[OpenAFS] Access an OpenAFS cell in LAN and WAN with dynamic DNS (DDNS) address

Dale Pontius pontius@btv.ibm.com
Wed, 31 Aug 2016 07:39:18 -0400

On 06/24/2016 10:31 AM, Karl-Philipp Richter wrote:
> Hi,
> I'm running a server with an OpenAFS volume which updates its IP which
> is dynamically changed every 24 hours by the ISP using a dynamic DNS
> (DDNS) service and `ddclient`. The server is a gateway for a LAN subnet
> I access this server inside my LAN by adding the
> address to `CellServDB` which works fine on client
> inside When I add the dynamic WAN IP of the server
> when I'm outside LAN (e.g. in eduroam) to `CellServDB` on the client
> side and reboot (and make sure that the IP didn't change after reboot)
> I'm experiencing `ls: cannot access '/afs/richtercloud.de': Connection
> timed out` when I invoke `ls /afs/` and see
>      [  130.010338] afs: Lost contact with file server in
> cell richtercloud.de (code -1) (multi-homed address; other same-host
> interfaces maybe up)
>      [  130.010343] RXAFS_GetCapabilities failed with code -1
>      [  186.461024] afs: Lost contact with file server in
> cell richtercloud.de (code -1) (all multi-homed ip addresses down for
> the server)
> in `dmesg`.
> I tried adding all LAN IPs of the server and the WAN IP to `CellServDB`
> in `[]` and not in all possible combinations. I configured my WiFi
> router to forward UDP for port 7000 to 7008 (inclusively) and 88 and 750
> (following https://wiki.openafs.org/AFSServicePorts/) to the server's
> interface and setup the same forwarding on the server.
> -Kalle
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
Since your server IP is from a non-routable rfc1918 block, I presume NAT 
is also involved.  That would most likely mean that your DDNS-mapped WAN 
IP is then translated to at the firewall.

I might suggest instead using a VPN.  Connect the VPN to the WAN IP, and 
then route the whole subnet to your remote location.  I 
routinely push OpenAFS through a VPN, with no problems.  It also gets 
around the "unstable IP" problem mentioned elsewhere on this thread.

Dale Pontius

Dale Pontius
Senior Engineer
IBM Corporation
Phone: (802) 769-6850
Tie-Line: 446-6850
email: pontius@us.ibm.com

This e-mail and its attachments, if any, may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message from your system without copying it and notify sender of the misdirection by reply e-mail.