Ipsec tunnel not pingable when node and webui the same server


#1

I have a 5 server deployment. Host1 is running the Rancher Server as well as the Rancher/agent and other docker containers.

Containers on the other hosts can ping the Host1, but cannot ping the IP address for ipsec IP on Host1.

Containers on other Hosts can ping the ipsec IP on hosts that are not Host1

Host1 containers cannot ping ipsec IP of other hosts.

There are no errors in the logs for Host1, ipsec and its sidekicks are all green.

Rebooting host did not fix. Restarting ipsec did not fix.

Rancher v1.6.23 running on latest CoreOS Stable.


#2

Turns out the issue was caused by the Rancher/Agent.

Ranger/Agent was install specifying the IP address of the host as the Cattle_Agent_IP to ensure the server used the correct IP address, but it appears to have gone sideways after some containers were installed.

Redeployed Rancher/Agent on the host, specifying the Host IP as the Cattle_Agent_IP and the ipsec for this host started working.

credit:https://forums.rancher.com/t/node-disconected-ipsec-problem/9740