to be set.
KeyStoreProperty is an optional attribute for IpassServer. If only one NS keystore has been provisioned, the attribute is not required. If there are multiple ns-type keystores available, this attribute should be included to indicate the “initial” keystore to use.
If KeyStoreProperty is not configured for an IpassServer with multiple keystores, then the NetServer will perform KeyStore failover logic based on the configuration number sequence order of KeyStoreType=“ns” in order to match it with one acceptable to the iPass Transaction Server. For example in ipassNS.properties Ipassservers configured and Keystores list as:
IpassServer1=IpAddress=<server ip>,Port=<server host> IpassServer2=IpAddress=<server ip>,Port=<server host> KeyStore1=KeyStoreType=eap,KeyStorePath=$ipass.server.home/certs/eapserver.keystore,KeyPassword=UfGjld0YWEUjEIZUnNvIsA==,KeyStorePassword=UfGjld0YWEUjEIZUnNvIsA== KeyStore2=KeyStoreType=ns,KeyStorePath=/usr/ipass/netserver/current_version/certs/ns1.keystore,KeyAlias=ns,CertAlias=ipassca,Salt=iPassNS,KeyPassword=XPavlIhNARgjEIZUnNvIsA==,KeyStorePassword=XPavlIhNARgjEIZUnNvIsA== KeyStore3=KeyStoreType=ns,KeyStorePath=/usr/ipass/netserver/current_version/certs/ns3.keystore,KeyAlias=ns,CertAlias=ipassca,Salt=iPassNS,KeyPassword=Vu6viZxGH30jEIZUnNvIsA==,KeyStorePassword=Vu6viZxGH30jEIZUnNvIsA== IpassServer1 tries to make connection with TServer using KeyStore2 ('ns' type keystore appearing 1st in the list).If fails to make connection due to SSL handshake error with KeyStore2 it then routes to KeyStore3. All KeyStores will be iterated in Round Robin manner.If in ipassNS.properties Ipasservers are configured as : IpassServer1=IpAddress=<server ip>,Port=<server host>,KeyStore1=KeyStore3
In this case, IpassServer1 tries to make connection with TServer using KeyStore3 (as it is configured with IpassServer1).If fails to make connection due to SSL handshake error with KeyStore3 it then routes to KeyStore2 then again to KeyStore3.