The error similar to that that I am thinking of would indicate that the
ip address of your client machine does not fall into the scheme laid out
in your pg_hba.conf. Most likely you need to add your home machines ip
into the pg_hba.conf (or open up one of the existing entries to include
the machine your connecting from)

HTH

Robert Treat

Thanks Robert!

I did that as well and still didn't work. Any other ideas?

-----Original Message-----
From: Robert Treat [mailto:***@users.sourceforge.net]
Sent: Friday, May 21, 2004 4:41 PM
To: ***@ameritrade.com
Cc: pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf
though
an
The error similar to that that I am thinking of would indicate that the
ip address of your client machine does not fall into the scheme laid out
in your pg_hba.conf. Most likely you need to add your home machines ip
into the pg_hba.conf (or open up one of the existing entries to include
the machine your connecting from)

HTH

Robert Treat

Yes I can ping the server if not connected via VPN.

I'm using EMS PostgreSQL Manager, which works if not via VPN.

Yes, postgresql.conf's tcpip_socket = true.

The log says: FATAL: No pg_hba.conf entry for host 10.29.15.113, user
postgres, database TEST.

Thanks for your help!

Regards,
- Lily Anne


-----Original Message-----
From: Robert Treat [mailto:***@users.sourceforge.net]
Sent: Friday, May 21, 2004 8:04 PM
To: ***@ameritrade.com
Cc: pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

can you ping the server that postgresql is living on? or maybe your
misrepresenting the error message... what program are you using to try
and
connect? can you verify that tcpip_sockets is turned on the server?
also, if
it is a database problem there will be an exact error message being
reported
in the logs of type FATAL, can you send us that?

Robert Treat
the
out
include

Thanks Mike!

I already specified the IP address that was specified by my VPN
connection. I read through the docs and found nothing about anything
special with VPN connections.

Regards,
- Lily Anne

-----Original Message-----
From: Mike G [mailto:***@thegodshalls.com]
Sent: Monday, May 24, 2004 10:23 PM
To: ***@ameritrade.com
Cc: ***@users.sourceforge.net; pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

Your ip address range is probably different when connecting via a VPN
rather than in the office. By default postgres will not allow
connections from other locations even if tcpip_socket is true without
specifying an ip address range, database etc.

Checkout the docs. There is a section on pg_hba.conf.

Mike
try
getting
ip
broadcast)---------------------------
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Yes sir, did that, too.

Thanks,
- Lily Anne

-----Original Message-----
From: Tom Lane [mailto:***@sss.pgh.pa.us]
Sent: Tuesday, May 25, 2004 10:50 AM
To: ***@ameritrade.com
Cc: ***@thegodshalls.com; ***@users.sourceforge.net;
pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf
This is a long shot, but ... did you remember to SIGHUP the postmaster
after editing pg_hba.conf to allow that IP address?

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

That line certainly ought to match your connection. I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file. (The right copy is
$PGDATA/pg_hba.conf.)

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

Um, I restarted postmaster so many times already after I made the entry
and this is the only pg_hba.conf file in our server (you're right,
$PGDATA/pg_hba.conf). It's a brand new server that had just been built.

Have you tried connecting to your pgSQL server via VPN?

Thanks!

-----Original Message-----
From: Tom Lane [mailto:***@sss.pgh.pa.us]
Sent: Tuesday, May 25, 2004 2:51 PM
To: ***@ameritrade.com
Cc: ***@users.sourceforge.net; ***@thegodshalls.com;
pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf
That line certainly ought to match your connection. I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file. (The right copy is
$PGDATA/pg_hba.conf.)

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ***@postgresql.org

Or it might be a security issue with how our VPN is setup. I'll talk to
our security folks and see what they will find.

Thanks!



-----Original Message-----
From: Sanchez, Lily
Sent: Tuesday, May 25, 2004 2:55 PM
To: 'Tom Lane'
Cc: ***@users.sourceforge.net; ***@thegodshalls.com;
pgsql-***@postgresql.org
Subject: RE: [ADMIN] pg_hba.conf

Um, I restarted postmaster so many times already after I made the entry
and this is the only pg_hba.conf file in our server (you're right,
$PGDATA/pg_hba.conf). It's a brand new server that had just been built.

Have you tried connecting to your pgSQL server via VPN?

Thanks!

-----Original Message-----
From: Tom Lane [mailto:***@sss.pgh.pa.us]
Sent: Tuesday, May 25, 2004 2:51 PM
To: ***@ameritrade.com
Cc: ***@users.sourceforge.net; ***@thegodshalls.com;
pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf
That line certainly ought to match your connection. I think this has
got to be pilot error: either you didn't SIGHUP the postmaster or you
are editing the wrong copy of the file. (The right copy is
$PGDATA/pg_hba.conf.)

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

That's your VPN's end-to-end/network-to-network connectivity. It has
nothing to do with PostgreSQL at all.

(Note: Please do NOT copy me on replies. I do read the mailing
list.)

Jim

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Thanks Mike!

Do you know if pgSQL will be supporting higher level of encryption in
the near future? Most of us here at Ameritrade work from home via VPN.


-----Original Message-----
From: mike g [mailto:***@thegodshalls.com]
Sent: Wednesday, May 26, 2004 12:51 AM
To: ***@ameritrade.com
Cc: ***@users.sourceforge.net; pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

Hello,

I believe I found my problem. The Cisco VPN client I use encrypts data
at a 168 bit level. Postgres only supports up to 128 bit correct?

Mike
after
VPN
without
user
your
to
server?
being
even
that
laid
machines
broadcast)---------------------------
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

Thanks so much! :)

-----Original Message-----
From: Bruce Momjian [mailto:***@candle.pha.pa.us]
Sent: Wednesday, May 26, 2004 10:56 AM
To: ***@ameritrade.com
Cc: ***@thegodshalls.com; ***@users.sourceforge.net;
pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf
We support SSL so you don't need VPN encryption. However, we should
work with whatever VPN encryption you are already using too.
--
Bruce Momjian | http://candle.pha.pa.us
***@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania
19073

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

Note: Please do NOT Cc: me on replies to the mailing list. I read the
mailing list. One copy of your comments is sufficient. Thank you.
As I told "mike g": pgsql's encryption has *nothing* to do with your
VPN's encryption. I'm running a sort of a VPN, using port-
forwarding over OpenSSH. In fact, from work just now...

From an xterm...
$ ssh -C -c blowfish -2 -L 57001:athome.example.com:5432 athome.example.com

What that command says is to do an SSH login to athome.example.com
and port-forward port 57001 on the local machine to port 5432 on
athome.example.com. The "-C" says to use data compression on the
session. The "-c blowfish" says to encrypt the session using the
Blowfish encryption algorithm.

From another xterm...
$ psql -h 127.0.0.1 -p 57001
Password:
Welcome to psql 7.4.2, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit

jseymour=>

That is the pgsql server on my machine at home.

Now, in my case, it's simplified in that what pgsql sees coming in is
a connection from its own server (localhost), because the connection
is port-forwarded by SSH, rather than routed over a VPN route. But
that's just a technicality. The point I'm trying to make is that
pgsql doesn't care, doesn't even *know*, what the VPN connection
uses for encryption--or even that it *is* encrypted. (Much-less that
my SSH connection travels through an application proxy firewall,
a NAT'd router, and the Lord knows how many routers and other network
equipment on the way.)

Jim

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to ***@postgresql.org)

Hi Mike,

That's exactly how I had mine setup all along:

host all all 10.29.15.0 255.255.255.0 trust

and it just doesn't work via VPN.

Thanks,
- Lily Anne



-----Original Message-----
From: mike g [mailto:***@thegodshalls.com]
Sent: Wednesday, May 26, 2004 11:16 PM
To: ***@ameritrade.com
Cc: pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf

Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host all all 10.15.0.0 255.255.255.0 trust


I was under the impression that the .0 was supposed to be equivalent to
a wildcard entry so that any connection from 10.15 would be able to
connect. This was not so. By changing my pg_hba.conf to this:

host all all 10.15.13.0 255.255.255.0 trust

I was able to connect successfully. The .0 works as a wildcard entry
for the last part but not the one prior.


Hope that helps you.

Mike
in
VPN.
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

(Note: Please do not copy me individually on posts to the mailing
list. I do read the list and don't need two copies. Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)
Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255. Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly. Try
changing the "10.29.15.0 255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Hi Jim,

I apologize, but it seems that this is the first time that I received an
email from you, but I did receive some emails from others about this
issue, which I had been responding to. Or maybe, I'm not subscribed to
the mailing list? I'll check this out and fix it asap.

I will try what you suggested tonight, as soon as I get home.

Thanks so much for your help!

Regards,
- Lily Anne



-----Original Message-----
From: Jim Seymour [mailto:***@linxnet.com]
Sent: Thursday, May 27, 2004 10:03 AM
To: pgsql-***@postgresql.org
Cc: ***@ameritrade.com
Subject: Re: [ADMIN] pg_hba.conf

(Note: Please do not copy me individually on posts to the mailing
list. I do read the list and don't need two copies. Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)
Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255. Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly. Try
changing the "10.29.15.0 255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ***@postgresql.org

Mike,

I think if you set it up like this it would have worked as well:

host all all 10.15.0.0 255.255.0.0 trust

Your netmask was telling it that the first three octets of the IP address
were significant.

Marc Armstrong - Webmaster - Danly IEM - 440-239-7607
***@danly.com - ***@danly.com
AIM: marmstro2 - Jabber: ***@amessage.de


-----Original Message-----
From: mike g [mailto:***@thegodshalls.com]
Sent: Wednesday, May 26, 2004 11:16 PM
To: ***@ameritrade.com
Cc: pgsql-***@postgresql.org
Subject: Re: [ADMIN] pg_hba.conf


Hello,

I finally got it to work and as some have mentioned it was not the
encryption level.

I had setup my pg_hba.conf originally like this:

host all all 10.15.0.0 255.255.255.0 trust


I was under the impression that the .0 was supposed to be equivalent to a
wildcard entry so that any connection from 10.15 would be able to connect.
This was not so. By changing my pg_hba.conf to this:

host all all 10.15.13.0 255.255.255.0 trust

I was able to connect successfully. The .0 works as a wildcard entry for
the last part but not the one prior.


Hope that helps you.

Mike
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html


The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

[snip]
[snip]
This is fixed in CVS. Or you can apply this patch

http://jimsun.linxnet.com/misc/pgsql-7.4.2.patch

to a freshly-extracted 7.4.2 tarball (*before* running configure).

Standard Disclaimer: No warranties, express or implied.

I'm running 7.4.2 on both a Sparc Solaris 7 and a Sparc Solaris 8
machine, with that patch.

Jim

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

Jim said:
Try changing the "10.29.15.0 255.255.255.0" to "10.29.15.0/24", if
you
have a 7.4-series pgsql server, and see if that doesn't work.
IT WORKED! Thanks so much Jim! I'm happily connected from home today...
:)



-----Original Message-----
From: Sanchez, Lily
Sent: Thursday, May 27, 2004 10:12 AM
To: 'pgsql-***@postgresql.org'
Subject: RE: [ADMIN] pg_hba.conf

Hi Jim,

I apologize, but it seems that this is the first time that I received an
email from you, but I did receive some emails from others about this
issue, which I had been responding to. Or maybe, I'm not subscribed to
the mailing list? I'll check this out and fix it asap.

I will try what you suggested tonight, as soon as I get home.

Thanks so much for your help!

Regards,
- Lily Anne



-----Original Message-----
From: Jim Seymour [mailto:***@linxnet.com]
Sent: Thursday, May 27, 2004 10:03 AM
To: pgsql-***@postgresql.org
Cc: ***@ameritrade.com
Subject: Re: [ADMIN] pg_hba.conf

(Note: Please do not copy me individually on posts to the mailing
list. I do read the list and don't need two copies. Thanks.)

(Note2: I did Cc: this to LSanchez as she's yet to respond to any of
my prior comments, so I begin to suspect she's not getting/reading
the mailing list traffic?)
Then I would suggest the server isn't seeing you coming from
10.29.15.0 through 10.29.15.255. Then again: There's been some kind
of bug (?) mentioned lately (only on [certain versions?] of Solaris?)
where "network netmask" doesn't appear to work properly. Try
changing the "10.29.15.0 255.255.255.0" to "10.29.15.0/24", if you
have a 7.4-series pgsql server, and see if that doesn't work.

Jim

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ***@postgresql.org