bareos over openvpn problems

[Marcin Krzyżanowski]

Hi,

I've installed Bareos (dir, fd, sd) on bananian (banana pi pro) that is connecting to a vps in internet over openvpn to bareos-fd to make the backup.
Since the vps in public I've installed there also FW but opened ports 9101, 9102, 9103 for communication with bareos-dir/sd/fd.

When I enter thebconsole and check the status of client - I receive:
"Connecting to Client kfamVps at 10.8.0.1:9102"
"Failed to connect to Client kfamVps."

on the LH the client connects and responds to dir.

I've made som tcp snoffin on openvpn interface and the communication is working ok - the packets are arriving it's destination.

what can be the issue?
I've triplechecked the passwords, ip's and so on.

Below I'm putting the conf's:

vps-fd - not working:

Director {
Name = bananapi-dir
Password = "Nmcwd0"
}

Director {
Name = bananapi-mon
Password = "h9IWNaH7RtpuGveKyQvJaxhr95lpifUKH6qo2OWTukYs"
Monitor = yes
}

FileDaemon { # this is me
Name = kfamVps
Maximum Concurrent Jobs = 2

}

Messages {
Name = Standard
director = bananapi-dir = all, !skipped, !restored
}

director's conf:

Director { # define myself
Name = bananapi-dir
QueryFile = "/usr/lib/bareos/scripts/query.sql"
Maximum Concurrent Jobs = 50
Password = "nUsGr3RMWxvhQMWU2a6/d4s5HKJcTGEC7S0kx8w2jEPI" # Console password
Messages = Daemon
Auditing = yes
}

Client {
Name = kfamVps
Address = 10.8.0.1
Password = "Nmcwd0"
File Retention = 10 days
Job Retention = 3 months
AutoPrune = no
}

can I debug somegow where the communication is failing?
in bconsole there is only this info:
Passwords or names not the same or
Maximum Concurrent Jobs exceeded on the FD or
FD networking messed up (restart daemon).

Regards
Marcin

[Jörg Steffens]

Hi,

what happens, if you try to connect via telnet from the director to the
client? Just to test if the IP and port are reachable:

telnet 10.8.0.1 9102

If you receive
telnet: Unable to connect to remote host: Connection refused
or
telnet: Unable to connect to remote host: Connection timed out
then it is a problem with your network, independent of Bareos.

regards,
Jörg

--
Jörg Steffens joerg.s...@bareos.com
Bareos GmbH & Co. KG Phone: +49 221 630693-91
http://www.bareos.com Fax: +49 221 630693-10

Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
Komplementär: Bareos Verwaltungs-GmbH
Geschäftsführer:
S. Dühr, M. Außendorf, Jörg Steffens, P. Storz, M. v. Wieringen

[Marcin Krzyżanowski]

Hi Jörg,

tryed that already, aber funktioniert.

From fd to dir:
root@:~# telnet 10.8.0.6 9101
Trying 10.8.0.6...
Connected to 10.8.0.6.
Escape character is '^]'.

from dir to fd:
root@bananapi ~ # telnet 10.8.0.1 9102
Trying 10.8.0.1...
Connected to 10.8.0.1.
Escape character is '^]'.

Deshalb habe ich keine Idee was geht nicht.

Grusse
Marcin

[Arjen Van Drie]

Your next option would be to run tcpdump or wireshark on both ends of the connection (listen on the openvpn virtual network device tun or tap) to see what packets are going forth and back.

If you use tcpdump you can add the -s 0 (for full packets) and -w filename.cap. Then you can inspect the full packets by loading them into wireshark.

Best,
Arjen.

[Marcin Krzyżanowski]

what should I look for in particullary?

[Arjen Van Drie]

tcpdump requires knowledge of TCP packets. It would take far too much time for me to explain that. If you don't have that knowledge then tcpdump might not be for you.

Other options would be:

- try to copy (scp, ftp, http or rsync) a large file over your openvpn connection and see if it times out at a certain point
- run a ping to the remote host for a couple of hours and see if you have packet loss
- monitor your remote host over openvpn using some monitoring tool such as Nagios
- check the bareos log files to find possible anomalies

HTH

Arjen

[Marcin Krzyżanowski]

can I send you the cap files so maby you can investigate them?

[Arjen Van Drie]

Sorry, can't do that.

Best,
Arjen.

[Marcin Krzyżanowski]

I'm not so sure if that is the network issue. I've reinstalled today the bareos server. On lh works like charm. But on remote nothing. Still problems.
What is the minimum cfg for the client and dir options?

Bye
M

--
You received this message because you are subscribed to a topic in the Google Groups "bareos-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/bareos-users/nnLj8hJ9tIQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to bareos-users...@googlegroups.com.
To post to this group, send email to bareos...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Marcin Krzyżanowski]

done some sniffing and this is the problem:

...$Hello Director bananapi-dir calling
...Wauthenticate.c:101 Connection from unknown Director bananapi-dir at 10.8.0.6 rejected.
....1999 Authorization failed.
....2999 Authentication failed.

as I understand well the files mapping are:
dir.conf -> fd.conf

Director section - field Name --> Director section - field Name (should it be resolveable in dns, existent name and resolveable in dns or only internal purpose of bareos)

Director section - field Password <-- not needed in fd.conf

Client section - field Name <-- only used in dir.coonf
Client section - field Password --> Director section - field Password

dir.conf:Director:Name = fd.conf:Director:Name
dir.conf:Client:Password = fd.conf:Director:Password

are there any other important settings? Should dir.conf:Client:Address field should be fqdn or better IP address?

again configs after reinstall:
bareos-dir.conf:

Director { # define myself
Name = bananapi-dir
QueryFile = "/usr/lib/bareos/scripts/query.sql"

Maximum Concurrent Jobs = 30
Password = "OZNehq+hxKUqUTGjRtl28+mWqd2uYRPjbKWtAXUb6r2M" # Console password

Messages = Daemon
Auditing = yes
}

Client {

Name = vps193835-fd
Address = vps193835
Password = "abcabc"
File Retention = 30 days
Job Retention = 6 months
AutoPrune = no
}


vps193835-fd:

FileDaemon { # definition of myself
Name = "vps193835-fd" # XXX_REPLACE_WITH_LOCAL_HOSTNAME_XXX-fd
Maximum Concurrent Jobs = 20
}
#
# List Directors who are permitted to contact this File daemon
#
Director {
Name = "bananapi-dir" #XXX_REPLACE_WITH_LOCAL_HOSTNAME_XXX-dir
Password = "abcabc" #"XXX_REPLACE_WITH_CLIENT_PASSWORD_XXX"
}
#
# Restricted Director, used by tray-monitor to get the
# status of the file daemon
#
#Director {
# Name = vps193835-mon #XXX_REPLACE_WITH_LOCAL_HOSTNAME_XXX-mon
# Password = "password" #"XXX_REPLACE_WITH_CLIENT_MONITOR_PASSWORD_XXX"
# Monitor = yes
#}
# Send all messages except skipped files back to Director

Messages {

Name = Standard
director = vps193835 = all, !skipped, !restored #XXX_REPLACE_WITH_LOCAL_HOSTNAME_XXX-dir = all, !skipped, !restored
}

[Jörg Steffens]

Am 26.02.2016 um 10:12 schrieb Marcin Krzyżanowski:
> done some sniffing and this is the problem:
>
> ...$Hello Director bananapi-dir calling
> ...Wauthenticate.c:101 Connection from unknown Director bananapi-dir at 10.8.0.6 rejected.

this happens, when the director bananapi-dir is not defined in the fd.
However your config files look sane.

You can start the filedaemon in debug mode. Maybe this reveals something:

as root:
bareos-fd -f -d 100

Output will go to stdout.

[Marcin Krzyżanowski]

Hi Jorg - I think I found the problem - the fd after rsboot woked like a charm - in debug - waiting for backup finish to start in normal mode...

2 nights lost since didn't wanted to make a reboot... finaly worked

thx guys