I'd like to be able to reach symbols1.dmz.phx1.mozilla.com, 10.8.74.48 dp-ausstage01.phx.mozilla.com, 10.8.74.30 using the build-vpn (rather than bouncing through a jump host like mpt-vpn). Could we advertise the route ? Doesn't really block bug 741648, more for tracking.
This isn't about advertising routes, really - it's firewall flows. You can access symbols1 at symbolpush.mozilla.org with no VPN at all, so that's moot. dp-ausstage01 is already accessible from build-network hosts. I *think* the new build VPN host is on the list of allowed source IPs (10.26/16), so this will probably just work once that VPN host is up. In fact, I think the same will be the case for symbols1. Can you verify at that time, and bump back if it doesn't work?
Assignee: server-ops-releng → nobody
Component: Server Operations: RelEng → Release Engineering
QA Contact: mrz → release
Luckily port 22 is open from build-vpn.m.c, so I just added a manual route to my Viscosity config to get ssh connections working. Port 80 is blocked but I can just use mpt-vpn in the meantime if I need that.
Updated situation from irc convo: * arr gave the netops bug blocking the new vpn a prod (743857), letting them know it would be helpful to have that vpn up so that we can reach aus3-staging for release taks * if that doesn't work out RelEng can use the existing vpn with documented work arounds
Nick reports that this is working via the new scl3-based build-vpn.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.