Return-Path: 
 <cloudstack-dev-return-18047-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A6252E3A1
	for <apmail-incubator-cloudstack-dev-archive@minotaur.apache.org>;
 Fri, 18 Jan 2013 07:44:15 +0000 (UTC)
Received: (qmail 2376 invoked by uid 500); 18 Jan 2013 07:44:14 -0000
Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org
Received: (qmail 2167 invoked by uid 500); 18 Jan 2013 07:44:13 -0000
Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-dev@incubator.apache.org>
List-Id: <cloudstack-dev.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-dev@incubator.apache.org
Received: (qmail 2124 invoked by uid 99); 18 Jan 2013 07:44:12 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Jan 2013 07:44:12 +0000
Date: Fri, 18 Jan 2013 07:44:12 +0000 (UTC)
From: "Richard Shevel (JIRA)" <jira@apache.org>
To: cloudstack-dev@incubator.apache.org
Message-ID: <JIRA.12626806.1357752949405.157608.1358495052464@arcas>
In-Reply-To: <JIRA.12626806.1357752949405@arcas>
References: <JIRA.12626806.1357752949405@arcas>
Subject: [jira] [Commented] (CLOUDSTACK-938) s2s VPN trouble
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=3Dcom.atlas=
sian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D=
13557024#comment-13557024 ]=20

Richard Shevel commented on CLOUDSTACK-938:
-------------------------------------------

completed the installation of cloud-plugin-hypervisor-kvm-4.0.1-incubating-=
SNAPSHOT.jar.

I restarted the router and run:

[root@bh4 java]# cat /var/log/cloud/agent/agent.log | egrep "IpAssoc|getVla=
nIdFromBridge"
2013-01-18 11:39:47,377 DEBUG [cloud.agent.Agent] (agentRequest-Handler-3:n=
ull) Request:Seq 5-1161625613:  { Cmd , MgmtId: 52239887788, via: 5, Ver: v=
1, Flags: 100111, [{"StartCommand":{"vm":{"id":292,"name":"r-292-VM","type"=
:"DomainRouter","cpus":1,"speed":500,"minRam":134217728,"maxRam":134217728,=
"arch":"x86_64","os":"Debian GNU/Linux 5.0 (32-bit)","bootArgs":" vpccidr=
=3D10.4.4.0/24 domain=3Dtest1vpc dns1=3D8.8.8.8 dns2=3D8.8.4.4 template=3Dd=
omP name=3Dr-292-VM eth0ip=3D169.254.0.244 eth0mask=3D255.255.0.0 type=3Dvp=
crouter disable_rp_filter=3Dtrue","rebootOnCrash":false,"enableHA":true,"li=
mitCpuUse":false,"vncPassword":"5619bf8c760f7042","params":{},"uuid":"10291=
b7f-1521-476f-abb1-5eb04ac11b02","disks":[{"id":589,"name":"ROOT-292","moun=
tPoint":"/vg0_md","path":"c2998ea2-5dbf-4722-bcb6-5dfaa288c33d","size":7258=
11200,"type":"ROOT","storagePoolType":"CLVM","storagePoolUuid":"724141d8-75=
a9-4033-8209-2ce6a64fe12a","deviceId":0}],"nics":[{"deviceId":0,"networkRat=
eMbps":-1,"defaultNic":false,"uuid":"224e8e50-649b-44c1-9b63-a55e8bce10cd",=
"ip":"169.254.0.244","netmask":"255.255.0.0","gateway":"169.254.0.1","mac":=
"0e:00:a9:fe:00:f4","broadcastType":"LinkLocal","type":"Control","isSecurit=
yGroupEnabled":false}]},"wait":0}},{"check.CheckSshCommand":{"ip":"169.254.=
0.244","port":3922,"interval":6,"retries":100,"name":"r-292-VM","wait":0}},=
{"GetDomRVersionCmd":{"accessDetails":{"router.name":"r-292-VM","router.ip"=
:"169.254.0.244"},"wait":0}},{},{"PlugNicCommand":{"nic":{"deviceId":1,"net=
workRateMbps":200,"defaultNic":true,"uuid":"f59a35e8-47ef-446a-b99d-0d3e5e7=
9f510","ip":"77.95.133.142","netmask":"255.255.255.192","gateway":"77.95.13=
3.129","mac":"06:bb:92:00:00:6e","dns1":"8.8.8.8","dns2":"8.8.4.4","broadca=
stType":"Vlan","type":"Public","broadcastUri":"vlan://50","isolationUri":"v=
lan://50","isSecurityGroupEnabled":false,"name":"cloudbr1"},"instanceName":=
"r-292-VM","wait":0}},{"routing.IpAssocVpcCommand":{"ipAddresses":[{"accoun=
tId":9,"publicIp":"77.95.133.142","sourceNat":true,"add":true,"oneToOneNat"=
:false,"firstIP":false,"vlanId":"50","vlanGateway":"77.95.133.129","vlanNet=
mask":"255.255.255.192","vifMacAddress":"06:bb:92:00:00:6e","networkRate":2=
00,"trafficType":"Public","networkName":"cloudbr1"}],"accessDetails":{"rout=
er.guest.ip":"77.95.133.142","zone.network.type":"Advanced","router.name":"=
r-292-VM","router.ip":"169.254.0.244"},"wait":0}},{"routing.SetSourceNatCom=
mand":{"ipAddress":{"accountId":9,"publicIp":"77.95.133.142","sourceNat":tr=
ue,"add":true,"oneToOneNat":false,"firstIP":false,"vlanId":"50","vlanGatewa=
y":"77.95.133.129","vlanNetmask":"255.255.255.192","vifMacAddress":"06:bb:9=
2:00:00:6e","networkRate":200,"trafficType":"Public","networkName":"cloudbr=
1"},"add":true,"accessDetails":{"zone.network.type":"Advanced","router.name=
":"r-292-VM","router.ip":"169.254.0.244"},"wait":0}},{}] }
2013-01-18 11:40:23,379 DEBUG [cloud.agent.Agent] (agentRequest-Handler-3:n=
ull) Processing command: com.cloud.agent.api.routing.IpAssocVpcCommand
2013-01-18 11:40:23,451 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) IpAssocVpcCommand:LinkLocal is on dev eth0
2013-01-18 11:40:23,466 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) getVlanIdFromBridge: found vlanId 50 504 from brct=
l for bridge cloudVirBr50
2013-01-18 11:40:23,467 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) IpAssocVpcCommand:dev eth1 on bridge cloudVirBr50 =
is for vlan50 504
2013-01-18 11:40:23,482 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) getVlanIdFromBridge: found vlanId 50 504 from brct=
l for bridge cloudVirBr50
2013-01-18 11:40:23,482 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) IpAssocVpcCommand: ip 77.95.133.142 is on vlan 50 =
according to management server
2013-01-18 11:40:23,482 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) IpAssocVpcCommand: nicName for ip 77.95.133.142 in=
 router is ethnull
2013-01-18 11:40:23,700 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) getVlanIdFromBridge: found nothing, returning null
2013-01-18 11:40:23,714 INFO  [kvm.resource.LibvirtComputingResource] (agen=
tRequest-Handler-3:null) getVlanIdFromBridge: found vlanId 50 504 from brct=
l for bridge cloudVirBr50
2013-01-18 11:40:23,932 DEBUG [cloud.agent.Agent] (agentRequest-Handler-3:n=
ull) Seq 5-1161625613:  { Ans: , MgmtId: 52239887788, via: 5, Ver: v1, Flag=
s: 110, [{"StartAnswer":{"vm":{"id":292,"name":"r-292-VM","type":"DomainRou=
ter","cpus":1,"speed":500,"minRam":134217728,"maxRam":134217728,"arch":"x86=
_64","os":"Debian GNU/Linux 5.0 (32-bit)","bootArgs":" vpccidr=3D10.4.4.0/2=
4 domain=3Dtest1vpc dns1=3D8.8.8.8 dns2=3D8.8.4.4 template=3DdomP name=3Dr-=
292-VM eth0ip=3D169.254.0.244 eth0mask=3D255.255.0.0 type=3Dvpcrouter disab=
le_rp_filter=3Dtrue","rebootOnCrash":false,"enableHA":true,"limitCpuUse":fa=
lse,"vncPassword":"5619bf8c760f7042","params":{},"uuid":"10291b7f-1521-476f=
-abb1-5eb04ac11b02","disks":[{"id":589,"name":"ROOT-292","mountPoint":"/vg0=
_md","path":"c2998ea2-5dbf-4722-bcb6-5dfaa288c33d","size":725811200,"type":=
"ROOT","storagePoolType":"CLVM","storagePoolUuid":"724141d8-75a9-4033-8209-=
2ce6a64fe12a","deviceId":0}],"nics":[{"deviceId":0,"networkRateMbps":-1,"de=
faultNic":false,"uuid":"224e8e50-649b-44c1-9b63-a55e8bce10cd","ip":"169.254=
.0.244","netmask":"255.255.0.0","gateway":"169.254.0.1","mac":"0e:00:a9:fe:=
00:f4","broadcastType":"LinkLocal","type":"Control","isSecurityGroupEnabled=
":false}]},"result":true,"wait":0}},{"check.CheckSshAnswer":{"result":true,=
"wait":0}},{"GetDomRVersionAnswer":{"templateVersion":"Cloudstack Release 3=
.0 Mon Feb 6 15:10:04 PST 2012","scriptsVersion":"4326a8c20c6aca3cadca17d2f=
0099a57","result":true,"details":"Cloudstack Release 3.0 Mon Feb 6 15:10:04=
 PST 2012&4326a8c20c6aca3cadca17d2f0099a57","wait":0}},{"NetworkUsageAnswer=
":{"routerName":"r-292-VM","bytesSent":0,"bytesReceived":0,"result":true,"w=
ait":0}},{"PlugNicAnswer":{"result":true,"details":"success","wait":0}},{"r=
outing.IpAssocAnswer":{"results":["77.95.133.142 - success"],"result":true,=
"wait":0}},{"routing.SetSourceNatAnswer":{"result":true,"details":"success"=
,"wait":0}},{"NetworkUsageAnswer":{"routerName":"r-292-VM","bytesSent":0,"b=
ytesReceived":0,"result":true,"wait":0}}] }
[root@bh4 java]#

               =20
> s2s VPN trouble
> ---------------
>
>                 Key: CLOUDSTACK-938
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the defa=
ult.)=20
>          Components: Network Controller
>    Affects Versions: 4.0.0, 4.0.1
>         Environment: CentOS 6.3 x86_64
> CS - 4.0.1-0.11
>            Reporter: Richard Shevel
>             Fix For: 4.0.2, 4.1.0
>
>         Attachments: after_restart_VPC.zip, auth.log, catalina.zip, manag=
ement-server_afer_upgrade2.zip, management-server_after_upgrade.zip, manage=
ment-server.zip, messages, public.png, r-292-vm_log.tar.gz
>
>
> Dear colleagues, the problem is clearly a bug:
> I created a VPC
> Further, in my VPN Customer Gateway to the settings
> Gateway 217.70.20.213
> CIDR list 192.168.10.0/24
> IPsec Preshared-Key blablablablablabla
> IKE Encryption 3des
> IKE Hash md5
> IKE DH None
> ESP Encryption 3des
> ESP Hash md5
> Perfect Forward Secrecy None
> IKE lifetime (second) 86 400
> ESP Lifetime (second) 28 800
> Dead Peer Detection Yes
> In the setting of VPC I create VPN Gateway
> When creating a VPN Connection get the error:
> Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply site=
-to-site VPN
> catalina.out:
> WARN  [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class com.cloud=
.api.ServerApiException : Resource [Site2SiteVpnConnection:15] is unreachab=
le: Failed to apply site-to-site VPN
> WARN  [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable =
to unregister active job 463 from JMX monitoring
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMo=
nitor-1:) Unable to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMo=
nitor-1:) Unable to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMo=
nitor-1:) Unable to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMo=
nitor-1:) Unable to update router r-288-VM's VPN connection status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] (RouterStatusMo=
nitor-1:) Unable to update router r-288-VM's VPN connection status
> management-server.log:
> 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl] (AgentMana=
ger-Handler-4:null) Ping from 5
> 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl] (AgentMana=
ger-Handler-2:null) Ping from 3
> 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerI=
mpl] (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl=
] (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:18,306 DEBUG [network.router.VirtualNetworkApplianceMana=
gerImpl] (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request] (RouterStatusMoni=
tor-1:null) Seq 5-223284290: Sending  { Cmd , MgmtId: 52239887788, via: 5, =
Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"acc=
essDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":3=
0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (AgentManager-Han=
dler-3:null) Seq 5-223284290: Processing:  { Ans: , MgmtId: 52239887788, vi=
a: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected=
":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand failed","resu=
lt":false,"wait":0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache] (AgentManager-=
Handler-3:null) Seq 5-223284290: No more commands found
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] (RouterStatusMoni=
tor-1:null) Seq 5-223284290: Received:  { Ans: , MgmtId: 52239887788, via: =
5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl] (RouterSta=
tusMonitor-1:null) Details from executing class com.cloud.agent.api.CheckS2=
SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:18,458 WARN  [network.router.VirtualNetworkApplianceMana=
gerImpl] (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VP=
N connection status
> 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector] (StatsCollect=
or-2:null) StorageCollector is running...
> 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request] (StatsCollector-2=
:null) Seq 17-292881626: Received:  { Ans: , MgmtId: 52239887788, via: 17, =
Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request] (StatsCollector-2=
:null) Seq 3-1166872144: Received:  { Ans: , MgmtId: 52239887788, via: 3, V=
er: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerI=
mpl] (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl=
] (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:48,305 DEBUG [network.router.VirtualNetworkApplianceMana=
gerImpl] (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request] (RouterStatusMoni=
tor-1:null) Seq 5-223284291: Sending  { Cmd , MgmtId: 52239887788, via: 5, =
Ver: v1, Flags: 100111, [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"acc=
essDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":3=
0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (AgentManager-Han=
dler-9:null) Seq 5-223284291: Processing:  { Ans: , MgmtId: 52239887788, vi=
a: 5, Ver: v1, Flags: 110, [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected=
":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand failed","resu=
lt":false,"wait":0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache] (AgentManager-=
Handler-9:null) Seq 5-223284291: No more commands found
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] (RouterStatusMoni=
tor-1:null) Seq 5-223284291: Received:  { Ans: , MgmtId: 52239887788, via: =
5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl] (RouterSta=
tusMonitor-1:null) Details from executing class com.cloud.agent.api.CheckS2=
SVpnConnectionsCommand: CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:48,430 WARN  [network.router.VirtualNetworkApplianceMana=
gerImpl] (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VP=
N connection status
> 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl] (AgentMana=
ger-Handler-7:null) Ping from 11
> 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl] (AgentMana=
ger-Handler-6:null) Ping from 17
> 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector] (StatsCollect=
or-3:null) HostStatsCollector is running...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrato=
rs
For more information on JIRA, see: http://www.atlassian.com/software/jira