[OpenAFS] vlserver sync failure... VPN a problem?

Derek Atkins warlord@MIT.EDU
22 May 2002 22:17:41 -0400 

Are your CellServDBs the same on both servers?
Are your KeyFiles the same on both servers?
Does DNS resolve to the net-10 addresses?

Are you trying to get this to work on net-10 or outside?
You wont be able to get both.

-derek

Matt <antisthenes@yahoo.com> writes:

> OK, so I (theoretically) solved my previous issue with
> OpenAFS behind NAT (more on that later), but now I
> can't seem to get my basic setup to work.  Either I'm
> missing something, or AFS is mixing badly with
> FreeS/WAN.
> 
> Details:
> I have a VPN set up at three (geographically distant)
> sites, using Linux FreeS/WAN-based IPSec.  The three
> site's private networks have addresses in the ranges
> 10.0.0.x, 10.0.1.x, and 10.0.2.x.  At each site, I'm
> trying to set up an AFS server (OpenAFS-1.2.3), with
> address 10.0.y.2 (where y={0,1,2}).  Everything goes
> fine until I try to add the second server, at which
> point Ubik fails to be able to synchronize the
> vlservers.
> Output of 'udebug <system control machine> vlserver':
> 
> Host's addresses are: 10.0.0.2
> Host's 10.0.0.2 time is Thu May 23 01:40:23 2002
> Local time is Thu May 23 01:40:24 2002 (time
> differential 1 secs)
> Last yes vote for 10.0.0.2 was 0 secs ago (sync site);
> Last vote started 0 secs ago (at Thu May 23 01:40:24
> 2002)
> Local db version is 1022117202.3
> I am sync site until 60 secs from now (at Thu May 23
> 01:41:24 2002) (2 servers)
> Recovery state f
> Sync site's db version is 1022117202.3
> 0 locked pages, 0 of them for write
> Last time a new db version was labelled was:
>          821 secs ago (at Thu May 23 01:26:43 2002)
> 
> Server (10.0.1.2): (db 0.0)
>     last vote rcvd 0 secs ago (at Thu May 23 01:40:24
> 2002),
>     last beacon sent 0 secs ago (at Thu May 23
> 01:40:24 2002), last vote was yes
>     dbcurrent=0, up=1 beaconSince=1
> 
> I don't think it's the VPN's fault, as the above
> suggests that packets are clearly being exchanged on
> port 7003 (and I've verified that with tcpdump), but
> I've tried everything I can think of (including
> running the vlservers with -nojumbo).
> 
> I've been beating my head against this for quite a
> while now, so any thoughts or help would be greatly
> appreciated.
> 
> Thanks,
> Matt
> 
> __________________________________________________
> Do You Yahoo!?
> LAUNCH - Your Yahoo! Music Experience
> http://launch.yahoo.com
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available