Unable to add additional servers, "Cannot connect to the server: Error: Server is unreachable"

[eantowne]

• GNS3 Server:
• • Version: 2.2.21
• • Operating System: Pop-OS 20.10 (Ubuntu derivative) Kernel: 5.11.0-7614-generic
• • Additional Operating Systems affected: Ubuntu Server 20.04 LTS Kernel: 5.4.0-73-generic
• Client OS: Pop-OS 20.10

When attempting to add additional servers, receiving error of "Cannot connect to the server: Error: Server is unreachable". The remote server IS running, and I can access it via it's own Web-UI.

[piotrpekala7]

Hi @eantowne, thanks for reporting please check if host & port have correct values

[eantowne]

They do, please refer to the screenshots below to verify that they do match.

[piotrpekala7]

Ok. Is authorization enabled on the server side?

[eantowne]

Additionally, there is no issue adding additional servers via the Desktop GUI, but even then they do not show up in the Web-GUI. If I create a project in the Desktop GUI with multiple servers, I am able to open that project in the Web-GUI, and all of the servers display in the server list for that project, but not in the overall server list.

[eantowne]

No authorization is not enabled. When I enter the 192.168.1.31:3080 into the address bar of the browser, the authentication dialog does not appear, and it takes me directly to the "Projects" page. Also, HTTPS is NOT enabled as you can see from the remote Web-UI screenshot.

[piotrpekala7]

Ok, so there is problem with checking server version, look here https://github.com/GNS3/gns3-web-ui/blob/master/src/app/components/servers/add-server-dialog/add-server-dialog.component.ts#L155

[piotrpekala7]

that's why this message https://github.com/GNS3/gns3-web-ui/blob/master/src/app/components/servers/add-server-dialog/add-server-dialog.component.ts#L166 appears

[piotrpekala7]

Request to /version endpoint https://github.com/GNS3/gns3-web-ui/blob/master/src/app/services/server.service.ts#L151 throws exception

[piotrpekala7]

check this endpoint in postman if you can or simply in browser (open developer tools -> network)

[piotrpekala7]

if this endpoint doesn't work you won't be able to add server, we have to check server version while adding cause there are differences in features

[eantowne]

What is the full URL for the "/version", as http://:/version returns 404 using curl? These servers are all running the same version, as a side note.

[eantowne]

wait hang on...something weird. Give me one second.

[eantowne]

Version listed under "Release Notes" of Web-UI says current version is 2.2.19, however installed gns3-server from PPA is 2.2.21. Even if the version was 2.2.19, it should not matter, as they both display 2.2.19.

[eantowne]

Using this: http://192.168.1.31:3080/static/web-ui/version as URL returns 404.

[piotrpekala7]

web UI version is visible in the footer of servers page and should be GNS3 Web UI © 2020 - v2.2.21 in your case

[piotrpekala7]

Using this: http://192.168.1.31:3080/static/web-ui/version as URL returns 404.

There is no such endpoint in web UI so it should return 404. It's correct

[eantowne]

Ok, so, both are running 2.2.21 (just checked). So, why is it throwing an error when checking the server version?

[eantowne]

Is there a log I can look at? No applicable entries in /var/log/gns3/gns3.log, just shows "GET" to remote server with no real info.

"GET /v2/version HTTP/1.1" 200 228 "http://192.168.1.31:3080/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0"

This GET was from the .32 server

[piotrpekala7]

You can find information about logs here https://docs.gns3.com/docs/using-gns3/administration/running-gns3-server-as-daemon

[eantowne]

I am already looking at the log from the service (daemon). There is only one log and it is /var/log/gns3/gns3.log, however it is not providing anything useful.

[eantowne]

For instance these are the last 10 lines from the log: tail /var/log/gns3/gns3.log 2021-05-19 14:58:12 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:12 +0000] "GET /static/web-ui/polyfills.c1fadfb88d7fb5b7f9ac.js HTTP/1.1" 200 45491 "http://192.168.1.32:3080/static/web-ui/bundled" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:12 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:12 +0000] "GET /static/web-ui/styles.333203d05669b9ad3942.css HTTP/1.1" 200 301134 "http://192.168.1.32:3080/static/web-ui/bundled" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:12 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:12 +0000] "GET /static/web-ui/main.2f0314a517dded67879c.js HTTP/1.1" 200 3253180 "http://192.168.1.32:3080/static/web-ui/bundled" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:12 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:12 +0000] "GET /static/web-ui/roboto-latin-400.176f8f5bd5f02b3abfcf.woff2 HTTP/1.1" 200 15977 "http://192.168.1.32:3080/static/web-ui/styles.333203d05669b9ad3942.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:13 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:13 +0000] "GET /static/web-ui/roboto-latin-500.f5b74d7ffcdf85b9dd60.woff2 HTTP/1.1" 200 16113 "http://192.168.1.32:3080/static/web-ui/styles.333203d05669b9ad3942.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:13 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:13 +0000] "GET /static/web-ui/roboto-latin-700.c18ee39fb002ad58b6dc.woff2 HTTP/1.1" 200 16057 "http://192.168.1.32:3080/static/web-ui/styles.333203d05669b9ad3942.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:13 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:13 +0000] "GET /static/web-ui/MaterialIcons-Regular.cff684e59ffb052d72cb.woff2 HTTP/1.1" 200 44541 "http://192.168.1.32:3080/static/web-ui/styles.333203d05669b9ad3942.css" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 14:58:13 INFO web_log.py:206 192.168.1.133 [19/May/2021:14:58:13 +0000] "GET /v2/projects HTTP/1.1" 200 183 "http://192.168.1.32:3080/static/web-ui/server/1/projects" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 15:02:42 INFO web_log.py:206 192.168.1.133 [19/May/2021:15:02:42 +0000] "GET /v2/version HTTP/1.1" 200 228 "http://192.168.1.31:3080/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0" 2021-05-19 15:02:51 INFO web_log.py:206 192.168.1.133 [19/May/2021:15:02:51 +0000] "GET /v2/version HTTP/1.1" 200 228 "http://192.168.1.32:3080/static/web-ui/servers" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0"

[eantowne]

It is basically just showing the URL requested and the client ID, no actual diagnostic information.

Turned debugging on for gns3server (not running as daemon). When trying to add new server, same error message in the Web-GUI, but not even a GET to the remote server is shown.

[eantowne]

Ok, just did a packet capture. When clicking the "Add" button, there is NO traffic outbound to the remote server. I had a ping going at the same time just to verify connectivity. The only entries for the remote IP in the packet capture were the ICMP echo requests and replies.

It appears that the local server is being blocked somehow from even trying to send the query to the remote server.

[ean-towne]

I just tested this again on 2 clean VM's.

Installed Ubuntu Server 20.04.2 (on both) Installed gns3-server from PPA (on both)

Same error received when attempting to add one server to the other. However, in this case, I could see the "GET /v2/version" request be received by the remote server.

I could see the response that was sent back. {'local': False, 'version': '2.2.21'}.

Based on the logic in https://github.com/GNS3/gns3-web-ui/blob/bb2a9632374c8877ad617024d0f2417ec298ca71/src/app/components/servers/add-server-dialog/add-server-dialog.component.ts#L155, then it is not getting the proper information in the "serverInfo" object from the this.serverService.checkServerVersion(server).subscribe() function. Otherwise the split and logic would be working.

Tomorrow I will do some testing with other versions to see if I can see where the difference is.

[eantowne]

More testing completed. Same issue going back for each version since 2.2.18. Did not test further than that.

• Tested same versions against each other and multiple different versions mix and matched between each other.
• Tested servers running on same hosts.
• Tested server running on different hosts.
• All servers were able to ping each other.
• IP's and ports verified.

In all cases same result.

[piotrpekala7]

I'm really thankful for your investigation. Still I have no idea what could be the reason...

[eantowne]

I have not yet setup my dev environment completely, so I am unable to execute what I am going to propose, but maybe you could try it?

Add some debug output, or log output, that provides more detail as to what is going on in the entire process to get the serverInfo value. We know that it is reaching out successfully, because the remote server is receiving, not sure if it is responding correctly, other than seeing the value that is sent via debug in the log. I will do a packet capture later and see if I can validate that the response is actually traversing the network correctly. At that point the only thing is to look at what the response received looks like to the primary server.

[piotrpekala7]

Yes, I added logging in add-server-dialog-component but this doesn't provide me more information

this.serverService.checkServerVersion(server).subscribe(
  (serverInfo) => {
    console.log(serverInfo);

    if (serverInfo.version.split('.')[1] >= 2 && serverInfo.version.split('.')[0] >= 2) {
      this.dialogRef.close(server);
      this.toasterService.success(`Server ${server.name} added.`);
    } else {
      this.dialogRef.close();
      this.toasterService.error(`Server version is not supported.`);
    }
  },
  (error) => {
    this.toasterService.error('Cannot connect to the server: ' + error);
  }
);

[piotrpekala7]

we should receive

local: false version: "2.2.21"

from server

[ean-towne]

I am right in the middle of rearranging my office. I forgot to do the packet capture, but will do it in a little while. Do the console.log line under the (error) as your line never gets called due to it retiring I believe.

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: piotrpekala7 @.> Sent: Monday, May 24, 2021 10:19:09 AM To: GNS3/gns3-web-ui @.> Cc: ean-towne @.>; Comment @.> Subject: Re: [GNS3/gns3-web-ui] Unable to add additional servers, "Cannot connect to the server: Error: Server is unreachable" (#1145)

we should receive

local: false version: "2.2.21"

from server

— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FGNS3%2Fgns3-web-ui%2Fissues%2F1145%23issuecomment-847115612&data=04%7C01%7C%7Cb22529cd667a4cafae8908d91ec747be%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637574663506027168%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3T23TFvo8xZHJeupZ%2FVKl7jNJD4Kt06Xc0hFlyZxOrQ%3D&reserved=0, or unsubscribehttps://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAUERMZURVBFPQ4NY5FLFTZDTPJU63ANCNFSM45E2LRUA&data=04%7C01%7C%7Cb22529cd667a4cafae8908d91ec747be%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637574663506037161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Jj%2B9rzYN8BLyiKKn45fyrP38r%2Bp8vDQW4U9H3NUkiPk%3D&reserved=0.

[eantowne]

erroring, not retiring, stupid auto-correct

[eantowne]

Might also be good to look at whatever code is actually responding to the request for server info.

[eantowne]

The output looks good to me from the server side.

From remote server debug level logging: {'local': False, 'version': '2.2.21'} From curl: { "local": false, "version": "2.2.21" }

Maybe the console.log() needs to be further up the code stack? Say for instance:

https://github.com/GNS3/gns3-web-ui/blob/bb2a9632374c8877ad617024d0f2417ec298ca71/src/app/services/server.service.ts#L151

[eantowne]

I just cloned and built the master branch. When I use it and "add server" to a running PPA installed gns3-server, it works.

I also just PPA installed gns3-server on the same VM I ran the Web-UI build, and adding via PPA installed to PPA installed failed.

Either something is different in web-ui released with 2.2.21 than the Master Branch, or ... I have no idea.

If you want I can send you a Zoom link when you have time and we can try and work through this together.

[eantowne]

Ok, just did a packet capture, everything looks fine, see below (Follow HHTP stream). As far as I can tell this leaves some issue in the function that is actually reading the data from the response.

GET /v2/version HTTP/1.1 Host: 172.16.167.1:3080 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0 Accept: application/json, text/plain, / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Origin: http://127.0.0.1:3080 Connection: keep-alive Referer: http://127.0.0.1:3080/

HTTP/1.1 200 OK Connection: close X-Route: /v2/version Server: Python/3.8 GNS3/2.2.21 Content-Type: application/json Content-Length: 47 Date: Mon, 24 May 2021 22:31:27 GMT

{ "local": false, "version": "2.2.21" }

[candlerb]

I also am unable to add a remote server to the web UI, and get "Cannot connect to the server: Error: Server is unreachable" as the response.

Have you looked at the browser developer console? (Chrome: three dots, more tools, developer tools)

My first attempt to add a remote server gave this error:

Mixed Content: The page at 'https://xxx.xxx.xxx.xxx/static/web-ui/servers' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://yyy.yyy.yyy.yyy:3081/v2/version'. This request has been blocked; the content must be served over HTTPS.

where xxx.xxx.xxx.xxx is the server that's running gns3-web-ui, and yyy.yyy.yyy.yyy port 3081 is another server that I tried to add.

But you're not running HTTPS. So I changed my web UI to run on HTTP instead.

Now when I try to add the remote server, I get this error instead:

Access to XMLHttpRequest at 'http://yyy.yyy.yyy.yyy:3081/v2/version' from origin 'http://xxx.xxx.xxx.xxx' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. polyfills.c1fadfb88d7fb5b7f9ac.js:1 GET http://yyy.yyy.yyy.yyy:3081/v2/version net::ERR_FAILED

Do you see the same?

[eantowne]

I will have to take a look at this. My understanding was that it was the server and the web server that were talking to each other not the web client itself to the remote server. Will setup a web-proxy and see what the traffic looks like.

[candlerb]

If it were going web browser -> server1 -> server2 then the API would have to have an endpoint for forwarding traffic to another server. I don't believe it does; and if it did, that would open up all sorts of security issues around being an open proxy.

[eantowne]

Possible confusion, I was not saying that it was Web-GUI Server->Local GNS3 Server->Remote GNS3 Server, I meant:

Web-GUI Server<->Remote GNS3 Server then Web-GUI Server->Local GNS3 Server (Update of compute assets in controller)

Except the code referenced above is not running on the web browser, it is running in the Web server for the Web-GUI. The Web server for the Web-GUI is communicating to the GNS3-Server(s) via the API. For instance:

• I can build and run the Web-GUI by itself on System A
• Stand up a gns3server process on System B
• Access the Web-GUI from System C
• Add System B's server to the Web-GUI
• System B gns3.log shows System A sending the version request, not System C

NOTE: in this scenario, I am not experiencing the issue described in this issue report, as there is something different about the build in the current master branch than what is running on the release gns3-server for 2.2.21.

[candlerb]

The Web server for the Web-GUI is communicating to the GNS3-Server(s) via the API. For instance:

That's weird; I thought the architecture was different. My understanding was:

• the web-GUI is written in Javascript/Typescript, and runs entirely in the browser
• the web-GUI, running in your browser, talks directly to the server API
• there is no "web server for the web-GUI" (i.e. no backend); it just serves static content (HTML, Javascript, CSS)

There is no node.js required to run the gns3 server or web UI, so if there were a backend for the web UI, it would have to be in Python.

However, I don't understand what's going on in the A/B/C scenario you describe. I would like to see tcpdumps which show the actual requests being made from C to A and A to B.

[eantowne]

After my wife wakes up from her nap, I will go back to the office upstairs and see what I can figure out. I am probably wrong in my understanding. The A/B/C example is based off building the Web-GUI from source and running stand-alone with yarn per the instructions.

[candlerb]

Interesting. I don't know if that server just compiles and compresses the Typescript/Javascript, or does other things.

I recently tried building the web-UI from source, in a Docker container, but couldn't get it to connect to a server: I get the same CORS problem I see when trying to connect the normal web-UI to a remote server. Details here.

[eantowne]

I built the Web-UI from source in an Ubuntu Server VM running in VMware Workstation 16 Pro.

Ok, seems I was wrong, as I expected, I was misreading previous debug level gns3 server logs. Yes, the traffic goes from the client browser to the remote server.

For the record, I am NOT a web guy, so trying to pick my way through all of this.

[eantowne]

Issue has been resolved with release of GNS3 2.2.22

[eantowne]

This issue has returned. Tested on 2.2.33.1, unable to add servers. Additionally, a server added via Desktop UI, is not showing/unable to add when connecting via Web UI.

Tested with 2 clean Hyper-V VM's Tested with 2 bare-metal linux installs

Servers can ping each other. In the case of the 2 bare-metal servers, the second server was able to be added to the Desktop UI, but cannot be added via Web UI, and does not show when added via Desktop UI.

[candlerb]

Can you check in your browser console for errors, when you attempt to add a server in the web UI?

the second server was able to be added to the Desktop UI, but cannot be added via Web UI, and does not show when added via Desktop UI.

I don't understand that. You say it could be added via the Desktop UI, but then that it "does not show"? What does that mean?

[eantowne]

First, let me describe the environment with a bit more detail.

3 computers: Computer 1: User access via desktop or Web UI Server 1: Ubuntu server (bare-metal) running gns3-server as a service, installed via PPA, primary (remote main) server (controller) Server 1: Ubuntu server (bare-metal) running gns3-server as a service, installed via PPA, additional compute

When using desktop UI from computer 1, connected to server 1 and only server 1 (no local server), I am able to add server 2 as an additional remote server (compute). Afterwards, if accessing server 1 via the Web UI, server 2 is not listed in the "servers" portion of the Web UI.

When trying to add server 2 as an additional compute via the Web UI, either clean install or after adding via Desktop UI, it fails. Presenting an error of "Cannot connect to the server: Error: Server is unreachable".

Server 2 is reachable at layer 2 via IP and port number from server 1 and from computer 1.

Browser console reports:

Access to XMLHttpRequest at 'http://10.0.0.109:3080/v2/version' from origin 'http://10.0.0.108:3080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. http://10.0.0.109:3080/v2/version

and:

Failed to load resource: net::ERR_FAILED http://10.0.0.109:3080/v2/version

[eantowne]

I just did a little bit of research on the CORS error from the console. It looks like this can be worked around in a couple of different ways. Most of them I consider to be unacceptable from a security perspective. This comes down to a basic security restriction on cross-domain requests and responses.

1. Disable security in browser (obviously not a good idea)
2. Add an extension to browser that disable security on cross-domain request/response (also no good)
3. Adding exception to allow cross-domain request/response to the Web-UI's http server (possible, but I feel like this will open the server up to security issues

[eantowne]

Also: Server 2 is listed in "System Status", but not in "Servers" list. Also, not sure if this related, but there is no option to specify which server to add a template to when trying to add a new template.

[eantowne]

Only displays: "Install the appliance locally" or "Install the appliance on the GNS3 VM".