Ipsec tunnel not pingable when node and webui the same server

nsweetman · November 2, 2018, 8:15am

I have a 5 server deployment. Host1 is running the Rancher Server as well as the Rancher/agent and other docker containers.

Containers on the other hosts can ping the Host1, but cannot ping the IP address for ipsec IP on Host1.

Containers on other Hosts can ping the ipsec IP on hosts that are not Host1

Host1 containers cannot ping ipsec IP of other hosts.

There are no errors in the logs for Host1, ipsec and its sidekicks are all green.

Rebooting host did not fix. Restarting ipsec did not fix.

Rancher v1.6.23 running on latest CoreOS Stable.

nsweetman · November 2, 2018, 8:39am

Turns out the issue was caused by the Rancher/Agent.

Ranger/Agent was install specifying the IP address of the host as the Cattle_Agent_IP to ensure the server used the correct IP address, but it appears to have gone sideways after some containers were installed.

Redeployed Rancher/Agent on the host, specifying the Host IP as the Cattle_Agent_IP and the ipsec for this host started working.

credit:http://forums.rancher.com/t/node-disconected-ipsec-problem/9740

Topic		Replies	Views
Cross-host communication - ping only works between some containers Rancher 1.x	1	862	June 14, 2018
IPSec network fails silently on a host Rancher 1.x	24	7847	November 6, 2017
Rancher agent not communicating across public<->private subnets on AWS Rancher 1.x	4	1926	November 18, 2016
[ppc64le] IPSEC infrastructure stack service unable to start on added host Rancher 1.x	9	2714	November 6, 2017
Cross-host intercontainer communication trouble Rancher 1.x	27	12102	May 14, 2016

Ipsec tunnel not pingable when node and webui the same server

Related topics