[Openstack] ssh cirros@<floating-ip> not working - what can be the possible reason

masoom alam masoom.alam at gmail.com
Mon Sep 29 09:52:51 UTC 2014


Hi every one,

*Context:*
We are trying to setup a VPN site -to-site connection, but every time it
show us down in the status. We have then decided to backtrack and find the
problem.


   1. We cannot ssh cirros@<floating-ip>, however by using sudo ip netdns
   command, we can ssh to the private ip of the instance. Any clue why?
   2. From within host which is running all-in-one Openstack setup, we can
   ping any public address such as google.com, but from within CirrOS, we
   cannot do so. Any clue for this?
   3. Please note that Neutron firewall is disabled and proper security
   group rules are in place such as the following:

   # create security profile for jump hostneutron
security-group-create jumphost
   # Add rule to allow icmp inneutron  security-group-rule-create
--protocol icmp jumphost
   # Add rule to allow ssh inneutron  security-group-rule-create
--protocol tcp --port-range-min 22 --port-range-max 22  jumphost

   4.

   traceroute commands from within Cirros to our public interface
works well, but to google.com is not working.



I am wondering, host system firewall is disabled via "sudo ufw disable",
neutron firewall is also disabled
firewall_driver=nova.virt.firewall.NoopFirewallDriver
what else?

Another point, whenever we reboot neutron node, it destroys all the
settings, nothing is there - you can say VM is no more usable - that is
corrupted any pointers to this problem? Also adding a default gw by using
the "sudo route add default gw <public address> eth0" will corrupt the VM :)

Last but not the least, every example in the context of the VPNaaS takes a
local network as an example, if we are having devstack nodes on two
different nodes with two different public ip addresses, do we need to have
a GRE tunnel in between them before going to site-to-site connection? I
know it was mandatory for Racoon based ipsec tunnels.

Please guide.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140929/4e97dafc/attachment.html>


More information about the Openstack mailing list