Closed Danp2 closed 7 years ago
No problem here in VPN too (PPTP). Are you sure about your network configuration?
Remember, when we connect to a console, XenServer returns the URL of its management interface, so it must be reachable from XO.
@olivierlambert Connecting with OpenVPN and can SSH into both VMs and XS host. I'm wondering if it's a DNS issue. How can I see the exact URL being returned?
It should return the IP address.
To check what is the console URL, use the xe
CLI:
xe vm-param-list uuid=<VM UUID>
console-uuids (SRO)
field, take this UUIDxe console-param-list uuid=<Console UUID>
This should return something like that in the location field:
xe console-param-list uuid=8101d885-3137-7ea1-e115-2ea6f67c8e63
uuid ( RO) : 8101d885-3137-7ea1-e115-2ea6f67c8e63
vm-uuid ( RO): 8de633ed-0e92-a141-3f02-b603961b4526
vm-name-label ( RO): FooBar
protocol ( RO): RFB
location ( RO): https://192.168.100.5/console?uuid=8101d885-3137-7ea1-e115-2ea6f67c8e63
other-config (MRW):
Yes, it returns a URL as you've shown above. It may be an issue on my side. This is what I see in the log --
Apr 25 05:04:32 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:04:32 GMT xo:main + WebSocket connection (::ffff:192.168.1.25)
Apr 25 05:04:45 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:04:45 GMT xo:perf blocked for 11ms
Apr 25 05:04:45 xo-5 xo-server[1128]: RRD call: Expected step: 5, received step: 3600. Retry with other timestamp
Apr 25 05:04:46 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:04:46 GMT xo:perf blocked for 65ms
Apr 25 05:04:48 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:04:48 GMT xo:main + Console proxy (dan@mydomain.com - ::ffff:192.168.1.25)
Apr 25 05:04:48 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:04:48 GMT xo:proxy-console connected
Apr 25 05:05:02 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:02 GMT xo:perf blocked for 12ms
Apr 25 05:05:07 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:07 GMT xo:perf blocked for 34ms
Apr 25 05:05:07 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:07 GMT xo:perf blocked for 28ms
Apr 25 05:05:09 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:09 GMT xo:proxy-console disconnected from the XO client
Apr 25 05:05:09 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:09 GMT xo:main - Console proxy (dan@mydomain.com - ::ffff:192.168.1.25)
Apr 25 05:05:19 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:19 GMT xo:main + Console proxy (dan@mydomain.com - ::ffff:192.168.1.25)
Apr 25 05:05:19 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:19 GMT xo:proxy-console connected
Apr 25 05:05:25 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:25 GMT xo:perf blocked for 18ms
Apr 25 05:05:37 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:37 GMT xo:perf blocked for 33ms
Apr 25 05:05:42 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:42 GMT xo:perf blocked for 31ms
Apr 25 05:05:57 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:57 GMT xo:perf blocked for 20ms
Apr 25 05:06:09 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:06:09 GMT xo:main - WebSocket connection (::ffff:192.168.1.25)
Apr 25 05:06:09 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:06:09 GMT xo:proxy-console disconnected from the XO client
where 192.168.1.25 is the IP address of the openVPN server.
So yes, XOA try to connect on https://192.168.1.25
but if you don't see the console, maybe it can't reach it?
Anything special in the browser console?
Not that I've seen thus far.
I can't reproduce here :disappointed:
Found this in the FF Browser console --
NS_ERROR_FAILURE: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIInterfaceRequestor.getInterface]
Same with Chrome? Check your extensions, blockers etc.
No, the error doesn't appear in Chrome. Neither does the console.
Maybe the console protocol is blocked somehow?
@Danp2 looks like a native error, probably at the connection level :/
@julien-f Can you provide some insight on why the log shows XO connecting to my OpenVPN server (192.168.1.25) instead of the actual XO/ VPN client (172.16.0.6)?
xo-server
is connecting to the console URL returned by XenServer API. If your XS host returns https://192.168.1.25/console?uuid=8101d885-3137-7ea1-e115-2ea6f67c8e63
as URL for the console, we'll connect to this URL.
Is it what you meant in your question @Danp2 ?
@olivierlambert When there's no VPN involved, this line creates the following log entry --
Apr 25 05:05:09 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:09 GMT xo:main - Console proxy (dan@mydomain.com - ::ffff:192.168.1.xxx)
where the IP address at the end represents the IP of the PC currently connected to XO.
When the VPN is in use, the log entry looks like this --
Apr 25 05:05:09 xo-5 xo-server[1128]: Tue, 25 Apr 2017 10:05:09 GMT xo:main - Console proxy (dan@mydomain.com - ::ffff:192.168.1.25)
where this IP address is NOT the PC currently connected to XO over the VPN, but rather the VPN server,
For the console redirect to function correctly over the VPN, I would have expected this IP to be 172.16.0.6, which is the IP for the VPN client.
The displayed address is the source IP of the TCP connection.
I don't know how a VPN works but it appears that xo-server is doing the right thing on its side.
Solved the issue by bypassing the traffic on my Untangle NGFW.
@Danp2 to be sure I understand, it was a "network" issue somehow, right?
The NGFW has modules that scan the traffic traversing the firewall. In my case, I determined that the Web Monitor module and the Virus Blocker Lite module were scanning this traffic and turning these modules off allowed the console to be displayed as expected.
Instead of turning the modules off, I added a bypass rule so that this traffic wouldn't be processed by any of the modules.
I see. Thanks for the feedback, if I hear someone with a similar issue, I'll redirect it toward this discussion!
Context
stable
branchExpected behavior
When I switch to the VM's Console tab, the console to be shown as usual
Current behavior
The console never appears.