Making a WANRay

The basic problem that I had was to get my SunRay client working from home.  With this is place, I could simply take my smart card and resume work at home.  Plus, I would get the added benefit of appearing to be on-campus and would avoid all of the headaches of transferring files/etc. In other words, make the rumored WANRay from Sun without actually waiting for Sun to come out with a WAN-friendly thin client.

My setup

• WAN: Cable modem via ComCast
• NAT: NetGear MR314 wireless switch/router
• LAN: 2 computers, TiVO, thin client
  • Gateway (Windows XP), Dual-proc x86 (Linux), SunRay 1g
• SunRay server
  • 4-way load balanced SunRay Server 2.0, Solaris 9, Sun v210

   

  Host	Description	IP
  - None (internal private LAN)	NAT box	24.7.249.XXX (WAN - ComCast) 192.168.1.1 (LAN)
  - None (internal private LAN)	RedHat Linux Box	192.168.1.50 (fixed)
  - None (internal private LAN)	Windows XP box	192.168.1.15 (fixed)
  - None (internal private LAN)	SunRay thin client	192.168.1.100 (fixed)
  Optimus.cse.nd.edu, Jetfire.cse.nd.edu, Blaster.cse.nd.edu, Ironhide.cse.nd.edu	SunRay servers	129.74.XXX.XXX (Notre Dame network)

 

Problem 1: Identifying the server to the thin client

The first problem to overcome is how to get the SunRay to figure out about the server.  With the SunRay having not only overcome a NAT but also being considerable hops away from the server, the standard bootp/discovery option was just plain out.  Hence, I would need to set up a DHCP server to fan out the SunRay options correctly. 

Unfortunately, the SunRay server manual is a bit less than clear on how to do this.  It lists the options but basically states in a nutshell that “Encapsulated options are hard, good luck.  For my case where I only admin my own cluster of boxes in my lab, this left quite a bit to be desired.   

After a bit of searching, I finally located an example dhcpd.conf that would properly distribute the SunRay client info.  While the firmware revision is of course off, this is a huge step in the right direction, leaving me only to fill in my server IP address.

======= Example dhcpd.conf for SunRay client ========

ddns-update-style ad-hoc;

deny unknown-clients;

allow bootp;

subnet 192.168.1.0 netmask 255.255.255.0 {

    authoritative;

     host SunRay-NDSS-2 {

          hardware ethernet XX:XX:XX:XX:XX:XX;

          fixed-address  192.168.1.180;

          netmask 255.255.0.0;

     }

}

option space SUNW-NewT;

option SUNW-NewT.AuthSrvr code 21 = ip-address;

option SUNW-NewT.AuthPort code 22 = unsigned integer 16;

option SUNW-NewT.NewTVer code 23 = text;

option SUNW-NewT.LogHost code 24 = ip-address;

option SUNW-NewT.LogKern code 25 = unsigned integer 8;

option SUNW-NewT.LogNet code 26 = unsigned integer 8;

option SUNW-NewT.LogUSB code 27 = unsigned integer 8;

option SUNW-NewT.LogVid code 28 = unsigned integer 8;

option SUNW-NewT.LogAppl code 29 = unsigned integer 8;

option SUNW-NewT.FWSrvr code 31 = ip-address;

option SUNW-NewT.Intf code 33 = text;

class "vendor-classes" {

  match option vendor-class-identifier;

}

subclass "vendor-classes" "SUNW.NewT.SUNW" {

  vendor-option-space SUNW-NewT;

  option SUNW-NewT.AuthSrvr XXX.XX.XX.XXX;

}

The key points that you would need to customize are:

• The netmask/subnet and the Ethernet address of the client. 
• Authoritative must be present to override any other DHCP clients.
• Change the AuthSrvr and Routers option appropriately.

To get a DHCP server running, you can choose a couple of options.  I used the stock RedHat Linux DHCP server for testing:

%dhcpd -d

The -d flag puts you into debug mode (quite helpful).  I also got DHCP running under Cygwin in Windows [Link].  This is a bit trickier as you need to apply a patch but this also worked just fine.  The key is that the SunRay simply needs to find the server, once it knows about the server, it will do just fine.

Problem 2: Having the server let you in

The actual process of having the server respond is pretty easy once you get past the first step.  In order for the server to respond, you will need to add rules in your firewall (optional) and update the SunRay server response. I am not sure if this step is mandatory but I did it anyway.

%/opt/SUNWut/sbin/utadm -A 67.163.4.0

 

Update: This step is not mandatory after further testing.

For the firewall, I am using SunScreen 3.2.  I simply needed to add a rule to allow communication from that specific IP address.

%ssadm edit Initial

> add address SunRay-Home 67.163.4.225

 

> add rule * SunRay-Home self ALLOW COMMENT “SunRay traffic from home”

 

Move the new rule in front of the deny rule.

> move rule X Y

 

> ssadm save

> quit

%ssadm activate Initial

Voila, the traffic should not reach the server.  However, all is not quite well as the NAT is now our last hurdle to overcome.

Problem 3: Traffic from the client to the server (NAT)

To finish up, place the thin client in the DMZ on the client and the standard SunRay login screen should pop up.

Performance Issues

• Do not do anything graphic-intensive.  If you think it is bad on the LAN, the WAN only makes it worse.  Mozilla is barely tolerable running on GNOME 2.0.
• Audio stream does work but packets are dropped occasionally.  I was able to stream an mp3 to the box without any considerable issues.

Other Notes

After a few more months of operation, I can add a few more tidbits to this info.

Last updated June 1, 2004 by striegel@cse.nd.edu