[SOLVED] No internet after VPN connection

nbmprivat · 11-14-2018, 02:40 AM

Hi there,

I hope somebody here can help

We have centos server called awx, that also functions as docker host for ansible awx.

Automation requires that we establish a VPN connection to Softlayer from the container host. Then the container awx_task needs to connect to softlayer vm's via ssh.

After establishing vpn connection I've discovered the following:

1. No internet action (yum update fails)
2. Ping softlayer vm's takes a long time to respond
3. I am able to connect manually via ssh after succesfull ping

The above is true for both awx and awx_task.

awx before vpn

Code:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    100    0        0 ens160
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.0.0     0.0.0.0         255.255.254.0   U     100    0        0 ens160

awx after vpn

Code:

route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    100    0        0 ens160
1.1.1.1         0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.0.0.0        1.1.1.1         255.0.0.0       UG    0      0        0 tun0
169.51.127.228  gateway         255.255.255.255 UGH   0      0        0 ens160
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.0.0     0.0.0.0         255.255.254.0   U     100    0        0 ens160
gateway         0.0.0.0         255.255.255.255 UH    0      0        0 ens160
192.168.1.49    gateway         255.255.255.255 UGH   0      0        0 ens160
192.168.1.50    gateway         255.255.255.255 UGH   0      0        0 ens160

awx

Code:

iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.7/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8052 -j ACCEPT

awx (ip6 excluded from result)

Code:

ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 0.0.0.0
        inet6 fe80::42:aaff:fec6:10d5  prefixlen 64  scopeid 0x20<link>
        ether 02:42:aa:c6:10:d5  txqueuelen 0  (Ethernet)
        RX packets 1558567  bytes 3965183274 (3.6 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2022254  bytes 1412428213 (1.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.86  netmask 255.255.254.0  broadcast 192.168.1.255
        inet6 fe80::817a:a980:db6b:aad9  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:86:7e:30  txqueuelen 1000  (Ethernet)
        RX packets 29364820  bytes 3819609474 (3.5 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7810377  bytes 8187943191 (7.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I pretty much know nothing about networking so any help would be greatly apreciated!

In short. We need internet access after VPN connection and be able to connect via ssh without delay and first pinging.

JJJCR · 11-15-2018, 01:14 AM

from the config it doesn't have a valid gateway.

check out this link below to have an overview of how the config would be.

https://www.cyberciti.biz/faq/how-to...ay-ip-address/

nbmprivat · 11-15-2018, 02:22 AM

Quote:

Originally Posted by JJJCR

from the config it doesn't have a valid gateway.

check out this link below to have an overview of how the config would be.

https://www.cyberciti.biz/faq/how-to...ay-ip-address/

Ehm, had a look and don't know what to make of it. Default gateway with and without vpn is 192.168.1.5. Can you tell me what is wrong about it?

As a network noob I unfortunately need the exact procedure on how to solve this.

By the way. Can't ping www.google.com while using VPN. So some kind of DNS issue maybe.

AWX

Code:

cat /etc/resolv.conf 
# Generated by NetworkManager
search CONTOSO.COM
nameserver 192.168.1.49
nameserver 192.168.1.50

JJJCR · 11-15-2018, 04:33 AM

are you using OpenVPN?

nbmprivat · 11-15-2018, 04:36 AM

Quote:

Originally Posted by JJJCR

are you using OpenVPN?

No, I'm using softlayers motionpro vpn solution

JJJCR · 11-18-2018, 07:31 PM

check out links below it might help:
https://www.faridrener.com/2018/04/1...PN-Ubuntu.html

https://developer.ibm.com/recipes/tu...-ubuntu-16-04/

nbmprivat · 11-19-2018, 01:46 AM

Quote:

Originally Posted by JJJCR

check out links below it might help:
https://www.faridrener.com/2018/04/1...PN-Ubuntu.html

https://developer.ibm.com/recipes/tu...-ubuntu-16-04/

I'm not sure how the install guide can resolve my issue

Already followed that guide.

What about the Ubuntu upgrade link can help. We have Centos.

Convoy Johnes · 11-29-2018, 05:30 AM

Yeah, had the same problem, but it solved by itself after second system reboot.

nbmprivat · 11-29-2018, 06:43 AM

This was solved by IBM giving me the correct vpn host that is compatible with the linux version of Motionpro.

It took them a while to admit it.

JJJCR · 12-04-2018, 02:01 AM

Quote:

Originally Posted by nbmprivat

This was solved by IBM giving me the correct vpn host that is compatible with the linux version of Motionpro.

It took them a while to admit it.

Wow, thanks for the update. You should give a feedback of an "Excellent Service" but should have been better. LOL.