Since bug 1211734 moved download.m.o to AWS I can no longer reach bounceradmin.mozilla.com. I can open a connection from machines in the RelEng network, but not from my laptop. Probably this is because new ip (22.214.171.124) is not advertised by the VPN routing config (I've tried bouncing the VPN). oremj, do I need some new ldap group-membership for this, or am I just the first non-cloudops remotie to attempt access since the move ?
Also, if this didn't show up while Rail was testing, does that mean that offices have blanket access to this host ? If so, we should lock it down to a minimal set of people.
Assignee: infra → vpn-acl
Component: Infrastructure: OpenVPN → Mozilla VPN: ACL requests
QA Contact: jdow → cshields
I've added the route to the vpn configuration. I'm not sure about ACLs. Is there any type of auth configured on the host? What group of people should be allowed to reach it through vpn? I'm guessing if it works in the offices, then that's an office network ACL allowing it and not the VPN, but not sure. Also, since I just now added the route, but haven't made any other changes, this might still not work for you, as normally it's a route and an ACL group needed, but I don't want to add an ACL group until I know who all should be in it, or if the ACL should be added to an existing group.
The problem here is, the admin interface is fronted by an ELB, so the IP is not static. So far, we've whitelisted 126.96.36.199/32 and 188.8.131.52/32. The long term plan is #2 in bug 1209161.
Thanks jabba, I see the route now. You're right that it's not enough as the connection doesn't open, but the IP shifted to 184.108.40.206. Should we back out the change for 220.127.116.11 and .. er .. WONTFIX this in favour of bug 1209161 ? In the meantime I can proxy via a machine in the RelEng network.
Works for me. I've backed out the change.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.