[SCION] VPN configuration failure
Mateusz Kowalski
kmateusz at ethz.ch
Thu Dec 12 10:35:45 CET 2019
https://docs.scionlab.org/content/faq/troubleshooting.html -- You see
the part about `systemctl status openvpn at client` and `ip address show
dev tun0`
Cheers
On 11/12/2019 21:15, Matthew McCormack wrote:
> Thanks!
>
> How do I test if "VPN connection to the AP is established correctly"?
>
> On Wed, Dec 11, 2019 at 2:52 PM Kowalski Mateusz
> <mateusz.kowalski at inf.ethz.ch <mailto:mateusz.kowalski at inf.ethz.ch>>
> wrote:
>
> Hi guys,
>
> Please do one if the following
>
> 1) test whether your VPN connection to the AP is established
> correctly; without it the border router will not start
> 2) configure your user AS properly i.e. without using a VPN; if
> the problem persists with the direct connection to the AP, the
> problem will be either AP’s configuration or the SCION itself
>
> Statistically speaking I bet you don’t have a working VPN, but
> this statement is not backed by any logs
>
> Cheers,
> Mateusz
> ------------------------------------------------------------------------
> *From:* SCION <scion-bounces at lists.inf.ethz.ch
> <mailto:scion-bounces at lists.inf.ethz.ch>> on behalf of Matthew
> McCormack <mmccorm1 at andrew.cmu.edu <mailto:mmccorm1 at andrew.cmu.edu>>
> *Sent:* 11 December 2019 19:31:09
> *To:* scion at lists.inf.ethz.ch <mailto:scion at lists.inf.ethz.ch>
> *Subject:* Re: [SCION] VPN configuration failure
> As a follow-up, while debugging with Michael a key item we noted
> was that
> the border-router service is not running (also not listed when running
> systemctl list-dependencies):
>
> $ sudo systemctl list-dependencies scionlab.target
> scionlab.target
> ● ├─scion-beacon-server at 17-ffaa_1_d13-1.service
> ● ├─scion-beacon-server at 17-ffaa_1_d13-1.service
> ● ├─scion-certificate-server at 17-ffaa_1_d13-1.service
> ● ├─scion-certificate-server at 17-ffaa_1_d13-1.service
> ● ├─scion-daemon at 17-ffaa_1_d13.service
> ● ├─scion-daemon at 17-ffaa_1_d13.service
> ● ├─scion-dispatcher.service
> ● ├─scion-dispatcher.service
> ● ├─scion-path-server at 17-ffaa_1_d13-1.service
> ● ├─scion-path-server at 17-ffaa_1_d13-1.service
> ● └─scion-webapp.service
>
> When I attempt to manually start the border-router, it fails:
>
> $ sudo systemctl status scion-border-router at 17-ffaa_1_d13-1.service
>
> *●* scion-border-router at 17-ffaa_1_d13-1.service - SCION Border Router
>
> Loaded: loaded (/lib/systemd/system/scion-border-router at .service;
> disabled; vendor preset: enabled)
>
> Active: *failed* (Result: start-limit-hit) since Wed 2019-12-11
> 12:23:43 CST; 46s ago
>
> Docs: https://www.scionlab.org
>
> Process: 28270 ExecStart=/usr/bin/scion-systemd-wrapper
> /usr/bin/border /etc/scion/gen/ISD-isd-/AS-as-/br%i/br.toml %i
> *(code=exited, status=1/*
>
> Main PID: 28270 (code=exited, status=1/FAILURE)
>
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> *scion-border-router at 17-ffaa_1_d13-1.service: Unit entered failed
> state.*
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> *scion-border-router at 17-ffaa_1_d13-1.service: Failed with result
> 'exit-code'*
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> scion-border-router at 17-ffaa_1_d13-1.service: Service hold-off time
> over, scheduling restart
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> Stopped SCION Border Router.
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> *scion-border-router at 17-ffaa_1_d13-1.service: Start request repeated
> too quickly*
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> *Failed to start SCION Border Router.*
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> *scion-border-router at 17-ffaa_1_d13-1.service: Unit entered failed
> state.*
>
> Dec 11 12:23:43 dataplane.scion.psi-pg0.wisc.cloudlab.us
> <http://dataplane.scion.psi-pg0.wisc.cloudlab.us> systemd[1]:
> *scion-border-router at 17-ffaa_1_d13-1.service: Failed with result
> 'start-limit-hit'.*
>
>
> Thanks for the help!
>
> -Matt
>
>
> On Wed, Dec 11, 2019 at 12:07 PM Matthew McCormack
> <mmccorm1 at andrew.cmu.edu <mailto:mmccorm1 at andrew.cmu.edu>>
> wrote:
>
> > Hello,
> >
> > In attempting to setup an AS (attached to the ETHZ-AP), I am
> experiencing
> > an issue (at least one reported by the webapp) with the VPN. I
> built the AS
> > from debian packages. I can ping a SCION AP, but when I attempt
> to send an
> > SCMP echo message, I receive the following error message: CRIT:
> > SCIOND unable to retrieve paths: SCIOND experienced an internal
> error
> >
> > The webapp reports that the VPN configuration test fails with the
> > following message:
> > Traceback (most recent call last):
> > File \"\", line 3, in
> > StopIteration
> >
> > As a side note, the webapp reports that the SCMP test passes,
> but does not
> > report the host's public IP address but the address of a
> different NIC on
> > the machine. When I attempt to manually send an SCMP echo, I
> receive the
> > error message above about SCIONd not being able to retrieve paths.
> >
> > I am not receiving any SCION beacon messages. The only items in
> the log
> > are for starting periodic tasks.
> >
> > --
> > Thank you for your time and consideration.
> >
> > Very Respectfully,
> > Matt McCormack
> >
>
>
> --
> Thank you for your time and consideration.
>
> Very Respectfully,
> Matt McCormack
> _______________________________________________
> SCION mailing list
> SCION at lists.inf.ethz.ch <mailto:SCION at lists.inf.ethz.ch>
> https://lists.inf.ethz.ch/mailman/listinfo/scion
>
>
>
> --
> Thank you for your time and consideration.
>
> Very Respectfully,
> Matt McCormack
More information about the SCION
mailing list