[
https://issues.apache.org/jira/browse/CLOUDSTACK-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13549516#comment-13549516
]
Richard Shevel commented on CLOUDSTACK-938:
-------------------------------------------
I've updated all the RPM on KVM hosts and CS host.
I spent the next experiment:
1. Created new Domain
2. Loged in to new Domain
3. Created new VPC (with 10.4.4.0/24 network)
4. Create new tier (10.4.4.1 gateway)
5. entered as administrator and look for new VR:
State Running
Network ID
Public IP Address 77.95.133.142
Guest IP Address
Link Local IP Adddress 169.254.1.73
Host bh620-4.dn.local
Compute offering System Offering For Software Router
Network Domain
Domain test1
Account test1
Created 10 Jan 2013 10:27:15
Redundant Router No
Redundant state
VPC ID 518b7f87-bbf4-405b-a90a-9d0dfaf11271
5. entered in VR :
root@r-292-VM:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UNKNOWN qlen 1000
link/ether 0e:00:a9:fe:01:49 brd ff:ff:ff:ff:ff:ff
inet 169.254.1.73/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 06:bb:92:00:00:6e brd ff:ff:ff:ff:ff:ff
root@r-292-VM:~#
if I look at /var/log/auth.log , i see :
Jan 10 10:28:58 r-292-VM sshd[1586]: pam_unix(sshd:session): session closed for
user root
Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ;
COMMAND=/bin/echo 1 Table_eth1
Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ;
COMMAND=/sbin/ip rule add fwmark 1 table Table_eth1
Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ;
COMMAND=/sbin/ip route flush table Table_eth1
Jan 10 10:28:58 r-292-VM sudo: root : TTY=unknown ; PWD=/ ; USER=root ;
COMMAND=/sbin/ip route flush cache
Jan 10 10:28:58 r-292-VM sshd[1631]: Accepted publickey for root from
169.254.0.1 port 41066 ssh2
Jan 10 10:28:58 r-292-VM sshd[1631]: pam_unix(sshd:session): session opened for
user root by (uid=0)
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip link show ethnull
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip addr add dev ethnull 77.95.133.142/26 brd +
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/iptables-save -t mangle
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/iptables -t mangle -A PREROUTING -i ethnull -m state --state NEW
-j CONNMARK --set-mark null
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip route add 77.95.133.128/26 dev ethnull table Table_ethnull
proto static
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip route add default via 77.95.133.129 table Table_ethnull proto
static
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip route flush cache
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip route
Jan 10 10:28:59 r-292-VM sudo: root : TTY=unknown ; PWD=/root ; USER=root ;
COMMAND=/sbin/ip route add default via 77.95.133.129
Jan 10 10:28:59 r-292-VM sshd[1631]: Received disconnect from 169.254.0.1: 11:
disconnected by user
Jan 10 10:28:59 r-292-VM sshd[1631]: pam_unix(sshd:session): session closed for
user root
Jan 10 10:28:59 r-292-VM sshd[1675]: Accepted publickey for root from
169.254.0.1 port 41067 ssh2
Once again the value "ethnull"
maybe the problem is not how much a VPN in the proper formation of the VPC ?? ,
attached mangmtn log as management-server_after_upgrade2.zip
> s2s VPN trouble
> ---------------
>
> Key: CLOUDSTACK-938
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-938
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.0.0, 4.0.1
> Environment: CentOS 6.3 x86_64
> CS - 4.0.1-0.11
> Reporter: Richard Shevel
> Priority: Critical
> Attachments: auth.log, catalina.zip,
> management-server_afer_upgrade2.zip, management-server_after_upgrade.zip,
> management-server.zip
>
>
> Dear colleagues, the problem is clearly a bug:
> I created a VPC
> Further, in my VPN Customer Gateway to the settings
> Gateway 217.70.20.213
> CIDR list 192.168.10.0/24
> IPsec Preshared-Key blablablablablabla
> IKE Encryption 3des
> IKE Hash md5
> IKE DH None
> ESP Encryption 3des
> ESP Hash md5
> Perfect Forward Secrecy None
> IKE lifetime (second) 86 400
> ESP Lifetime (second) 28 800
> Dead Peer Detection Yes
> In the setting of VPC I create VPN Gateway
> When creating a VPN Connection get the error:
> Resource [Site2SiteVpnConnection:15] is unreachable: Failed to apply
> site-to-site VPN
> catalina.out:
> WARN [cloud.api.ApiDispatcher] (Job-Executor-11:job-463) class
> com.cloud.api.ServerApiException : Resource [Site2SiteVpnConnection:15] is
> unreachable: Failed to apply site-to-site VPN
> WARN [cloud.async.AsyncJobManagerImpl] (Job-Executor-11:job-463) Unable to
> unregister active job 463 from JMX monitoring
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> WARN [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:) Unable to update router r-288-VM's VPN connection
> status
> management-server.log:
> 2013-01-09 21:27:54,587 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-4:null) Ping from 5
> 2013-01-09 21:27:54,623 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-2:null) Ping from 3
> 2013-01-09 21:28:17,546 DEBUG [storage.secondary.SecondaryStorageManagerImpl]
> (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:17,656 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl]
> (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:18,306 DEBUG
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:18,316 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284290: Sending { Cmd , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 100111,
> [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
> }
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request]
> (AgentManager-Handler-3:null) Seq 5-223284290: Processing: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110,
> [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
> failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentAttache]
> (AgentManager-Handler-3:null) Seq 5-223284290: No more commands found
> 2013-01-09 21:28:18,458 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284290: Received: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:18,458 DEBUG [agent.manager.AgentManagerImpl]
> (RouterStatusMonitor-1:null) Details from executing class
> com.cloud.agent.api.CheckS2SVpnConnectionsCommand:
> CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:18,458 WARN
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN
> connection status
> 2013-01-09 21:28:43,063 DEBUG [cloud.server.StatsCollector]
> (StatsCollector-2:null) StorageCollector is running...
> 2013-01-09 21:28:43,117 DEBUG [agent.transport.Request]
> (StatsCollector-2:null) Seq 17-292881626: Received: { Ans: , MgmtId:
> 52239887788, via: 17, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:45,185 DEBUG [agent.transport.Request]
> (StatsCollector-2:null) Seq 3-1166872144: Received: { Ans: , MgmtId:
> 52239887788, via: 3, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2013-01-09 21:28:47,545 DEBUG [storage.secondary.SecondaryStorageManagerImpl]
> (secstorage-1:null) Zone 1 is ready to launch secondary storage VM
> 2013-01-09 21:28:47,655 DEBUG [cloud.consoleproxy.ConsoleProxyManagerImpl]
> (consoleproxy-1:null) Zone 1 is ready to launch console proxy
> 2013-01-09 21:28:48,305 DEBUG
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Found 3 routers.
> 2013-01-09 21:28:48,328 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284291: Sending { Cmd , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 100111,
> [{"CheckS2SVpnConnectionsCommand":{"vpnIps":[],"accessDetails":{"router.ip":"169.254.1.232","router.name":"r-288-VM"},"wait":30}}]
> }
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request]
> (AgentManager-Handler-9:null) Seq 5-223284291: Processing: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110,
> [{"CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"CheckS2SVpnConneciontsCommand
> failed","result":false,"wait":0}}] }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentAttache]
> (AgentManager-Handler-9:null) Seq 5-223284291: No more commands found
> 2013-01-09 21:28:48,430 DEBUG [agent.transport.Request]
> (RouterStatusMonitor-1:null) Seq 5-223284291: Received: { Ans: , MgmtId:
> 52239887788, via: 5, Ver: v1, Flags: 110, { CheckS2SVpnConnectionsAnswer } }
> 2013-01-09 21:28:48,430 DEBUG [agent.manager.AgentManagerImpl]
> (RouterStatusMonitor-1:null) Details from executing class
> com.cloud.agent.api.CheckS2SVpnConnectionsCommand:
> CheckS2SVpnConneciontsCommand failed
> 2013-01-09 21:28:48,430 WARN
> [network.router.VirtualNetworkApplianceManagerImpl]
> (RouterStatusMonitor-1:null) Unable to update router r-288-VM's VPN
> connection status
> 2013-01-09 21:28:49,298 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-7:null) Ping from 11
> 2013-01-09 21:28:49,299 DEBUG [agent.manager.AgentManagerImpl]
> (AgentManager-Handler-6:null) Ping from 17
> 2013-01-09 21:28:51,594 DEBUG [cloud.server.StatsCollector]
> (StatsCollector-3:null) HostStatsCollector is running...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
