XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Xen Orchestra cannot connect XCP-ng Host by VPN-IPSEC

    Scheduled Pinned Locked Moved
    Management
    3
    3
    224
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redbob365
      last edited by redbob365

      Hi:

      We established a VPN-IPSEC between our Pool and a remote XCP-ng Host. We had a MPLS before change to IPSEC and the host was integrated to the pool. Now we cannot connect anymore.
      image_2024-03-14_171702963.png
      It's "enabled" but we cannot reach its pool, so we cannot manage it nor see any VMS within it. Is there any port to deal? Any IPSEC setting to enable?

      Trying by XCP-ng Center is not better...
      image_2024-03-14_172359191.png

      The log says just it, endlessly, no error message:

      2024-03-14 17:20:53,926 INFO  XenAPI.Session [Connection to 172.24.52.141] - Invoking XML-RPC method session.login_with_password
2024-03-14 17:20:54,733 INFO  XenAPI.Session [Connection to 172.24.52.141] - Invoking XML-RPC method pool.get_all_records

      | can access the host normally, by SSH, for example.
      Any ideas?

      D 1 Reply Last reply Reply Quote 0
      • D
        DustinB @redbob365
        last edited by

        @redbob365 The ideal approach here would be to setup an XO Proxy, for the Open Source edition, this isn't available. I believe you need premium to do so with XOA.

        You could likely setup a proxy of your own to do manage remote XO Pools, without the need to setup multiple VPNs

        1 Reply Last reply Reply Quote 0
        • A
          austinw
          last edited by austinw

          If you have hardware that supports this you can try to do an openvpn Server as a TAP adapter. it will be closer to a Layer 2 MPLS connection than an IPSEC tunnel. I have no idea if XCP-NG or XO/XOA use any type of Multicast traffic to communicate. Thats the only thing I can think of unless you have IPSEC firewall policies blocking some type of traffic that XO needs. I presume you can ping/ssh into the remote host? Are these hosts using shared storage over the MPLS/IPSEC?

          Edit:
          I just found this as well.
          https://xcp-ng.org/forum/topic/6609/unable-to-join-a-host-to-a-pool

          Seems to be also that the XCP-NG hosts will attempt to talk to each other over local URL's in some cases but I can't find a post about that. Bridging the two networks the same way the MPLS was would likely get you back to the way it was.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post