[OpenAFS] Access an OpenAFS cell in LAN and WAN with dynamic DNS (DDNS) address

Dale Pontius pontius@btv.ibm.com
Wed, 31 Aug 2016 07:39:18 -0400 

On 06/24/2016 10:31 AM, Karl-Philipp Richter wrote:
> Hi,
> I'm running a server with an OpenAFS volume which updates its IP which
> is dynamically changed every 24 hours by the ISP using a dynamic DNS
> (DDNS) service and `ddclient`. The server is a gateway for a LAN subnet
> 192.168.179.0/24. I access this server inside my LAN by adding the
> 192.168.179.0/24 address to `CellServDB` which works fine on client
> inside 192.168.179.0/24. When I add the dynamic WAN IP of the server
> when I'm outside LAN (e.g. in eduroam) to `CellServDB` on the client
> side and reboot (and make sure that the IP didn't change after reboot)
> I'm experiencing `ls: cannot access '/afs/richtercloud.de': Connection
> timed out` when I invoke `ls /afs/` and see
>
>      [  130.010338] afs: Lost contact with file server 192.168.178.20 in
> cell richtercloud.de (code -1) (multi-homed address; other same-host
> interfaces maybe up)
>      [  130.010343] RXAFS_GetCapabilities failed with code -1
>      [  186.461024] afs: Lost contact with file server 192.168.179.1 in
> cell richtercloud.de (code -1) (all multi-homed ip addresses down for
> the server)
>
> in `dmesg`.
>
> I tried adding all LAN IPs of the server and the WAN IP to `CellServDB`
> in `[]` and not in all possible combinations. I configured my WiFi
> router to forward UDP for port 7000 to 7008 (inclusively) and 88 and 750
> (following https://wiki.openafs.org/AFSServicePorts/) to the server's
> interface and setup the same forwarding on the server.
>
> -Kalle
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
Since your server IP is from a non-routable rfc1918 block, I presume NAT 
is also involved.  That would most likely mean that your DDNS-mapped WAN 
IP is then translated to 192.168.178.20 at the firewall.

I might suggest instead using a VPN.  Connect the VPN to the WAN IP, and 
then route the whole 192.168.179.0/24 subnet to your remote location.  I 
routinely push OpenAFS through a VPN, with no problems.  It also gets 
around the "unstable IP" problem mentioned elsewhere on this thread.

Dale Pontius


-- 
Dale Pontius
Senior Engineer
IBM Corporation
Phone: (802) 769-6850
Tie-Line: 446-6850
email: pontius@us.ibm.com

This e-mail and its attachments, if any, may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message from your system without copying it and notify sender of the misdirection by reply e-mail.