[solved] Question regarding MIM: Controller not having a static *public* IP possible?

Bob.Dig · Nov 6, 2024, 8:26 PM

While I read

The controller host must have a static IP address, the other instances can have dynamic addresses.

I am asking, if it would be possible to run the controller without one because I don't have one (public at home). It looks like every interface can and will be used but I had no luck with an existing WireGuard-tunnel. At least that is static (but not public).

Or didn't I try hard enough? I see many allowed connections in the logs but status stays unknown.

Bob.Dig · Nov 7, 2024, 11:18 AM

The log doesn't tell me anything of use (for me).

Going by the states, it seems that the "client" tries to connect to almost everywhere but not to 10.3.9.17, where it should...

But then, it is allowed to touch anything anyways.

So no joy here.

marcosm · Nov 7, 2024, 1:44 PM

It's supported already, e.g. with a custom config file, but the GUI bits aren't in yet.

Bob.Dig · Nov 7, 2024, 2:07 PM

@marcosm You mean DDNS? Or tunnel in another tunnel? Because I have the feeling it should already work but it doesn't for me.

marcosm · Nov 7, 2024, 2:48 PM

Yeah, I meant that an FQDN could be used for a controller behind dynamic addresses.

I'm not sure about running MIM over an existing tunnel. It doesn't make much sense to do for a number of reasons which I don't want to go into detail now, but also in part because MIM already creates a secure tunnel between the client and controller. It's possible it skips other VPN interfaces, I'll have to check.

Bob.Dig · Nov 7, 2024, 8:52 PM

@marcosm It looks like it is not trying to use any WireGuard tunnel. What is puzzling though, the Registration Data does contain my dynamic public IPv4-Address, still the status doesn't change.

stephenw10 · Nov 8, 2024, 7:56 AM

@Bob-Dig said in Question regarding MIM: Controller not having a static *public* IP possible?:

What is puzzling though, the Registration Data does contain my dynamic public IPv4-Address, still the status doesn't change.

It doesn't try to connect to the external IPv4 the controller has?

Bob.Dig · Nov 8, 2024, 8:37 AM

@stephenw10 said in Question regarding MIM: Controller not having a static *public* IP possible?:

It doesn't try to connect to the external IPv4 the controller has?

It does, still the status never changes for me.

Edit: Both sides are behind NAT but that shouldn't make any difference I guess.

stephenw10 · Nov 8, 2024, 1:50 PM

Ok I guess I'm unclear exactly what's happening here. You have a number of IPs shown and they don't seem to match.

You should be able to connect from some external resource to a controller behind a dynamic IP as long as it hasn't changed since it was configured. And as long as the traffic is forwarded to the controller if it's behind NAT.

Bob.Dig · Nov 8, 2024, 2:50 PM

@stephenw10 said in Question regarding MIM: Controller not having a static *public* IP possible?:

You should be able to connect from some external resource to a controller behind a dynamic IP as long as it hasn't changed since it was configured. And as long as the traffic is forwarded to the controller if it's behind NAT.

Sure. And that is the case here. And if I disable and enable MIM it should reset, right? But as you can see in the last picture, it is "connecting" anyways because my public IP actually hasn't changed. It is changing roughly once a week.

stephenw10 · Nov 8, 2024, 4:15 PM

Ah, OK. Well fqdn support is incoming....

Bob.Dig · Nov 8, 2024, 4:45 PM

@stephenw10 Good to know but still, it isn't working here like it should. But I am just reporting, don't need this feature.

stephenw10 · Nov 8, 2024, 5:09 PM

Hmm, so just to be clear, what is not working as expected? Disabling and re-enabling MIM does not clear the registration data.

Bob.Dig · Nov 8, 2024, 5:13 PM

@stephenw10 Status is still unknown. But the second part is interesting. So when my public IP is finally changing, then I can not test this anymore because the registration data is not changing?

stephenw10 · Nov 8, 2024, 5:56 PM

With status unknown like that the client has never connected back to the controller. So the traffic is probably blocked somewhere because it looks like it's trying to connect.

Currently the client connects back to the 'server' using only the IP address(es) passed to it in the registration data. So if the server side changes IP the connection will fail. Thus only static IPs are really supported for that side. But FQDN support is coming.

Bob.Dig · Nov 8, 2024, 6:00 PM

@stephenw10 But it is not blocked, you can see that in the last picture I posted. It can talk to the MIM Port on my (private) WAN-IP at home, just saying.

Bob.Dig · Nov 8, 2024, 7:38 PM

@stephenw10 Maybe it all is related to this?

Is this a timeout message? That VPS is horrible slow. Or there is an activation problem?

Log on Client

Nov 8 20:30:52 pfnet-controller 71929 797876 [/var/run/pfnet-controller.sock] GET /api/device/controller (DONE 129.606ms) OK: success
Nov 8 20:30:52 pfnet-controller 71929 797876 [/var/run/pfnet-controller.sock] GET /api/device/controller
Nov 8 20:30:48 pfnet-controller 71929 INFO Applying changes into config.xml
Nov 8 20:30:48 pfnet-controller 71929 711767 [/var/run/pfnet-controller.sock] DELETE /api/config/system/captiveportalbackup (DONE 5.991ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 698279 [/var/run/pfnet-controller.sock] DELETE /api/config/system/logsbackup (DONE 0.958ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 666789 [/var/run/pfnet-controller.sock] DELETE /api/config/system/dhcpbackup (DONE 1.080ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 657424 [/var/run/pfnet-controller.sock] DELETE /api/config/system/rrdbackup (DONE 1.353ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 401318 [/var/run/pfnet-controller.sock] DELETE /api/config/system/use_mfs_tmpvar (DONE 0.999ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 344427 [/var/run/pfnet-controller.sock] DELETE /api/config/system/dpinger_dont_add_static_routes (DONE 1.147ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 129633 [/var/run/pfnet-controller.sock] DELETE /api/config/system/keep_failover_states (DONE 1.041ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 112933 [/var/run/pfnet-controller.sock] DELETE /api/config/system/remove_failover_states_default (DONE 1.065ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 96084 [/var/run/pfnet-controller.sock] DELETE /api/config/system/schedule_states (DONE 1.204ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:48 pfnet-controller 71929 36961 [/var/run/pfnet-controller.sock] DELETE /api/config/system/pti_disabled (DONE 1.457ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 936446 [/var/run/pfnet-controller.sock] DELETE /api/config/system/thermal_hardware (DONE 1.333ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 926102 [/var/run/pfnet-controller.sock] DELETE /api/config/system/ipsec_mb (DONE 1.064ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 914451 [/var/run/pfnet-controller.sock] DELETE /api/config/system/crypto_hardware (DONE 1.378ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 566861 [/var/run/pfnet-controller.sock] DELETE /api/config/system/watchdogd_enable (DONE 1.040ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 460392 [/var/run/pfnet-controller.sock] DELETE /api/config/system/powerd_enable (DONE 1.268ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 451874 [/var/run/pfnet-controller.sock] DELETE /api/config/system/block_external_services (DONE 1.173ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 437248 [/var/run/pfnet-controller.sock] DELETE /api/config/system/do_not_send_uniqueid (DONE 1.890ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 416491 [/var/run/pfnet-controller.sock] DELETE /api/config/system/lb_use_sticky (DONE 1.015ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 407598 [/var/run/pfnet-controller.sock] DELETE /api/config/system/proxypass (DONE 1.380ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 402921 [/var/run/pfnet-controller.sock] DELETE /api/config/system/proxyuser (DONE 1.004ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 397833 [/var/run/pfnet-controller.sock] DELETE /api/config/system/proxyport (DONE 0.944ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 391868 [/var/run/pfnet-controller.sock] DELETE /api/config/system/proxyurl (DONE 1.263ms) ERROR: (*urlhandler.HandlerError) 400 not found
Nov 8 20:30:47 pfnet-controller 71929 328168 [/var/run/pfnet-controller.sock] DELETE /api/config/system/harddiskstandby (DONE 23.195ms) ERROR: (*urlhandler.HandlerError) 400 not found

stephenw10 · Nov 8, 2024, 9:00 PM

Hmm, so the client is connecting out to the controller at the correct public IP but it never arrives at the controller?

Bob.Dig · Nov 8, 2024, 9:25 PM

@stephenw10 It is working now! Most probably the VM needed more RAM than I thought. It had only 512 MB before. I will mark this solved.

Bob.Dig · Nov 9, 2024, 12:08 PM

Today it is not working anymore but also there was the first IP change on my side. Doing some port magic didn't helped. So if I am able to, I will host the controller on a second instance in the cloud (with a static IP).