I currently have two VM running on OpenStack. They are connected to three different networks with virtual links and they can ping each othe ron each of those networks. One of the networks is the public network (external network that is pre-made by openstack). This network is supposed to be external, however I can't ping the public network from my ubuntu that is running openstack. How do I access the public network on openstack from an external network, so that I can SSH into my VMs?
With the information what is given in question here are few suggestions:
If you are not pinging the external world check the routing table whether the correct
route is added with the public network interface.
Then check the security group rules, whether the SSH is enabled or not.
And then finally check the physical networks whether they are correctly connected to switch.
Related
I have a raspi machine behind NAT in my room, and I want to access it from the interenet using the URL.I found this article.
https://developers.cloudflare.com/cloudflare-one/tutorials/ssh
However, it required me to run the cloudflared program on the connecting client. I understand that this is for the security purpose. Does it possible to make the connect without running the cloudflared program on the client machine.
A follow-up question would be is it possible to ssh into ipv6 machine that using the same technique.
There are various options when it comes to connecting to a machine running on a private network:
Running cloudflared on the client (which you already found)
Installing the WARP client on the user side, then using cloudflared on the server side to expose the service securely. Finally, route the network traffic for the private network on the tunnel via WARP. This approach is described in a tutorial here
Cloudflare started also supporting in browser rendering of an SSH session. I have wrote a tutorial describing how to set it up here.
Approach (3) would do away with the need of running a client since it relies on a simple browser.
I need to create a Google Compute Engine Virtual Machine instance with no VPC.
For the App environment that I am using, I need to use the Public IP Address directly such as DigitalOcean Droplet, so if I run ifconfig command should show the interface with the public IP Address.
Each Compute Engine instance belongs to at least one VPC network. The use case you are describing is likely impossible given GCP's software-defined network architecture.
You can't create a VM in GCP without it belonging to some VPC. Console gui won't allow you that - you just have to have at least one interface.
But - there's a workaround;
ssh to your VM and create additional user & password; add this user to sudo group: (adduser username; echo 'sudouser:userspass' | chpasswd; usermod -aG google-sudoers sudouser)
logout
enable serial-console interactive aceess
login using serial console
disable all network interfaces
This way you will have a VM with only a serial console access - however I didn't try this myself.
There is a way to do it(not the vpc part because it's not possible but to see the external IP directly on vm). steps are below:
Launch a VM in VPC first, while launching, in networking section, set the IP-Forwarding on. --> do it while creating, once the vm is created, you can't do that.
Reserve a External IP in your project and vpc.
In the VPC routing, create a route and for destination network x.x.x.x/32 (reserved Public IP) --> point the next hop as the VM.
In VM, create a Sub interface and assign the public IP directly using ip addr.
Note: This works only if you're able to reach to VPC, example: VPN to access the VM over public IP.
Configuring a VNet-to-VNet connection is the preferred option to easily connect VNets if you need a secure tunnel using IPsec/IKE. In this case the documentation says that traffic between VNets is routed through the Microsoft backbone infrastructure.
According to the documentation, a Site-to-Site connection is also possible:
If you are working with a complicated network configuration, you may prefer to connect your VNets using the Site-to-Site steps, instead the VNet-to-VNet steps. When you use the Site-to-Site steps, you create and configure the local network gateways manually.
In this case we have control over the configuration of the virtual local network address space, but we need expose public IPs. Documentation donĀ“t says nothing about where the traffic goes (azure internal or public internet)
My question is, in this scenario, S2S between VNets, the traffic is routed through azure infrastructure as in the case of VNet-to-VNet or the comunication is done through public internet?
edit
The traffic in an S2S between VNets is routed through Microsoft backbone network. See this doc.
Microsoft Azure offers the richest portfolio of services and
capabilities, allowing customers to quickly and easily build, expand,
and meet networking requirements anywhere. Our family of connectivity
services span virtual network peering between regions, hybrid, and
in-cloud point-to-site and site-to-site architectures as well as
global IP transit scenarios.
I have installed at work SAP Hana Express Edition 2.0 in my laptop. It runs on VMware/Suse. I also set up a static IP address so I don't have to change the client connections. This works fine when I'm at work.
I added the following to hosts file:
192.168.1.85 hxehost
Problem is that when I take my laptop somewhere else all my client connections time out. I checked the IP address in Suse and it's the one I assigned. How to fix this problem?
If I disconnect the laptop from the Internet, I get the following error:
JDBC: Cannot connect to jdbc:sap://192.168.1.85:39013/ [Cannot connect to
host 192.168.1.85:39013 [No route to host: connect],
This is my setup:
How you connect to the virtual machine's IP ports depends on the setup chosen for the VM networking.
The address 192.168.1.85 is part of the 192.168.1.x network, which is very popular for home-router setup and small LANs. It's very likely that your laptop is part of such a network, when not at work. So when you ping the address the laptop uses the network interface that is linked to this network (e.g. your wifi adapter) to look for the host with IP 192.168.1.85. Whoever host currently got the 85 in your network, it's likely not your virtual machine.
One easy way to avoid this is to setup the virtual machine with host-only network. For that you have to configure the network adapter in VMware (or whatever hypervisor you use) to use the host-only network and assign an IP address in a different subnet e.g. in 192.168.5.x. For the HANA client software on your computer, the address to use would, of course, be 192.168.5.85 but it would be stable across all networks your laptop may log into.
does anybody know an API that allows to send and receive data to/from a VMWare guest system without using an IP network?
I have to communicate with a program inside a VMWare guest but the guest is not allowed to have an IP network. As file transfers into the VM via Drag&Drop are possible I assume that there is an API - I just need to know if this API is open to 3rd party programmers or if it is only available fro the VMWare Player itself.
Sure, you can access those with the VIX API.
More specificely, the Drag&Drop is implemented with following functions:
VixVM_CopyFileFromGuestToHost
VixVM_CopyFileFromHostoGuest
Basically all VixVM functions may be relevant for your tasks. They are all documented in the official VIX API reference.
It turns out that there is a solution for my problem:
Virtual Serial Port
VM-Ware allows to create virtual serial ports for the guest that are connected on host side to a named pipe.
I therefore created two helper programs, one on host side which listens on a TCP port and a specific named pipe and transfers all the incoming data between them.
A second helper program runs in the guest VM and does the same between the serial port and the TCP port I want to access.
The only draw-back is that the serial speed is limited to 128kBit/sec. May be that can be increased by using multiple virtual serial ports...
Virtual Machine Communication Interface (VMCI)
Using VMCI there is an API for creating a shared memory region that is accessible from both hast and guest system.