[jira] [Commented] (CLOUDSTACK-938) s2s VPN trouble

Sheng Yang (JIRA) Fri, 11 Jan 2013 15:48:16 -0800

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13551658#comment-13551658
 ]


Sheng Yang commented on CLOUDSTACK-938:
---------------------------------------

OK, here is what's wrong.

Jan 10 10:28:59 r-292-VM cloud: vpc_ipassoc.sh:Adding ip 77.95.133.142 on 
interface ethnull
Jan 10 10:28:59 r-292-VM cloud: vpc_ipassoc.sh:Add routing 77.95.133.142 on 
interface ethnull
Jan 10 10:28:59 r-292-VM cloud: vpc_snat.sh:Added SourceNAT 77.95.133.142 on 
interface eth2

But I am failed to match it with mgmt server log.

I guess it's the result of:

2013-01-10 14:27:58,720 DEBUG [agent.transport.Request] 
(Job-Executor-14:job-489) Seq 5-867174260: Sending  { Cmd , MgmtId: 
52239887788, via: 5, Ver: v1, Flags: 100111, 
[{"StartCommand":{"vm":{"id":292,"name":"r-292-VM","type":"DomainRouter","
cpus":1,"speed":500,"minRam":134217728,"maxRam":134217728,"arch":"x86_64","os":"Debian
 GNU/Linux 5.0 (32-bit)","bootArgs":" vpccidr=10.4.4.0/24 domain=test1vpc 
dns1=8.8.8.8 dns2=8.8.4.4 template=domP name=r-292-VM eth0ip=169.254.1.73 
eth0mask=
255.255.0.0 type=vpcrouter 
disable_rp_filter=true","rebootOnCrash":false,"enableHA":true,"limitCpuUse":false,"vncPassword":"5619bf8c760f7042","params":{},"uuid":"10291b7f-1521-476f-abb1-5eb04ac11b02","disks":[{"id":589,"name":"/vg0_md","mountP
oint":"c2998ea2-5dbf-4722-bcb6-5dfaa288c33d","path":"c2998ea2-5dbf-4722-bcb6-5dfaa288c33d","size":725811200,"type":"ROOT","storagePoolType":"CLVM","storagePoolUuid":"724141d8-75a9-4033-8209-2ce6a64fe12a","deviceId":0}],"nics":[{"deviceId":0,"n
etworkRateMbps":-1,"defaultNic":false,"uuid":"224e8e50-649b-44c1-9b63-a55e8bce10cd","ip":"169.254.1.73","netmask":"255.255.0.0","gateway":"169.254.0.1","mac":"0e:00:a9:fe:01:49","broadcastType":"LinkLocal","type":"Control","isSecurityGroupEnab
led":false}]},"wait":0}},{"check.CheckSshCommand":{"ip":"169.254.1.73","port":3922,"interval":6,"retries":100,"name":"r-292-VM","wait":0}},{"GetDomRVersionCmd":{"accessDetails":{"router.ip":"169.254.1.73","router.name":"r-292-VM"},"wait":0}},{
},{"PlugNicCommand":{"nic":{"deviceId":1,"networkRateMbps":200,"defaultNic":true,"uuid":"f59a35e8-47ef-446a-b99d-0d3e5e79f510","ip":"77.95.133.142","netmask":"255.255.255.192","gateway":"77.95.133.129","mac":"06:bb:92:00:00:6e","dns1":"8.8.8.8
","dns2":"8.8.4.4","broadcastType":"Vlan","type":"Public","broadcastUri":"vlan://50","isolationUri":"vlan://50","isSecurityGroupEnabled":false,"name":"cloudbr1"},"instanceName":"r-292-VM","wait":0}},{"routing.IpAssocVpcCommand":{"ipAddresses":
[{"accountId":9,"publicIp":"77.95.133.142","sourceNat":true,"add":true,"oneToOneNat":false,"firstIP":false,"vlanId":"50","vlanGateway":"77.95.133.129","vlanNetmask":"255.255.255.192","vifMacAddress":"06:bb:92:00:00:6e","networkRate":200,"traff
icType":"Public","networkName":"cloudbr1"}],"accessDetails":{"router.guest.ip":"77.95.133.142","zone.network.type":"Advanced","router.ip":"169.254.1.73","router.name":"r-292-VM"},"wait":0}},{"routing.SetSourceNatCommand":{"ipAddress":{"account
Id":9,"publicIp":"77.95.133.142","sourceNat":true,"add":true,"oneToOneNat":false,"firstIP":false,"vlanId":"50","vlanGateway":"77.95.133.129","vlanNetmask":"255.255.255.192","vifMacAddress":"06:bb:92:00:00:6e","networkRate":200,"trafficType":"P
ublic","networkName":"cloudbr1"},"add":true,"accessDetails":{"zone.network.type":"Advanced","router.ip":"169.254.1.73","router.name":"r-292-VM"},"wait":0}},{}]
 }

but this command seems fine to me.

Hi Richard,

Could you restart the VPC router, then after it's complete, attached the latest 
log?(both mgmt log and /var/log/messages in router)

Thank you!
                
> s2s VPN trouble
> ---------------
>
>                 Key: CLOUDSTACK-938
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.0.0, 4.0.1
>         Environment: CentOS 6.3 x86_64
> CS - 4.0.1-0.11
>            Reporter: Richard Shevel
>            Priority: Critical
>         Attachments: auth.log, catalina.zip, 
> management-server_afer_upgrade2.zip, management-server_after_upgrade.zip, 
> management-server.zip, messages, r-292-vm_log.tar.gz
>
>
> Dear colleagues, the problem is clearly a bug:
> I created a VPC
> Further, in my VPN Customer Gateway to the settings
> Gateway 217.70.20.213
> CIDR list 192.168.10.0/24
> IPsec Preshared-Key blablablablablabla
> IKE Encryption 3des
> IKE Hash md5
> IKE DH None
> ESP Encryption 3des
> ESP Hash md5
> Perfect Forward Secrecy None
> IKE lifetime (second) 86 400
> ESP Lifetime (second) 28 800
> Dead Peer Detection Yes
> In the setting of VPC I create VPN Gateway
> When creating a VPN Connection get the error:
> Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply 
> site-to-site VPN
> catalina.out:
> WARN  [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class 
> com.cloud.api.ServerApiException : Resource [Site2SiteVpnConnection:15] is 
> unreachable: Failed to apply site-to-site VPN
> WARN  [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable to 
> unregister active job 463 from JMX monitoring
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection 
> status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection 
> status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection 
> status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection 
> status
> WARN  [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection 
> status
> management-server.log:
> 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl] 
> (AgentManager-Handler-4:null) Ping from 5
> 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl] 
> (AgentManager-Handler-2:null) Ping from 3
> 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerImpl] 
> (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] 
> (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:18,306 DEBUG 
> [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request] 
> (RouterStatusMonitor-1:null) Seq 5-223284290: Sending  { Cmd , MgmtId: 
> 52239887788, via: 5, Ver: v1, Flags: 100111, 
> [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
>  }
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] 
> (AgentManager-Handler-3:null) Seq 5-223284290: Processing:  { Ans: , MgmtId: 
> 52239887788, via: 5, Ver: v1, Flags: 110, 
> [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
>  failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache] 
> (AgentManager-Handler-3:null) Seq 5-223284290: No more commands found
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request] 
> (RouterStatusMonitor-1:null) Seq 5-223284290: Received:  { Ans: , MgmtId: 
> 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl] 
> (RouterStatusMonitor-1:null) Details from executing class 
> com.cloud.agent.api.CheckS2SVpnConnectionsCommand: 
> CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:18,458 WARN  
> [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN 
> connection status
> 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector] 
> (StatsCollector-2:null) StorageCollector is running...
> 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request] 
> (StatsCollector-2:null) Seq 17-292881626: Received:  { Ans: , MgmtId: 
> 52239887788, via: 17, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request] 
> (StatsCollector-2:null) Seq 3-1166872144: Received:  { Ans: , MgmtId: 
> 52239887788, via: 3, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerImpl] 
> (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl] 
> (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:48,305 DEBUG 
> [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request] 
> (RouterStatusMonitor-1:null) Seq 5-223284291: Sending  { Cmd , MgmtId: 
> 52239887788, via: 5, Ver: v1, Flags: 100111, 
> [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
>  }
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] 
> (AgentManager-Handler-9:null) Seq 5-223284291: Processing:  { Ans: , MgmtId: 
> 52239887788, via: 5, Ver: v1, Flags: 110, 
> [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
>  failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache] 
> (AgentManager-Handler-9:null) Seq 5-223284291: No more commands found
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request] 
> (RouterStatusMonitor-1:null) Seq 5-223284291: Received:  { Ans: , MgmtId: 
> 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl] 
> (RouterStatusMonitor-1:null) Details from executing class 
> com.cloud.agent.api.CheckS2SVpnConnectionsCommand: 
> CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:48,430 WARN  
> [network.router.VirtualNetworkApplianceManagerImpl] 
> (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN 
> connection status
> 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl] 
> (AgentManager-Handler-7:null) Ping from 11
> 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl] 
> (AgentManager-Handler-6:null) Ping from 17
> 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector] 
> (StatsCollector-3:null) HostStatsCollector is running...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (CLOUDSTACK-938) s2s VPN trouble

Reply via email to