You are here

Home » Forums » General discussion

Unable to connect to remote nodes over tunneling

17 posts / 0 new
Log in or register to post comments
Last post
Sat, 06/10/2017 - 01:07
#1
KG5KBP
Unable to connect to remote nodes over tunneling
So I have a tunnel client set up to a neighboring set of nodes.  However, when I click on any of their service links, nothing happens--I cannot resolve the remote host, and I cannot access their services.  

What's going on?  How do I fix it?
Top
Sat, 06/10/2017 - 01:33
KG6JEI
Can you connect to local RF
Can you connect to local RF nodes? If not it might not be a tunneling issue. 

Can you connect to your local node by its full name (including local.mesh) do you have WIFI disabled and are you only connected by direct wired?
Top
Sat, 06/10/2017 - 22:09
(Reply to #2)
KG5KBP
I can connect to my local
I can connect to my local node as well as my other local RF nodes without a problem.  This is true both on a wired connection with wifi disabled as well as on a wireless one.

This is definitely a tunneling problem, as the only nodes I can NOT contact are tunneling nodes.
Top
Sat, 06/10/2017 - 16:27
K5DLQ
K5DLQ's picture
What version of AREDN
What version of AREDN firmware are you running?
If you go to the tunnel client page on your node, and hit SAVE CHANGES, does it have any effect on accessing the remote nodes?
 
Top
Sat, 06/10/2017 - 22:08
(Reply to #4)
KG5KBP
I am running version 3.6.1.1.
I am running version 3.6.1.1.

And no, hitting SAVE CHANGES has no effect.  I am still unable to access any remote node over the tunneling server.
Top
Sat, 06/10/2017 - 22:21
(Reply to #5)
K5DLQ
K5DLQ's picture
ok.  What version of AREDN is
ok.  What version of AREDN is the tunnel server running?
Top
Sun, 06/11/2017 - 11:34
(Reply to #6)
AE6XE
AE6XE's picture
Download the support data
Download the support data file, button is bottom of the Setup->Administration page, on both nodes and upload to the forum post in this thread.   This would be very helpful to give the lay-of-the-land.

Joe AE6XE
Top
Sun, 06/11/2017 - 14:33
(Reply to #7)
KG5KBP
I do not have access to the
I do not have access to the tunnel server node's setup page.  My connection is refused.  A scan of all ports says that they're all closed.

I have attached my support data.
Support File Attachments: 
File supportdata-KG5KBP-ar2o-qth-server-201706111332.tgz
Top
Sun, 06/11/2017 - 15:14
(Reply to #8)
K5DLQ
K5DLQ's picture
You'll need to contact the
You'll need to contact the tunnel server owner and get them from him/her.
 
Top
Sun, 06/11/2017 - 20:54
(Reply to #9)
AE6XE
AE6XE's picture
I don't see anything jumping
I don't see anything jumping out at me in the support dump on this node KG5KBP-ar2o-qth-server.   It has an established tunnel with kb5nft-arhp2-carrollton .   The routing information has been exchanged.     What does the output of the following look like from a command window on your laptop?:

nslookup kb4nft-arhp2-carrollton
​nslookup kb4nft-arhp2-carrollton.local.mesh
ping 172.31.131.66
ping 10.97.143.131
​ping 10.62.26.160

Joe AE6XE

 
Top
Sun, 06/11/2017 - 21:44
(Reply to #10)
KG5KBP
$nslookup kb4nft-arhp2

$nslookup kb4nft-arhp2-carrollton

Server:         10.194.217.1

Address:        10.194.217.1#53

 

Non-authoritative answer:

*** Can't find kb4nft-arhp2-carrollton: No answer

$ nslookup kb4nft-arhp2-carrollton.local.mesh

Server:         10.194.217.1

Address:        10.194.217.1#53

 

** server can't find kb4nft-arhp2-carrollton.local.mesh: NXDOMAIN

$ping 172.31.131.66

Request timeout for icmp_seq 8

92 bytes from localnode.local.mesh (10.194.217.1): Destination Port Unreachable

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

 4  5  00 5400 4e33   0 0000  3f  01 1a4b 10.194.217.7  172.31.131.66

--- 172.31.131.66 ping statistics ---

10 packets transmitted, 0 packets received, 100.0% packet loss

$ping 10.97.143.131

PING 10.97.143.131 (10.97.143.131): 56 data bytes

92 bytes from localnode.local.mesh (10.194.217.1): Destination Port Unreachable

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

 4  5  00 5400 1abe   0 0000  3f  01 e33d 10.194.217.7  10.97.143.131

 

Request timeout for icmp_seq 0

$​ping 10.62.26.160
 

PING 10.62.26.160 (10.62.26.160): 56 data bytes

92 bytes from localnode.local.mesh (10.194.217.1): Destination Port Unreachable

Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst

 4  5  00 5400 1a68   0 0000  3f  01 589a 10.194.217.7  10.62.26.160

 

Request timeout for icmp_seq 0

Top
Sun, 06/11/2017 - 23:49
(Reply to #11)
AE6XE
AE6XE's picture
KG6KBP,   OK, the problem has
KG6KBP,   OK, the problem has jumped out...    Your mesh node has no live firewall rules for tunnels.  Thus, it doesn't know to allow packets to be forwarded over the tunnel.     I don't even see the tunnel config file:  /etc/config/vtun .     Something is wrong with the tunnel install and configuration.     I'd do the 15 sec hardware reset button to put the node back to first-boot state, then set the node back up again, install the tunnel and type in the configuration data.   I suspect this is the fastest path to resolve.  Alternatively, try editing and saving the tunnel configuration, rebooting.

Joe AE6XE
Top
Sun, 06/11/2017 - 23:59
(Reply to #12)
KG6JEI
/etc/config/vtun is
/etc/config/vtun is intentionally excluded from support data files because of its sensitive nature.
Top
Mon, 06/12/2017 - 00:36
(Reply to #13)
KG5KBP
So what should it look like?
So what should it look like?  And what should my firewall rules be?
Top
Mon, 06/12/2017 - 00:50
(Reply to #14)
KG6JEI
Well if Joe is right that the
Well if Joe is right that the firewall rules are not there (and assuming the node hasn't been modified as I haven't read the support data file yet) than this should probably be moved to a ticket in bloodhound as there is nothing for users to configure on the firewall entries.
Top
Mon, 06/12/2017 - 10:32
(Reply to #15)
AE6XE
AE6XE's picture
KG5KBP,  a reboot does not
KG5KBP,  a reboot does not resolve the issue?    There's a script that runs whenever the tunnel interface goes up/down to configure the firewall rules.  We can see in the support dump that these rules don't exist, but there is a live tunnel.   The biggest challenge, if a defect, will be to reproduce to find root cause and thus  enable us to create a fix.   
Top
Mon, 06/12/2017 - 12:54
(Reply to #16)
KG5KBP
A complete reset has resolved
A complete reset has resolved the issue.  There must have been an error in installing the tunnel node in the first place.
Top

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer