Closed
Bug 626122
Opened 13 years ago
Closed 13 years ago
can't connect to build.mozilla.org when VPNed in to MV office VPN
Categories
(Infrastructure & Operations Graveyard :: NetOps, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dbaron, Assigned: justdave)
Details
(Whiteboard: [02/08/2011 @ 7pm])
I thought there was a bug on this, but I can't find it, so I'm filing. When I connect to the mountain view office VPN from home (with the "Use this connection only for resources on its network" option in my VPN configuration), I'm unable to connect to http://build.mozilla.org/ . Being unable to connect to build.mozilla.org means that http://tbpl.mozilla.org/ won't load. I've heard reports of the same thing (can't load TBPL over office VPN) from other people. When I connect to the office VPN, the DNS result I get for build.mozilla.org changes from what I get when unconnected: $ host build.mozilla.org build.mozilla.org is an alias for dm-wwwbuild01.mozilla.org. dm-wwwbuild01.mozilla.org has address 63.245.208.186 to what I get when I'm inside the office: $ host build.mozilla.org build.mozilla.org has address 10.2.74.128 build.mozilla.org mail is handled by 10 dm-mail01.mozilla.org. build.mozilla.org mail is handled by 10 dm-mail02.mozilla.org. However, when I "Use this connection only for resources on its network", 10.2.74.128 isn't considered a resource on the network at the other end of the VPN, so I can't connect. (If I uncheck "Use this connection only for resources on its network" and send *all* my traffic through the VPN, then it works, but I'd rather not have to do that...)
Reporter | ||
Comment 1•13 years ago
|
||
(In reply to comment #0) > (If I uncheck "Use this connection only for resources on its network" and send > *all* my traffic through the VPN, then it works, but I'd rather not have to do > that...) To be clear, the reason I don't want to have to do that is because it cuts off all my open connections whenever I connect to or disconnect from the VPN.
Comment 2•13 years ago
|
||
Bug 600039 is related.
Updated•13 years ago
|
Assignee: server-ops → network-operations
Component: Server Operations → Server Operations: Netops
Reporter | ||
Comment 3•13 years ago
|
||
And if you want build.mozilla.org to not bounce you to https: (and ask for auth) immediately, use http://build.mozilla.org/builds/ or something inside it.
Comment 4•13 years ago
|
||
It works if you connect from the build VPN. That is the VPN you need to use if you want to access build resources.
Assignee: network-operations → ravi
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 5•13 years ago
|
||
This is data accessible to anyone in the world, *except* those connected to the MV VPN.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Comment 6•13 years ago
|
||
When you connect to the MV VPN you are getting the internal address for build.mozilla.org which is at the SJC1 datacenter. To reach that resource you will need to connect to a VPN at that datacatner. There are two of them -- 1 specifically for Build and the non-build one. Both will work and you should be able to run 2 VPN sessions at the same time.
Status: REOPENED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 7•13 years ago
|
||
That's *ridiculous*. This is like saying that it's ok that I can't connect to http://www.mozilla.com/ if I'm VPN'd in to the office, because I could just connect to the MPT VPN too and then I'd be able to get in. This should either work, or we should ensure that production infrastructure like TBPL doesn't use it.
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Assignee | ||
Comment 8•13 years ago
|
||
The internal IP for build.mozilla.org seems to be accessible from mv-vpn01, so that makes it a config issue in openvpn to make the route available to clients.
Assignee | ||
Comment 9•13 years ago
|
||
Changing that config will require bouncing openvpn, and there are 7 people connected to it currently who will get dumped by doing so.
Assignee | ||
Updated•13 years ago
|
Flags: needs-downtime+
Assignee | ||
Updated•13 years ago
|
Assignee: ravi → justdave
Comment 10•13 years ago
|
||
dbaron - this was a bit of a hack to get build hosts working iirc. The office -should- get the external address but I'm not sure what would break right now if I made that change. Dave's right in comment #8 but I'm adverse to making changes over this weekend (or especially this weekend). If you can manage until Tuesday night, we can restart openvpn. In the interim, if you need to be connected to the office.mozilla.org VPN, you could add a host entry: 63.245.208.186 build.mozilla.org
Whiteboard: [01/18/2011 @ 7pm]
Reporter | ||
Comment 11•13 years ago
|
||
No rush. Just something that's been bothersome for a while (to me, and I think to others as well).
Updated•13 years ago
|
Whiteboard: [01/18/2011 @ 7pm] → [01/20/2011 @ 7pm]
Updated•13 years ago
|
Whiteboard: [01/20/2011 @ 7pm] → [01/25/2011 @ 7pm]
Assignee | ||
Updated•13 years ago
|
Status: REOPENED → NEW
Whiteboard: [01/25/2011 @ 7pm] → [02/08/2011 @ 7pm]
Comment 12•13 years ago
|
||
restarted. only saw infrasec and infra folk attached (over long lived sessions).
Status: NEW → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 13•13 years ago
|
||
This regressed recently; I filed bug 655794.
Updated•11 years ago
|
Product: mozilla.org → Infrastructure & Operations
Updated•1 year ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•