Programmable Devices
CPLDs, FPGAs, SoC FPGAs, Configuration, and Transceivers
20644 Discussions

quartus license server through ssh tunel

Altera_Forum
Honored Contributor II
2,275 Views

Hi All, 

i have my quartus license servers behind a firewall so the license cannot be acquired when I work at home. I was wondering if someone knows what port numbers are required to be tunneled and how to setup the tunel for Quartus to fetch the license via this tunel. Our license servers are something like 1800@licman1.cern.ch hence I'd expect that outgoing port number is 1800, however there must be an incoming port as well. Both of them must be tuneled i guess... 

 

anyone tried to do this? (note: unfortunately i cannot use at home quartus web edition as this afaik does not support stratix devices)... 

any help kindly appreciated.... 

 

d.
0 Kudos
5 Replies
Altera_Forum
Honored Contributor II
961 Views

our floating network licence server and all others are available via a VPN connection.  

there was no need to specify the port number for getting contact to the altera licence server. 

whenever we need a licence outside the intranet we just establishe the VPN and thats it.
0 Kudos
Altera_Forum
Honored Contributor II
961 Views

Hi,  

thanks for reply. VPN connection was banned where I work due to some security problems. It's clear that when you have VPN connection, those problems disappear because your VPN server dedicates to you an IP address which is in the range of the license server hence your computer 'looks' as if it was a part of your work network. 

 

this is not the case when you're outside of work-network. however, yesterday I've found a working solution, maybe it helps to somebody: 

 

1) make ssh tunnel to some machine which is at your work. in my case, a desktop pc on my table at lab: 

 

ssh -N -L 12345:<mylabmachine>:22 <username>@<gateserver> 

 

2) make a ssh tunel to pass the flexlm ports of your choice. now the stuff: in my case, the work license server when looking into quartus licence is 1800@<licserver>, so my guess was that port 1800 must be tunneled. This is OK, but it is not enough. There is one more port which must be tunneled. I've used WireShark on windows machine at work to make port scan of my computer and look for port which is used to communicate with license server. Quick inspection gave port number 36534. Hence the tunnel must be setup as follows: 

 

ssh -N -p 12345 -L 1800:<licenseserver>:1800 -L 36534:<licenseserver>:36534 <yourworkusername>@localhost 

 

NOTE: this command uses ssh tunnel to your lab machine to tunnel through this machine ports 1800 and 36534.  

 

3) specify either in quartus license to use '1800@localhost' as your license server. 

 

 

This works. I'm sure that there is easier way (i can imagine that first tunnel is not mandatory and one can use gateserver directly to pass-through the ports, however I did not try this). The only problem is that the second port number (36354 in my case) changes from time to time without any reason (on a week basis). maybe when license server reboots, it starts to use different port number.... no idea. 

 

Would be very nice to have this thing automated however the port number changes always require to use wireshark to identify the port numbers. for this one has to have a pc, which successfully starts the quartus using the license server.... 

 

If there is somebody from Altera on this forum, could he comment a bit whether there is a 'standard' way how to access license servers when behind firewall? or at least get the idea of which ports must be tunneled without prior using wireshark 

 

 

 

d.
0 Kudos
Altera_Forum
Honored Contributor II
961 Views

I have forgotten to mention: 

 

these commands of course work under Linux, using Quartus Linux edition. For windows one could use Putty to create necessary tunnels
0 Kudos
Altera_Forum
Honored Contributor II
961 Views

 

--- Quote Start ---  

Hi All, 

i have my quartus license servers behind a firewall so the license cannot be acquired when I work at home.  

d. 

--- Quote End ---  

 

 

You should try something like: 

 

ssh -f -C you@firewall.yourcompany.com -L 1800:flexserver.yourcompany.com:1800 xmessage "forward of lic server" -button stop-forward:9 I'm assuming Linux here. I'm also assuming that there is a X program called xmessage on your firewall. The connection will stay up until you click the stop-forward button. If you don't have xmessage, you can use sleep 3600 instead of xmessage (and the rest of the line) to stay connected for the next hour. 

 

Then you should be able to start Quartus at home as: 

 

LM_LICENSE_FILE=machinewhereyoustartedtheabove:1800 /opt/altera/quartus/bin/quartus
0 Kudos
gusFring
Beginner
961 Views

Hi, I don't if thread is still active. But, I am having an issue in accessing quartus server license and I would be glad if I could get some help.

 

A quartus floating license is installed on a server in a US university. When I was in the US, I was able to access the quartus license from outside the university using VPN (Cisco AnyConnect), but I am not able to do so from India. However, I am able to access the floating licenses for other softwares. I can use the quartus software installed on the server using remote desktop, but its very difficult to use due to latency incurred in accessing the display.  Any suggestions on why I am not able to access the sever license from India?

 

 

 

0 Kudos
Reply