RESOLVED INVALID

Status

Infrastructure & Operations
Infrastructure: OpenVPN
RESOLVED INVALID
5 years ago
4 years ago

People

(Reporter: jmaher, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
I am using the new openvpn mozillavpn and I don't have access to: http://dev-master01.build.scl1.mozilla.com:8036.  I used to be able to get here, please give me access to these things so I can be productive.

Updated

5 years ago
Assignee: nobody → relops
Component: Other → RelOps
Product: Release Engineering → Infrastructure & Operations
QA Contact: joduinn → arich
Version: unspecified → other

Comment 1

5 years ago
Hi Relops,
Can you please allow jmaher to reach dev-master01?

Thanks!
Any access requests should go to the infra group so they can open the VPN appropriately.
Assignee: relops → infra
Component: RelOps → Infrastructure: OpenVPN
QA Contact: arich → jdow
(Reporter)

Comment 3

5 years ago
thanks for getting this to the right place!

Comment 4

5 years ago
Can I get the output of netstat -nr and the output of ifconfig pasted here?
(In reply to Ed Lim [:limed] from comment #4)
> Can I get the output of netstat -nr and the output of ifconfig pasted here?

(while connected to the VPN)
Flags: needinfo?(jmaher)
(Reporter)

Comment 6

5 years ago
$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG        0 0          0 wlan0
10.2.0.0        10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.8.0.0        10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.10.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.12.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.14.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.16.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.18.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.20.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.21.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.22.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.22.248.1     10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
10.22.248.181   0.0.0.0         255.255.255.255 UH        0 0          0 tun0
10.24.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.26.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.30.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.32.0.0       10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.34.0.0       10.22.248.181   255.254.0.0     UG        0 0          0 tun0
10.110.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.128.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.130.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.132.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.134.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.150.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.224.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.242.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.250.0.0      10.22.248.181   255.255.0.0     UG        0 0          0 tun0
10.250.48.0     10.22.248.181   255.255.252.0   UG        0 0          0 tun0
10.253.0.0      10.22.248.181   255.255.255.0   UG        0 0          0 tun0
63.245.215.58   10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.215.245  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.215.254  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.216.84   10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.47   10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.202  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.203  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.204  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.210  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.213  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.214  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.215  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.216  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.217  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
63.245.217.218  10.22.248.181   255.255.255.255 UGH       0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0


ifconfig
eth0      Link encap:Ethernet  HWaddr 3c:97:0e:64:f3:86  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:20 Memory:f2500000-f2520000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:50 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6041 (6.0 KB)  TX bytes:6041 (6.0 KB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.22.248.182  P-t-P:10.22.248.181  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 60:67:20:f7:b3:dc  
          inet addr:192.168.1.70  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::6267:20ff:fef7:b3dc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:644279 errors:0 dropped:0 overruns:0 frame:0
          TX packets:593864 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:403957251 (403.9 MB)  TX bytes:561742043 (561.7 MB)
Flags: needinfo?(jmaher)

Comment 7

5 years ago
So I can confirm that you are on the right group in LDAP and the group has the routes for dev-master01.scl1 so you should be able to access the host and you have routes to connect to the host based on your netstat.

Are you using ubuntu's Network manager? There are some issues with it and there are some instructions here https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829 that might resolve your issue.
(Reporter)

Comment 8

5 years ago
I am using openvpn from the commandline as I couldn't get network manager to work very well.  is it possible that dns isn't working?  Is there a way I could verify that?

Comment 9

5 years ago
What does your resolv.conf look like? 

cat /etc/resolv.conf

In the openvpn doc https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=30769829 there is a section for ubuntu command line that has instructions on how to fix the dns issues. You will need to install the resolvconf package and add these 2 lines to your vpn config

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
(Reporter)

Comment 10

5 years ago
I have added the up/down to my .ovpn file for update-resolv-conf, but I am still not getting dns resolution, maybe dns isn't the problem?

here is my resolv.conf:
cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
search gateway.2wire.net

Comment 11

5 years ago
Your nameserver is 8.8.8.8 which is a google dns server, this is a DNS issue in which your client is not updating resolv.conf provided from openvpn server. 

All of our hosts will only resolve if your DNS servers point to our internal DNS
(Reporter)

Comment 12

5 years ago
how do I do that?  if I am not on the vpn, then the dns won't resolve unless internal dns is external.

Comment 13

5 years ago
Thats what the resolvconf package is for and why you have to add the 2 lines to the ovpn file, those 2 commands actually update your resolv.conf file for you.

If you could post logs from openvpn when trying to establish a connection that would be great.
(Reporter)

Comment 14

5 years ago
here is the console log while running openvpn:
https://pastebin.mozilla.org/2924988

Comment 15

4 years ago
Created attachment 798048 [details]
2924988.txt

Uploading since pastebins are not forever

Comment 16

4 years ago
<snip>
dhcp-option DNS 10.22.75.40
dhcp-option DNS 10.22.75.41
dhcp-option DOMAIN mozilla.com
dhcp-option DOMAIN build.mozilla.org
dhcp-option DOMAIN mozilla.org
/etc/resolvconf/update.d/libc: Warning: /etc/resolv.conf is not a symbolic link to /run/resolvconf/resolv.conf
</snip>

The vpn server is actually pushing the DNS options for you but your client is not updating it. You have all the routes thats needed to get to the host so this is actually an issue with your client not updating its resolv.conf.

Comment 17

4 years ago
Is this still an issue? as far as I can tell that there is an issue with the client side here
(Reporter)

Comment 18

4 years ago
I just ask people for ip addresses and I can access things.  No idea why dns doesn't work on my system, it works for the rest of the internet just fine.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.