Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B3D55D502 for ; Thu, 10 Jan 2013 10:46:14 +0000 (UTC) Received: (qmail 31283 invoked by uid 500); 10 Jan 2013 10:46:13 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 31085 invoked by uid 500); 10 Jan 2013 10:46:13 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 31050 invoked by uid 99); 10 Jan 2013 10:46:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Jan 2013 10:46:12 +0000 Date: Thu, 10 Jan 2013 10:46:12 +0000 (UTC) From: "Richard Shevel (JIRA)" To: cloudstack-dev@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-938) s2s VPN trouble MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13549516#comment-13549516 ] Richard Shevel commented on CLOUDSTACK-938: ------------------------------------------- I've updated all the RPM on KVM hosts and CS host. I spent the next experiment: 1. Created new Domain 2. Loged in to new Domain 3. Created new VPC (with 10.4.4.0/24 network) 4. Create new tier (10.4.4.1 gateway) 5. entered as administrator and look for new VR: State Running Network ID Public IP Address 77.95.133.142 Guest IP Address Link Local IP Adddress 169.254.1.73 Host bh620-4.dn.local Compute offering System Offering For Software Router Network Domain Domain test1 Account test1 Created 10 Jan 2013 10:27:15 Redundant Router No Redundant state VPC ID 518b7f87-bbf4-405b-a90a-9d0dfaf11271 5. entered in VR : root@r-292-VM:~# ip a 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 0e:00:a9:fe:01:49 brd ff:ff:ff:ff:ff:ff inet 169.254.1.73/16 brd 169.254.255.255 scope global eth0 3: eth1: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 06:bb:92:00:00:6e brd ff:ff:ff:ff:ff:ff root@r-292-VM:~# if I look at /var/log/auth.log , i see : Jan 10 10:28:58 r-292-VM sshd[1586]: pam_unix(sshd:session): session closed for user root Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/echo 1 Table_eth1 Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip rule add fwmark 1 table Table_eth1 Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip route flush table Table_eth1 Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/sbin/ip route flush cache Jan 10 10:28:58 r-292-VM sshd[1631]: Accepted publickey for root from 169.254.0.1 port 41066 ssh2 Jan 10 10:28:58 r-292-VM sshd[1631]: pam_unix(sshd:session): session opened for user root by (uid=0) Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip link show ethnull Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip addr add dev ethnull 77.95.133.142/26 brd + Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/iptables-save -t mangle Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/iptables -t mangle -A PREROUTING -i ethnull -m state --state NEW -j CONNMARK --set-mark null Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip route add 77.95.133.128/26 dev ethnull table Table_ethnull proto static Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip route add default via 77.95.133.129 table Table_ethnull proto static Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip route flush cache Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip route Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/sbin/ip route add default via 77.95.133.129 Jan 10 10:28:59 r-292-VM sshd[1631]: Received disconnect from 169.254.0.1: 11: disconnected by user Jan 10 10:28:59 r-292-VM sshd[1631]: pam_unix(sshd:session): session closed for user root Jan 10 10:28:59 r-292-VM sshd[1675]: Accepted publickey for root from 169.254.0.1 port 41067 ssh2 Once again the value "ethnull" maybe the problem is not how much a VPN in the proper formation of the VPC ?? , attached mangmtn log as management-server_after_upgrade2.zip > s2s VPN trouble > --------------- > > Key: CLOUDSTACK-938 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Network Controller > Affects Versions: 4.0.0, 4.0.1 > Environment: CentOS 6.3 x86_64 > CS - 4.0.1-0.11 > Reporter: Richard Shevel > Priority: Critical > Attachments: auth.log, catalina.zip, management-server_afer_upgrade2.zip, management-server_after_upgrade.zip, management-server.zip > > > Dear colleagues, the problem is clearly a bug: > I created a VPC > Further, in my VPN Customer Gateway to the settings > Gateway 217.70.20.213 > CIDR list 192.168.10.0/24 > IPsec Preshared-Key blablablablablabla > IKE Encryption 3des > IKE Hash md5 > IKE DH None > ESP Encryption 3des > ESP Hash md5 > Perfect Forward Secrecy None > IKE lifetime (second) 86 400 > ESP Lifetime (second) 28 800 > Dead Peer Detection Yes > In the setting of VPC I create VPN Gateway > When creating a VPN Connection get the error: > Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site-to-site VPN > catalina.out: > WARN [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class com.cloud.api.ServerApiException : Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site-to-site VPN > WARN [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable to unregister active job 463 from JMX monitoring > WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection status > WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection status > WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection status > WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection status > WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection status > management-server.log: > 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-4:null) Ping from 5 > 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-2:null) Ping from 3 > 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerImpl] (secstorage-1:null) Zone 1 is ready to launch secondary storage VM > 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] (consoleproxy-1:null) Zone 1 is ready to launch console proxy > 2013-01-09 21:28:18,306 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null) Found 3 routers. > 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null) Seq 5-223284290: Sending { Cmd , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}] } > 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (AgentManager-Handler-3:null) Seq 5-223284290: Processing: { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand failed","result":false,"wait":0}}] } > 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache] (AgentManager-Handler-3:null) Seq 5-223284290: No more commands found > 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null) Seq 5-223284290: Received: { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } } > 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl] (RouterStatusMonitor-1:null) Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand failed > 2013-01-09 21:28:18,458 WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN connection status > 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector] (StatsCollector-2:null) StorageCollector is running... > 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request] (StatsCollector-2:null) Seq 17-292881626: Received: { Ans: , MgmtId: 52239887788, via: 17, Ver: v1, Flags: 10, { GetStorageStatsAnswer } } > 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request] (StatsCollector-2:null) Seq 3-1166872144: Received: { Ans: , MgmtId: 52239887788, via: 3, Ver: v1, Flags: 10, { GetStorageStatsAnswer } } > 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerImpl] (secstorage-1:null) Zone 1 is ready to launch secondary storage VM > 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] (consoleproxy-1:null) Zone 1 is ready to launch console proxy > 2013-01-09 21:28:48,305 DEBUG [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null) Found 3 routers. > 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null) Seq 5-223284291: Sending { Cmd , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}] } > 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (AgentManager-Handler-9:null) Seq 5-223284291: Processing: { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand failed","result":false,"wait":0}}] } > 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache] (AgentManager-Handler-9:null) Seq 5-223284291: No more commands found > 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (RouterStatusMonitor-1:null) Seq 5-223284291: Received: { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } } > 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl] (RouterStatusMonitor-1:null) Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand failed > 2013-01-09 21:28:48,430 WARN [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN connection status > 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-7:null) Ping from 11 > 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl] (AgentManager-Handler-6:null) Ping from 17 > 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector] (StatsCollector-3:null) HostStatsCollector is running... -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira