Closed jenkins-infra-bot closed 2 years ago
Kevin Guerroudj to be able to access cert.ci.jenkins.io with your VPN connection, you have to edit your ssh configuration file (`~/.ssh/config` on Linux/MacOS, should be in your user profile folder on Windows) and add this block:
Host cert.ci.jenkins.io # Private IP only reachable through the VPN network HostName 10.0.2.252 # Your own username User# Your private key associated to your username. SSH-agent can be used instead. IdentityFile private key>
Let me know here if it worked for you.
Hervé Le Meur, Damien Duportal no config entries in my case. No entry in C:\Windows\System32\drivers\etc\hosts. My gut feeling is that Kevin is lacking some permissions in the VPN server directly.
Less errors after added cipher AES-256-CBC
But still unreachable.
While trying to access with chrome to http://cert.ci.jenkins.io/, I have an error "DNS_PROBE_FINISHED_NXDOMAIN"
First wave of analysis:
Second wave:
(not totally convinced it's client side but I am so an expert in VPN ... )
Do you need to enable/activate something in the VPN server configuration to allow Kevin to reach out to some parts of the network?
Wadeck Follonierthe server-side configuration applies the following routing rules: https://github.com/jenkins-infra/docker-openvpn/blob/main/cert/ccd/kevingrdj as far as my VPN-fu knows (yeah I'm not a VPN expert either.. ).
Kevin Guerroudj do you have access to https://infra.ci.jenkins.io with the VPN connected?
Don't get me wrong folks: when I wrote "client side", I meant "for sure we never tried Windows and there is absolutely an issue that we never had before and we should fix on at least ou VPN doc"
No, I don't have access to https://infra.ci.jenkins.io with the VPN connected.
And for the nslookup, it's not very conclusive :
nslookup cert.ci.jenkins.io Server: Unknown Address: 192.168.1.254 *** No internal type record for both IPv4 and IPv6 Addresses (A+AAAA) available for cert.ci.jenkins.io
TL;DR;
=> We solved by switching to 9.9.9.9 (and also tested with 8.8.8.8) in complement to his current DNS, and everything worked!
Resolving the issue. Kevin Guerroudj can you close the issue if it is ok for you (or feel free to re-open if you have an issue)
I am working on a security fix for the core and in order to debug test failures for a CERT PR, I need access to cert.ci.jenkins.io.
So I followed the documentation: https://github.com/jenkins-infra/docker-openvpn/blob/main/README.md#howto-get-client-access (I work with Windows 10), my PR was accepted, so I was able to sync my fork then pull it to retrieve my certificat and create my own jenkins-infra.ovpn :
After an import on OpenVPN, I was able to connect, however I still can't access https://cert.ci.jenkins.io
Here are the OpenVPN logs:
Originally reported by kevingrdj, imported from: Cert VPN, can't access https://cert.ci.jenkins.io