Getting this?
TLS Error: cannot locate HMAC in incoming packet from [AF_INET]192.168.0.76:65169
Solve it by ensuring these two lines match the server:
cipher AES-256-CBC
auth SHA256
And ensure they appear in the sever config as well as follows:
cipher aes-256-cbc
auth sha256
Cheers,
TK
Getting this?
Dec 28 04:16:28 DD-WRT-INTERNET-ASUS daemon.notice openvpn[18115]: TCP connection established with [AF_INET]192.168.0.76:64101
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.notice openvpn[18115]: 192.168.0.76:64101 TLS: Initial packet from [AF_INET]192.168.0.76:64101, sid=6624e5bc bebf0a81
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.err openvpn[18115]: 192.168.0.76:64101 TLS Error: reading acknowledgement record from packet
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.err openvpn[18115]: 192.168.0.76:64101 Fatal TLS error (check_tls_errors_co), restarting
Dec 28 04:16:29 DD-WRT-INTERNET-ASUS daemon.notice openvpn[18115]: 192.168.0.76:64101 SIGUSR1[soft,tls-error] received, client-instance restarting
Enable TLS on the server:
Copy paste the ta.key contents into the TLS Auth Key box of the DD-WRT router. Ensure your .ovpn config file also contains this:
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
Ensure the ovpn.conf file on the DD-WRT router has the following config:
root@DD-WRT-INTERNET-ASUS:/tmp/openvpn# cat openvpn.conf
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 3
mute 3
syslog
writepid /var/run/openvpnd.pid
management 127.0.0.1 14
management-log-cache 100
topology subnet
script-security 2
port 1194
proto tcp4-server
cipher aes-256-cbc
auth sha256
client-connect /tmp/openvpn/clcon.sh
client-disconnect /tmp/openvpn/cldiscon.sh
client-config-dir /jffs/etc/openvpn/ccd
comp-lzo adaptive
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
client-to-client
push "redirect-gateway def1"
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
tcp-nodelay
tun-mtu 1500
mtu-disc yes
server 10.1.1.0 255.255.255.0
dev tun2
tls-auth /tmp/openvpn/ta.key 0
push "dhcp-option DNS 192.168.0.224"
push "dhcp-option DNS 192.168.0.44"
push "dhcp-option DNS 192.168.0.154"
push "route 192.168.0.0 255.255.255.0"
root@DD-WRT-INTERNET-ASUS:/tmp/openvpn#
Cheers,
TK
Getting this?
[root@sat01 ~] # ping 192.168.0.6
connect: Network is unreachable
[root@sat01 ~] #
When you're on a separate VLAN?
[root@sat02 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 18:28:38:b0:00:01 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.150/24 scope global ens3
valid_lft forever preferred_lft forever
[root@sat02 ~]#
Solve by adding a default route:
[root@sat02 ~]# ip route add default via 10.0.0.1 dev ens3
And verify:
[root@sat02 ~]# ip route
default via 10.0.0.1 dev ens3
10.0.0.0/24 dev ens3 proto kernel scope link src 10.0.0.150
[root@sat02 ~]#
Regards,
AC
Getting these?
2019-11-28 01:28:08,128 INFO com.cloudera.cmf.scheduler-1_Worker-1:com.cloudera.cmf.service.ServiceHandlerRegistry: Executing command GlobalPoolsRefresh BasicCmdArgs{scheduleId=1, scheduledTime=2019-11-27T10:00:00.000Z}.
2019-11-28 01:28:09,775 WARN scm-web-886:org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: Resolved [java.io.IOException: Close org.eclipse.jetty.server.HttpConnection$SendCallback@2a3e3d03[PROCESSING][i=null,cb=org.eclipse.jetty.server.HttpChannel$ContentCallback@23de18e3] in state PROCESSING] to ModelAndView: materialized View is [com.cloudera.server.web.common.JamonModelAndView$JamonView@4a0945f9]; model is {}
2019-11-28 01:28:09,779 WARN scm-web-886:org.eclipse.jetty.server.HttpChannel: ERROR dispatch failed
org.eclipse.jetty.io.EofException: Closed
at org.eclipse.jetty.server.HttpOutput.write(HttpOutput.java:482)
at org.springframework.security.web.util.OnCommittedResponseWrapper$SaveContextServletOutputStream.write(OnCommittedResponseWrapper.java:638)
at org.springframework.security.web.util.OnCommittedResponseWrapper$SaveContextServletOutputStream.write(OnCommittedResponseWrapper.java:638)
at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
at sun.nio.cs.StreamEncoder.implWrite(StreamEncoder.java:282)
at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:125)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
at java.lang.Thread.run(Thread.java:748)
Suppressed: java.lang.IllegalStateException: Error already set
at org.eclipse.jetty.server.HttpChannelState.onError(HttpChannelState.java:758)
at org.eclipse.jetty.server.HttpChannel.handleException(HttpChannel.java:595)
at org.eclipse.jetty.server.HttpChannelOverHttp.handleException(HttpChannelOverHttp.java:489)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:531)
… 17 more
Caused by: java.io.IOException: Close org.eclipse.jetty.server.HttpConnection$SendCallback@2a3e3d03[PROCESSING][i=null,cb=org.eclipse.jetty.server.HttpChannel$ContentCallback@23de18e3] in state PROCESSING
at org.eclipse.jetty.util.IteratingCallback.close(IteratingCallback.java:427)
at org.eclipse.jetty.server.HttpConnection.onClose(HttpConnection.java:507)
at org.eclipse.jetty.io.ssl.SslConnection.onClose(SslConnection.java:273)
at org.eclipse.jetty.io.SelectorManager.connectionClosed(SelectorManager.java:345)
at org.eclipse.jetty.io.ManagedSelector$DestroyEndPoint.run(ManagedSelector.java:923)
… 4 more
2019-11-28 01:33:43,717 INFO scm-web-165:com.cloudera.enterprise.JavaMelodyFacade: Exiting HTTP Operation: Method:POST, Path:/services/31/healthStatusBar, Status:200
2019-11-28 01:33:51,548 INFO scm-web-165:com.cloudera.api.ApiExceptionMapper: (20 skipped) Exception caught in API invocation. Msg:This installation is currently running Cloudera Express.
java.util.NoSuchElementException: This installation is currently running Cloudera Express.
at com.cloudera.api.dao.impl.LicenseManagerDaoImpl.readLicense(LicenseManagerDaoImpl.java:86)
at com.cloudera.api.v1.impl.ClouderaManagerResourceImpl.readLicense(ClouderaManagerResourceImpl.java:57)
at com.cloudera.api.v32.impl.ClouderaManagerResourceV32Impl.readLicense(ClouderaManagerResourceV32Impl.java:56)
at sun.reflect.GeneratedMethodAccessor1984.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2019-11-28 02:20:02,169 INFO avro-servlet-hb-processor-1:com.cloudera.server.common.AgentAvroServlet: (27 skipped) AgentAvroServlet: heartbeat processing stats: average=35ms, min=24ms, max=92ms.
2019-11-28 02:20:50,007 ERROR ScmActive-0:com.cloudera.server.cmf.components.ScmActive: ScmActive:
javax.persistence.NonUniqueResultException: query did not return a unique result: 2
2019-11-28 02:20:50,008 INFO ScmActive-0:com.cloudera.enterprise.AbstractWrappedEntityManager: Rolling back transaction that wasn't marked for rollback-only.
java.lang.Exception: Non-thrown exception for stack trace.
at com.cloudera.enterprise.AbstractWrappedEntityManager.close(AbstractWrappedEntityManager.java:161)
at com.cloudera.cmf.persist.CmfEntityManager.close(CmfEntityManager.java:367)
at java.lang.Thread.run(Thread.java:748)
2019-11-28 02:21:02,220 INFO avro-servlet-hb-processor-1:com.cloudera.server.common.AgentAvroServlet: (27 skipped) AgentAvroServlet: heartbeat processing stats: average=35ms, min=24ms, max=92ms.
2019-11-28 02:21:05,016 ERROR ScmActive-0:com.cloudera.server.cmf.components.ScmActive: ScmActive:
javax.persistence.NonUniqueResultException: query did not return a unique result: 2
at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:121)
2019-11-28 02:21:05,016 ERROR ScmActive-0:com.cloudera.server.cmf.components.ScmActive: ScmActive is deferring the validation to the next run in 15 seconds.
2019-11-28 02:21:05,016 INFO ScmActive-0:com.cloudera.enterprise.AbstractWrappedEntityManager: Rolling back transaction that wasn't marked for rollback-only.
java.lang.Exception: Non-thrown exception for stack trace.
at com.cloudera.enterprise.AbstractWrappedEntityManager.close(AbstractWrappedEntityManager.java:161)
at com.cloudera.cmf.persist.CmfEntityManager.close(CmfEntityManager.java:367)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2019-11-28 02:21:20,028 ERROR ScmActive-0:com.cloudera.server.cmf.components.ScmActive: ScmActive:
javax.persistence.NonUniqueResultException: query did not return a unique result: 2
at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:121)
at org.hibernate.internal.ExceptionConverterImpl.convert(ExceptionConverterImpl.java:155)
Restore the database from your automatic backups:
[root@psql01 ~]# psql -h psql-c01.nix.mds.xyz -p 5432 -U postgres -f /root/psql-c01.sql.1574920910 postgres
Cheers,
TK
If this happens after you do a mass database restore:
ERROR 1044 (42000): Access denied for user 'skip-grants user'@'skip-grants host' to database 'performance_schema'
ERROR 1142 (42000): INSERT command denied to user 'skip-grants user'@'' for table 'variables_by_thread'
ERROR 1044 (42000): Access denied for user 'skip-grants user'@'skip-grants host' to database 'performance_schema'
Query OK, 1 row affected (0.00 sec)
It is ok.
Regards,
BK
Getting this?
[root@mdskvm-p06 ~]# pvcreate /dev/sda
Device /dev/sda excluded by a filter.
It's likely because you're running the multipath daemon. So partitions have to be created on the associated multipath devices, not the device names themselves:
Getting this?
RTNETLINK answers: Network is unreachable
Maybe the interface is down:
ip link set eno1 up
ip addr add 10.0.0.100 dev dno1
ip route add default via 10.0.0.1 dev dno1
Thx,
Getting this?
Dec 25 09:56:14 mdskvm-p06 kernel: sd 0:0:0:0: lun4194304 has a LUN larger than allowed by the host adapter
Dec 25 09:56:14 mdskvm-p06 kernel: scsi 0:3:0:0: lun4194304 has a LUN larger than allowed by the host adapter
Fix it by adding the following and rebuilding the initramfs:
[root@mdskvm-p06 ~]# cat /etc/modprobe.d/lpfc.conf
options lpfc lpfc_nodev_tmo=10 lpfc_lun_queue_depth=32 lpfc_max_luns=65535
[root@mdskvm-p06 ~]# dracut -f
Thx,
AB
Getting this?
Request timed out
Running tcpdump on the interface reveals no replies:
# tcpdump -i one-19-0 -s 0 -n arp or icmp | grep -Ei "192.168.0.128|192.168.0.224"
11:59:08.551814 ARP, Request who-has 192.168.0.224 tell 192.168.0.128, length 46
11:59:09.553599 ARP, Request who-has 192.168.0.224 tell 192.168.0.128, length 28
11:59:09.553689 ARP, Request who-has 192.168.0.224 tell 192.168.0.128, length 46
When trying to ping from a guest VM you get this:
Destination Host Unreachable
Your virtual interface looks like this:
[root@mdskvm-p01 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether 78:e7:d1:8f:4d:26 brd ff:ff:ff:ff:ff:ff
3: enp2s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether 78:e7:d1:8f:4d:28 brd ff:ff:ff:ff:ff:ff
4: enp3s0f0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether 78:e7:d1:8f:4d:2a brd ff:ff:ff:ff:ff:ff
5: enp3s0f1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
link/ether 78:e7:d1:8f:4d:2c brd ff:ff:ff:ff:ff:ff
6: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master onebr01 state UP group default qlen 1000
link/ether 78:e7:d1:8f:4d:26 brd ff:ff:ff:ff:ff:ff
inet6 fe80::7ae7:d1ff:fe8f:4d26/64 scope link
valid_lft forever preferred_lft forever
8: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:af:dc:91 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global virbr0
valid_lft forever preferred_lft forever
9: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:af:dc:91 brd ff:ff:ff:ff:ff:ff
19: onebr01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 78:e7:d1:8f:4d:26 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.60/24 brd 192.168.0.255 scope global onebr01
valid_lft forever preferred_lft forever
inet 192.168.0.88/32 scope global onebr01
valid_lft forever preferred_lft forever
inet6 fe80::7ae7:d1ff:fe8f:4d26/64 scope link
valid_lft forever preferred_lft forever
26: one-19-0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master onebr01 state UNKNOWN group default qlen 1000
link/ether fe:28:38:a0:00:01 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc28:38ff:fea0:1/64 scope link
valid_lft forever preferred_lft forever
[root@mdskvm-p01 network-scripts]#
The virtual interface, at least from an OpenNebula perspective, is defined as follows:
[oneadmin@one01 ~]$ onevnet show 7
VIRTUAL NETWORK 7 INFORMATION
ID : 7
NAME : onevnet01
USER : oneadmin
GROUP : oneadmin
LOCK : None
CLUSTERS : 100
BRIDGE : onebr01
VN_MAD : bridge
AUTOMATIC VLAN ID : NO
AUTOMATIC OUTER VLAN ID : NO
USED LEASES : 1
PERMISSIONS
OWNER : um-
GROUP : —
OTHER : —
VIRTUAL NETWORK TEMPLATE
BRIDGE="onebr01"
BRIDGE_TYPE="linux"
DESCRIPTION="ONE Virtual Network 01"
DNS="192.168.0.224"
GATEWAY="192.168.0.1"
NETWORK_MASK="255.255.255.0"
PHYDEV=""
SECURITY_GROUPS="0"
VN_MAD="bridge"
ADDRESS RANGE POOL
AR 0
SIZE : 154
LEASES : 1
RANGE FIRST LAST
MAC 18:28:38:A0:00:01 18:28:38:a0:00:9a
IP 192.168.0.100 192.168.0.253
LEASES
AR OWNER MAC IP IP6
0 V:19 18:28:38:a0:00:01 192.168.0.100 –
VIRTUAL ROUTERS
[oneadmin@one01 ~]$
[oneadmin@one01 ~]$
[oneadmin@one01 ~]$
Then the issue is likely with your bonding mode:
Marcelo Ricardo Leitner 2015-11-09 17:39:20 UTC
Which bond mode are you using? Please ensure it's either load balance or LACP.
ARP replies are destined to original requester MAC but some bond modes will overwrite src mac for load balancing, which would cause the bridge to not forward the packets back to the guest.
https://bugzilla.redhat.com/show_bug.cgi?id=1279161
The setup here was:
[root@mdskvm-p01 network-scripts]# cat ifcfg-bond0
DEVICE=bond0
BONDING_OPTS='mode=2 miimon=100'
BRIDGE=onebr01
MACADDR=78:e7:d1:8f:4d:26
ONBOOT=yes
MTU=1500
DEFROUTE=no
NM_CONTROLLED=no
IPV6INIT=no
[root@mdskvm-p01 network-scripts]#
Changing bonding mode to 6 solved the issue for the following reason:
This is Adaptive load balancing mode. This includes balance-tlb + receive load balancing (rlb) for IPV4 traffic. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the server on their way out and overwrites the src hw address with the unique hw address of one of the slaves in the bond such that different clients use different hw addresses for the server.
[root@mdskvm-p01 network-scripts]# cat ifcfg-bond0
DEVICE=bond0
BONDING_OPTS='mode=6 miimon=100'
BRIDGE=onebr01
MACADDR=78:e7:d1:8f:4d:26
ONBOOT=yes
MTU=1500
DEFROUTE=no
NM_CONTROLLED=no
IPV6INIT=no
[root@mdskvm-p01 network-scripts]#
( This might not work. The ARP table was still populated from when mode=6 was used. Hence the possible false positive. ) Bonding mode 4 also works:
BONDING_OPTS='mode=4 miimon=100'
This also solves the following error message:
Nov 26 12:03:02 mdskvm-p01 kernel: onebr01: received packet on bond0 with own address as source address (addr:78:e7:d1:8f:4d:26, vlan:0)
Cheers,
TK
Getting this?
[root@mdskvm-p01 yum.repos.d]# ping 8.8.8.8
connect: Network is unreachable
[root@mdskvm-p01 yum.repos.d]# ip route add default via 192.168.0.1
Solve it by donig this:
|
Copyright © 2003 - 2025 Tom Kacperski (microdevsys.com). All rights reserved.
|
