You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cloudstack.apache.org by "Sheng Yang (JIRA)" <ji...@apache.org> on 2014/07/18 02:29:04 UTC
[jira] [Assigned] (CLOUDSTACK-7124) Failed to apply site-to-site
VPN using Site2SiteVpnCfgCommand
[ https://issues.apache.org/jira/browse/CLOUDSTACK-7124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sheng Yang reassigned CLOUDSTACK-7124:
--------------------------------------
Assignee: Sheng Yang
> Failed to apply site-to-site VPN using Site2SiteVpnCfgCommand
> -------------------------------------------------------------
>
> Key: CLOUDSTACK-7124
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7124
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: Management Server, Test
> Affects Versions: 4.5.0
> Reporter: Chandan Purushothama
> Assignee: Sheng Yang
> Priority: Critical
> Fix For: 4.5.0
>
>
> ====================
> Management Server Log:
> ====================
> 2014-07-17 14:20:29,540 WARN [o.a.c.f.j.AsyncJobExecutionContext] (StatsCollector-3:ctx-d1bbb5cd) Job is executed without a context, setup psudo job for the executing thread
> 2014-07-17 14:20:29,594 DEBUG [c.c.a.t.Request] (StatsCollector-3:ctx-d1bbb5cd) Seq 4-2465720795985346640: Received: { Ans: , MgmtId: 200888983222606, via: 4, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2014-07-17 14:20:29,597 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-157:ctx-a2223711) Seq 1-6784391363656943196: Executing request
> 2014-07-17 14:20:30,095 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-157:ctx-a2223711) Seq 1-6784391363656943196: Response Received:
> 2014-07-17 14:20:30,096 DEBUG [c.c.a.t.Request] (StatsCollector-3:ctx-d1bbb5cd) Seq 1-6784391363656943196: Received: { Ans: , MgmtId: 200888983222606, via: 1, Ver: v1, Flags: 10, { GetStorageStatsAnswer } }
> 2014-07-17 14:20:31,380 ERROR [c.c.u.s.SshHelper] (DirectAgent-156:ctx-8941a517) SSH execution of command /opt/cloud/bin/router_proxy.sh ipsectunnel.sh 169.254.0.19 -A -l 10.220.166.68 -n 10.2.1.0/24 -g 10.220.160.1 -r 10.220.166.67 -N 10.1.1.0/24 -e "3des-md5;modp1536" -i "3des-md5;modp1536" -t 86400 -T 3600 -s "ipsecpsk" -d 0 -p has an error status code in return. result output: inet 10.220.166.68/20 brd 10.220.175.255 scope global eth1
> iptables: No chain/target/match by that name.
> iptables: No chain/target/match by that name.
> iptables: No chain/target/match by that name.
> iptables: No chain/target/match by that name.
> 021 no connection named "vpn-10.220.166.67"
> 000 terminating all conns with alias='vpn-10.220.166.67'
> 021 no connection named "vpn-10.220.166.67"
> 021 no connection named "vpn-10.220.166.67"
> 003 no secrets filename matched "/etc/ipsec.d/ipsec.*.secrets"
> iptables: Bad rule (does a matching rule exist in that chain?).
> iptables: Bad rule (does a matching rule exist in that chain?).
> iptables: Bad rule (does a matching rule exist in that chain?).
> iptables: Bad rule (does a matching rule exist in that chain?).
> /opt/cloud/bin/ipsectunnel.sh: line 165: [: -ne: unary operator expected
> can not load config '/etc/ipsec.conf': /etc/ipsec.d/ipsec.vpn-10.220.166.67.conf:12: bad duration value salifetime=s [s]
> 000 initiating all conns with alias='vpn-10.220.166.67'
> 021 no connection named "vpn-10.220.166.67"
> ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected
> ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected
> ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected
> ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected
> ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected
> 021 no connection named "vpn-10.220.166.67"
> 000 terminating all conns with alias='vpn-10.220.166.67'
> 021 no connection named "vpn-10.220.166.67"
> 021 no connection named "vpn-10.220.166.67"
> 003 no secrets filename matched "/etc/ipsec.d/ipsec.*.secrets"
> bash: modp1536: command not found
> bash: modp1536: command not found
> 2014-07-17 14:20:31,381 DEBUG [c.c.a.m.DirectAgentAttache] (DirectAgent-156:ctx-8941a517) Seq 1-6784391363656943194: Response Received:
> 2014-07-17 14:20:31,381 DEBUG [c.c.a.t.Request] (DirectAgent-156:ctx-8941a517) Seq 1-6784391363656943194: Processing: { Ans: , MgmtId: 200888983222606, via: 1, Ver: v1, Flags: 100, [{"com.cloud.agent.api.Answer":{"result":false,"details":" inet 10.220.166.68/20 brd 10.220.175.255 scope global eth1\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\niptables: No chain/target/match by that name.\n021 no connection named \"vpn-10.220.166.67\"\n000 terminating all conns with alias='vpn-10.220.166.67' \n021 no connection named \"vpn-10.220.166.67\"\n021 no connection named \"vpn-10.220.166.67\"\n003 no secrets filename matched \"/etc/ipsec.d/ipsec.*.secrets\"\niptables: Bad rule (does a matching rule exist in that chain?).\niptables: Bad rule (does a matching rule exist in that chain?).\niptables: Bad rule (does a matching rule exist in that chain?).\niptables: Bad rule (does a matching rule exist in that chain?).\n/opt/cloud/bin/ipsectunnel.sh: line 165: [: -ne: unary operator expected\ncan not load config '/etc/ipsec.conf': /etc/ipsec.d/ipsec.vpn-10.220.166.67.conf:12: bad duration value salifetime=s [s]\n000 initiating all conns with alias='vpn-10.220.166.67' \n021 no connection named \"vpn-10.220.166.67\"\nISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected\nISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected\nISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected\nISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected\nISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected\n021 no connection named \"vpn-10.220.166.67\"\n000 terminating all conns with alias='vpn-10.220.166.67' \n021 no connection named \"vpn-10.220.166.67\"\n021 no connection named \"vpn-10.220.166.67\"\n003 no secrets filename matched \"/etc/ipsec.d/ipsec.*.secrets\"\nbash: modp1536: command not found\nbash: modp1536: command not found\n","wait":0}}] }
> 2014-07-17 14:20:31,382 DEBUG [c.c.a.m.AgentAttache] (DirectAgent-156:ctx-8941a517) Seq 1-6784391363656943194: No more commands found
> 2014-07-17 14:20:31,382 DEBUG [c.c.a.t.Request] (API-Job-Executor-62:ctx-d5acf6d1 job-612 ctx-d1963fd8) Seq 1-6784391363656943194: Received: { Ans: , MgmtId: 200888983222606, via: 1, Ver: v1, Flags: 100, { Answer } }
> 2014-07-17 14:20:31,401 WARN [o.a.c.a.c.u.v.CreateVpnConnectionCmd] (API-Job-Executor-62:ctx-d5acf6d1 job-612 ctx-d1963fd8) Exception:
> com.cloud.exception.ResourceUnavailableException: Resource [Site2SiteVpnConnection:1] is unreachable: Failed to apply site-to-site VPN
> at com.cloud.network.vpn.Site2SiteVpnManagerImpl.startVpnConnection(Site2SiteVpnManagerImpl.java:345)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
> at org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:106)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
> at com.cloud.event.ActionEventInterceptor.invoke(ActionEventInterceptor.java:51)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:161)
> at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
> at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
> at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
> at $Proxy159.startVpnConnection(Unknown Source)
> at org.apache.cloudstack.api.command.user.vpn.CreateVpnConnectionCmd.execute(CreateVpnConnectionCmd.java:149)
> at com.cloud.api.ApiDispatcher.dispatch(ApiDispatcher.java:141)
> at com.cloud.api.ApiAsyncJobDispatcher.runJob(ApiAsyncJobDispatcher.java:108)
> at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.runInContext(AsyncJobManagerImpl.java:507)
> at org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
> at org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
> at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
> at org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
> at org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
> at org.apache.cloudstack.framework.jobs.impl.AsyncJobManagerImpl$5.run(AsyncJobManagerImpl.java:464)
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
> at java.util.concurrent.FutureTask.run(FutureTask.java:166)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:722)
> 2014-07-17 14:20:31,403 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-62:ctx-d5acf6d1 job-612) Complete async job-612, jobStatus: FAILED, resultCode: 530, result: org.apache.cloudstack.api.response.ExceptionResponse/null/{"uuidList":[],"errorcode":534,"errortext":"Resource [Site2SiteVpnConnection:1] is unreachable: Failed to apply site-to-site VPN"}
> 2014-07-17 14:20:31,408 DEBUG [o.a.c.f.j.i.AsyncJobManagerImpl] (API-Job-Executor-62:ctx-d5acf6d1 job-612) Done executing org.apache.cloudstack.api.command.user.vpn.CreateVpnConnectionCmd for job-612
--
This message was sent by Atlassian JIRA
(v6.2#6252)