Closed Bug 655794 Opened 13 years ago Closed 13 years ago

Can't connect to build.mozilla.org from the Toronto office (also, and much less importantly, can't connect to build.mozilla.org when VPNed in to MV office VPN)

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Type:
task
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dbaron, Assigned: zandr)

References

Details

Bug 626122 regressed recently -- sometime in the past few days, I think.  I'm filing this as a clone of that bug instead of reopening since I suspect you'd prefer it that way.

+++ This bug was initially created as a clone of Bug #626122 +++

When I connect to the mountain view office VPN from home (with the "Use this connection only for resources on its network" option in my VPN configuration), I'm unable to connect to http://build.mozilla.org/ .  Being unable to connect to build.mozilla.org means that http://tbpl.mozilla.org/ won't load.  I've heard reports of the same thing (can't load TBPL over office VPN) from other people.

When I connect to the office VPN, the DNS result I get for build.mozilla.org changes from what I get when unconnected:
$ host build.mozilla.org
build.mozilla.org is an alias for dm-wwwbuild01.mozilla.org.
dm-wwwbuild01.mozilla.org has address 63.245.208.186

to what I get when I'm inside the office:
$ host build.mozilla.org
build.mozilla.org has address 10.2.74.128
build.mozilla.org mail is handled by 10 dm-mail01.mozilla.org.
build.mozilla.org mail is handled by 10 dm-mail02.mozilla.org.

However, when I "Use this connection only for resources on its network", 10.2.74.128 isn't considered a resource on the network at the other end of the VPN, so I can't connect.

(If I uncheck "Use this connection only for resources on its network" and send *all* my traffic through the VPN, then it works, but I'd rather not have to do that...)
Amy has been doing much DNS juggling to get things clean.  This also sounds like a tie in with bug 604688.

In the mean time I suggest you implement your work around.

Assigning to the correct group.
Assignee: network-operations → server-ops-releng
Group: infra
Component: Server Operations: Netops → Server Operations: RelEng
QA Contact: mrz → zandr
I think Ravi is correct in that the problem here is the coupling of the hostname and the service.  Adding dependency.
Group: infra
Depends on: 604688
inheriting blocker status from the duped bug.
Severity: normal → blocker
Taking this one, will need netops involvement.
Assignee: server-ops-releng → zandr
Status: NEW → ASSIGNED
Any ETA on the fix, please?
No ETA.

Is the work around not working for you?
I have no idea how to use this workaround.  Would you please advise?
Summary: can't connect to build.mozilla.org when VPNed in to MV office VPN → Can't connect to build.mozilla.org from the Toronto office (also, and much less importantly, can't connect to build.mozilla.org when VPNed in to MV office VPN)
Again, to make things more clear, this is blocking our work from the office.  I'm considering working from home tomorrow if this is not fixed by then.
We've traced this to a failure in the VPN tunnel between Toronto and Mountain View. The Toronto office should now be working.

We are now looking in to the VPN route issue that dbaron reported, which we believe to be entirely separate.
The route has been restored on the VPN concentrator.
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
The workaround doesn't apply to the Toronto office, because the people there can't disable the VPN.
Gah, sorry - didn't read all my bugmail before replying - ignore my comment!
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.