Tunnel Client Cannot Connect to Tunnel Server

book

Article ID: 35372

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

The following alarm appears upon completion of tunnel client configuration using the hub GUI.



Also, hub configuration GUI on the primary hub (the tunnel client) shows the following on the Status > Tunnel Status tab:


 

Environment

 This applies to all environments where the hub/tunnel functionality is configured.
 

Resolution

This can occur for a variety of reasons:

-The tunnel server is not started. 
To correct this:
  1. Start the tunnel server.
  2. Acknowledge the alarm.
  3. Navigate to the tunnel client's configuration, status tab, tunnel status and verify you have connectivity.

-There is an active firewall on the tunnel server preventing the tunnel client from establishing a connection

To determine whether this is the case, use the following telnet command to determine if you can connect from the tunnel client to the tunnel server:

telnet <tunnel server IP> 48003

If the telnet fails or times out, this means that there is something blocking connections from being made to the tunnel server via port 48003 from the tunnel client. To correct this:
  1. navigate to the tunnel server and if the firewall has been activated, deactivate it.
  2. return to the tunnel client and with Infrastructure Manager (IM), bring up the hub GUI.

You should now be able to confirm that you have connectivity using the telnet command given above.

-You may have specified the wrong IP address when creating the CA certificate.
To determine if the IP address is incorrect, make sure that the tunnel client connection appears on tunnel server by issuing the following netstat commands on the tunnel server:

On Windows:
netstat -an | find “48003”

On Unix:
netstat -an |grep 48003

Note: change the port based on the port number you are using for tunnel connectivity.

You should see an ESTABLISHED connection from tunnel client IP in the output of above command. If you don't, then verify that correct IP is used for tunnel server (see steps below log snip) and retest
.
There will also be an error in the log file similar to the following when a connection cannot be established by the tunnel client to the tunnel server:


On the tunnel client, check that the IP address in the hub log entries is the correct IP address for the tunnel server that you are trying to connect to.  If it is not correct, you will need to do the following:
  1. Launch the hub GUI on the tunnel client and navigate to the Tunnels tab, then Client Configuration tab.
  2. Highlight the Tunnel Client Setup containing the incorrect IP address and click on the Edit button.
  3. Change the Server IP address so that it is the correct address of the tunnel server.

Once you have done this, restart the tunnel client Unified Infrastructure Management (UIM) Server using the UIM Service Controller, then verify that connectivity has been established via the tunnel client log file.  It should look something like this:

Attachments