checkout floating license via ssh tunnel

license
remoteaccess
vpn

#1

Our university’s license server is in a private network. When I’m on that network, I can access the License server just fine and Lumerical-FDTD starts up normally.

When I’m on a remote location, I’d like to checkout the license. To this end, I enable port-forwarding: a tunnel is created from my localhost at localport X via my department’s ssh-server to the license server on its default port.

So what I’m entering is simllar to this:

ssh -L 9090:license_server:27013 my_username@ssh_server

in which of course the 3 fields have the correct names and addresses.
After setting up this tunnel, I change the license configuration settings on my localhost, so that it attempts to contact the license server via my localhost on port 9090.

After applying that change, Lumerical won’t start up though, giving me an error:

lc_checkout failed: License server machine is down or not responding.
See the system administrator about starting the license server system, or
make sure you’re referring to the right host (see LM_LICENSE_FILE).
Feature: FDTD_Solutions_design
Hostname: stella
License path: 9090@127.0.0.1:
FlexNet Licensing error:-96,7. System Error: 2 "No such file or directory"
For further information, refer to the FlexNet Licensing documentation,
available at “www.flexerasoftware.com”.

However, a telnet session to localhost at port 9090 reveals no issues in the active ssh-tunnel window, which tells me the license server can be contacted at that port through my localhost at my local port.

Is this way of checking out licenses not supported? Am I doing something wrong?


#2

Accessing the license remotely or across different subnets is possible with Floating license models. However, configuring your network and vpn is beyond the scope of Lumerical technical support. You might have to contact your organization’s IT / Network administrator in configuring your network or vpn access.

We have the following information on Communication ports used by Lumerical Software

In the meantime, we can try and change the Configure FDTD license utility’s Floating Tab “Server” to the IP address of the license server.

Currently, its trying to get the license from 9090@127.0.0.1. IP address 127.0.0.1 is your local computer, not the license server.

If you have access to http://IP_license_server:8095 using the browser, we can check if you are able to access the license manager dashboard on the server.


#3

I appreciate you looking into this. Unfortunately, it seems you do not fully understand the use of ssh tunnels.

Simply put, the ssh tunnel I’ve set up on my linux-box (which can be configured under Windows just as easily using e.g. the putty program) makes sure that my PC “tunnels” all traffic designed for localhost:9090 to the license server’s 27013 port, which is behind my university’s ssh server and therefor not publicly accessible.
So it makes Lumerical believe that the license server is on my machine, whereas in reality, traffic just gets relayed.

I hope that’s clear. I’m hoping to get news from the IT department here sometime next week. If so, I’ll update this post.


#4

Sorry for my misunderstanding. I am not sure how the ssh command line syntax would be. Based on our test we are able to create a SSH connection using putty on a Windows computer and redirected the ports to the (default) ports that the Lumerical FlexNet license manager is using;

We were able to checkout a license from our license server using the following setting on FDTD license utility;


#5

That is good news, thank you for checking it thoroughly. As soon as I get news back from my IT department, I’ll update this thread too. Perhaps it’s a firewall configuration, but the info will be useful to future readers, I hope.


#6

As you may know, the license manager dashboard can be accessed with a web browser on port 8095 using the following URL:
http://IP_ADDRESS_OR_HOST_NAME:8095

Setting up the tunnel for the license manager dashboard might be a simpler test case for you to debug this problem, since it doesn’t require you to run our software. Instead, you only need a web browser. You should be able to setup the tunnel such that the URL http://localhost:8095 allows you to view the dashboard, which is actually running on the university license manager computer rather than your local machine.

I hope this helps.


#7

On my example, I forwarded the port 27012 on my computer to the server port 8095, allowing me to use http://localhost:27012 to see the license manager dashboard;


#8

After several discussions with the IT staff of my research department, it turns out that while flexlm is listening on port 27013, the lumerical daemon “LUMERICL” is listening on 17013. Both ports need to be forwarded when you are not in the network. After doing that, I got Lumerical to run on my local host, which was not in the research department network.

The reason it worked for @lyap and @ckopetski is because their machines were inside the network (or using a VPN) that has access to both ports.

Solved.