Comments (8)
GettingTechnicl
commented on July 24, 2024
This does not happen when utilizing lighthouse settings on a node with a local ip behind a router
from nebula.
rawdigits
commented on July 24, 2024
Can you share the command you are using to generate your certificates for each node?
from nebula.
zfwjs
commented on July 24, 2024
static_host_map: "publicIP": ["publicIP:4242"]
It looks like you're using the publicIP in both spots.
Format should be "192.168.100.1": ["192.30.253.113:4242"]
from nebula.
nbrownus
commented on July 24, 2024
@zfwjs yeah, I need to check but this might be a bug in that handling. I assume "publicIp" fails to parse and we might just move forward with a 0.0.0.0 route.
from nebula.
GettingTechnicl
commented on July 24, 2024
Update ---
All networking is not lost. It seemed like it and I could have tested further to see that all networking was not lost, but as I was not at the location of the server at that time I did not think of it.
All inbound connection seems to be lost at the lighthouse node. ONLY on this machine that ONLY has a public ip, there is no router, so I cannot utilize an ip like 192.168.100.1, the machine is directly connected only to a public ip.
The odd part is that the ping command works properly. Makes me feel like I have no idea what I'm doing.
I use port 477 for ssh, so I added tcp and udp rules for 477, the config I pasted up above was before I added tcp 477.
After I activate nebula on this lighthouse I am unable to connect to the lighthouse via ssh, but only on this node.
I tested with a small google compute instance which of course gets the internal ip as well as the public ip. I set up the lighthouse with the exact same settings and it worked perfectly right out of the gate. Activating nebula on this lighthouse did not break ssh connection, and did not break any internal connections.
I believe the command I'm using to issue certs is not useful, as I have 2 lighthouses with the exact same settings in which one works and one does not once nebula has been activated with the only difference being the ip. Although the commands I'm using to issue certs are
./nebula-cert sign -name "pcname" -ip "xxx.xxx.xxx.xxx/xx"
from nebula.
rawdigits
commented on July 24, 2024
@GettingTechnicl the two comments above yours are the ones to keep in mind. the 192.168.100.x subnet is something you define to your individual nebula deployment. If you need to use a different ip range, you can make that anything you want, as long as it doesn't conflict with your local network ip range anywhere.
The key here is that the static host map can not have a non-nebula IP as its first argument, as the folks above have stated. It needs to be the IP you assigned to a static node via its certificate.
from nebula.
GettingTechnicl
commented on July 24, 2024
Thank you, I believe that will resolve my issue then. I was under the impression that this needed to be what the machines local routable ip would be on that machines internal network.
I will update when this is working.
from nebula.
GettingTechnicl
commented on July 24, 2024
This did resolve the issue completely. Thanks for your assistance.
from nebula.
Related Issues (20)
- Thanks for nebula
- example config: commented punchy.respond value should be false HOT 1
- 🐛 BUG: tests fail after 2027-11-11 HOT 1
- 🐛 BUG: Unable to reconnect after server crash HOT 4
- 🐛 BUG: overall poor behavior with "not before" field in host certificate HOT 5
- Feature request: push unsafe routes from lighthouse HOT 1
- 🐛 BUG:Failed to setup adapter (problem code: 0x34) HOT 21
- Feature Request: Relative paths in config HOT 1
- Feature Request: `nebula-service -test -config` should warn about unknown keys and stuff in config yaml
- 🐛 BUG: wintun failed HOT 6
- 🐛 BUG: Event Log spam when handshake timeout fails HOT 10
- 🐛 BUG: "Refusing to handshake with myself" when configuring self as unsafe_routes via
- Windows is not as fast as linux for downloading files
- 🐛 BUG: Nebula nodes cannot ping each other , however they can ping the lighthouse vpn IP HOT 1
- 🐛 BUG: Linux (386) "panic: runtime error: makeslice: len out of range" HOT 2
- 🐛 BUG:test
- can i use port range ?
- 🐛 BUG: use_system_route_table not considering multipath routes HOT 1
- 🐛 BUG: wakes up the CPU a lot
- 🐛 BUG: after dns changed, connection lost forever
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nebula.