[OpenAFS] Wrong paket path between two afs servers

[Derrick Brashear]

On Mon, Jun 16, 2008 at 4:05 PM, Ralf Hornik Mailings
<ralf@best.homeunix.org> wrote:
> Dear list,
>
> I have two afs servers connected directly through a VPN tunnel.
> Both servers should talk together using their VPN IPs:
>
> server1 10.0.0.2
> server2 172.16.0.2
>
> server1 is connected to the internet behind a firewall
> server2 is connected to the internet directly (on the other side of the
> world)
>
> CellServDB holds only this two addresses for this cell.
>
> When I try to access a volume residing on server2, the client hangs and the
> firewall log shows that server 2 tries to connect over its public IP port
> afs3-fileserver to my firewall to a high port.
> This can not work.
>
> When I create a volume on server2 using
>
> vos create server2 (172.16.0.2) /vicepa public_data
>
> the volume location is showed in vldb always mapped to the public IP
> (afs1.domain.org) of server2.
> So I estimate server1 tries to connect to the public IP regarding the vldb
> entry.
>
> However, I cannot change the vldb to change the volumelocation to the
> interal IP of server2, so the volume cannot be accessed.
> Can somebody give me a clue, how get this working? Teh other idea would be
> not to use the VPN tunnel and make my master server accessible for AFS
> through my firewall.
> But I would like to have a strong encrypted communication channel.
>
> Btw: Openafs becomes more and more stable and reliable and meanwhile I
> really like it. :) Good work folks!
> Best regards
>

Whichever server needs to advertise a second ("fake") address needs a
line in its NetInfo file for it.

The NetInfo file should contain 2 lines
local.ip.address
f outside.ip.address

the "f" is a literal, lowercase f, standing for fake.