Closed Bug 1011080 Opened 11 years ago Closed 11 years ago

User would like to access some Firefox OS testing phones outside VPN if possible.

Categories

(Infrastructure & Operations :: Infrastructure: Other, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Other
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: nbown, Unassigned)

Details

Attachments

(1 file)

routing.txt
5.00 KB, text/plain
Details
Dave Hunt has two machines eideticker-london-1 and eideticker-london-2 10.246.24.41 and 10.246.24.41 he needs to access for testing. Currently he tunnels in using the VPN. Is there a way he can connect directly? He suffers from latency and when logged in other testers are also affected. He uses SSH and VNC.
Hi, there's some information we would need to answer this request. Where are Dave Hunt, and other testers, trying to connect directly from -- home? a different office?
Flags: needinfo?(nbown)
Flags: needinfo?(dave.hunt)
I'm connecting from home. The only way this has worked for me is to route all traffic over VPN, which is not needed in order to connect to any other hosted machines that I use (none of these are in London, though). I initially raised this in Service Now (RITM0022900), so the full history may provide some useful information: Initial request (note that IP/hostnames have since changed, see comment 0): We need to be able to access the Eideticker London node remotely. It should have a fixed IP of 10.246.24.39 (but that's not currently responding to pings) and a hostname of eideticker-london. We will need SSH access and also access to the Jenkins web dashboard running on port 8080. The laptop is located next to the printer in the London office. This was resolved by Jonathan Lin (:jlin) with: Resolved this for now by using the "send all traffic via vpn" option in viscosity while connected to the london vpn. The primary reason is that dave's home network uses a 10.x.x.x address space which conflicts with the office network (which is also on 10.x.x.x). There might be other factors at play, but the recommended solution would be to move the home network to a 192.168 or 172.16 block. Dave has tried moving the network space during our troubleshooting session, but didn't work out - most likely he'll need to reboot / re-architect his home network in order to fully solve this. Closing for now. reopen if further help is needed. I then gave the following comment: I changed my home network to use 192.168 back in January and it's still not working for me unless I route all traffic over the VPN. This is not ideal and quite disruptive to my workflow, so any further investigation would be appreciated here.
Flags: needinfo?(dave.hunt)
The latest Service Now ticket is RITM0026302.
I am able to ping and access 10.246.24.39 on tcp/22 using the VPN, but it refuses or times out connections on port 8080, whether I try from VPN or from LON1 itself. So 8080 is either firewalled or not available on the host at this time, but you still SHOULD be able to reach tcp/22 on that host. So, to proceed, I'll need to ask for various chunks of information that might only seem vaguely related, or that someone else might have asked for in the past. There's lots of possible reasons, and I'm trying to rule things out based on historical likelihood of "what could be wrong here". (VPN means "Mozilla VPN" here, I'm not trying to debug "LON1 VPN" yet -- we'll work on that second.) Could you provide your routing table ("netstat -rn") both when connected to the VPN, *and* when disconnected from the VPN? It'll help me confirm that you're receiving the correct routes, as well as understand more about your local network composition. Could you please try to ping and also telnet to 10.246.24.39 port 22 and tell me what the error is? It will likely be "Ping timeout" on the former and "Connection timed out" on the latter, but it's important to double-check. Could you please try to ping and also telnet to 10.8.74.24 port 6667 and tell me if it works or fails? It *should* work, but any failure would help triage further.
Flags: needinfo?(nbown) → needinfo?(dave.hunt)
(In reply to Richard Soderberg [:atoll] from comment #4) > I am able to ping and access 10.246.24.39 on tcp/22 using the VPN, but it > refuses or times out connections on port 8080, whether I try from VPN or > from LON1 itself. So 8080 is either firewalled or not available on the host > at this time, but you still SHOULD be able to reach tcp/22 on that host. Please use the hosts mentioned in comment 0, my last comment mentions that the original request is now out of date. Actually I notice now that comment 0 incorrectly lists the same IP twice. Here are the correct details for the machines I need to be able to reach: eideticker-london-1.corp.lon1.mozilla.com (10.246.24.41) eideticker-london-2.corp.lon1.mozilla.com (10.246.24.40) > So, to proceed, I'll need to ask for various chunks of information that > might only seem vaguely related, or that someone else might have asked for > in the past. There's lots of possible reasons, and I'm trying to rule things > out based on historical likelihood of "what could be wrong here". > > (VPN means "Mozilla VPN" here, I'm not trying to debug "LON1 VPN" yet -- > we'll work on that second.) To be honest, I'd prefer to just get it working with Mozilla VPN. :) > Could you provide your routing table ("netstat -rn") both when connected to > the VPN, *and* when disconnected from the VPN? It'll help me confirm that > you're receiving the correct routes, as well as understand more about your > local network composition. Done. I will attach the results after I post this comment. > Could you please try to ping and also telnet to 10.246.24.39 port 22 and > tell me what the error is? It will likely be "Ping timeout" on the former > and "Connection timed out" on the latter, but it's important to double-check. I can ping both nodes, and am able to connect to both via SSH. I think this in an improvement over the last time I tried. I still cannot telnet port 8080, so I suspect you may be right in saying this is a firewall rule. After connecting to the host's terminal I checked that it's listening on port 8080 using netstat: $ netstat -an | grep 8080 tcp6 0 0 :::8080 :::* LISTEN > Could you please try to ping and also telnet to 10.8.74.24 port 6667 and > tell me if it works or fails? It *should* work, but any failure would help > triage further. I cannot ping or telnet to port 6667 on this host.
Flags: needinfo?(dave.hunt)
I'm going to close this as we're now running a single Jenkins instance on a VM in Pheonix that connects to the machines in London via SSH.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: