HPE Community
ProLiant Servers (ML,DL,SL)
1752755 Members
4935 Online
108789 Solutions
New Discussion

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

 
Jimmy Vance
HPE Pro

‎01-26-2015 09:27 AM

‎01-26-2015 09:27 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

@disti wrote:

I did additional tests:

 

4. I logged in to iLO via ssh and I tried oemhp_ping command with external addresses (vpn and internet public addresses). No external address is reachable! 

That would suggest a routing issue.  can you oemhp_ping systems on the same network is iLO?

No support by private messages. Please ask the forum! 
0 Kudos
Reply
disti
Occasional Advisor

‎01-26-2015 10:31 AM

‎01-26-2015 10:31 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

@Jimmy Vance wrote:

That would suggest a routing issue.  can you oemhp_ping systems on the same network is iLO?

Yes I can always ping to/from internal addesses (including default gateway).

The weird thing is that every time I reset iLO I can also ping external/VPN addresses for a minute or two!

As I said, it seems that some kind of service is started inside iLO, that introduces routing problems.

 

Unfortunately, I'm not aware of networking related commands in the ssh console (to trace routes, show routes, show nic configuration) to further investigate this issue!

 

0 Kudos
Reply
waaronb
Respected Contributor

‎01-31-2015 11:54 AM

‎01-31-2015 11:54 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Do you have a "reactive" firewall handling the VPN traffic?  Is it seeing traffic to the ILO over some of those other ports used for things like virtual media, remote console, etc. and if there aren't rules setup for those it starts to deny traffic thinking you're attacking it?

 

Just a guess there.  Since it sounds like it works fine locally and it's only remotely that you lose access after a while, I don't think the ILO itself has a problem unless, as others mentioned, your default gateway is bad.

 

To make sure, you should double-check the default gateway setting and also the subnet mask.  If your network has VLANs or anything, make sure all of that is correct for the port the ILO is plugged into, etc.

 

Otherwise it sure seems like the VPN/firewall is doing something funny.  If it has any logging, you could look there and see what's happening to traffic to the ILO when it's working, and then when it's not working...see what's changing.

0 Kudos
Reply
disti
Occasional Advisor

‎02-01-2015 01:37 AM

‎02-01-2015 01:37 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Thank you waaronb,

 

I don't think this issue is firewall related: I can continuously ping every other IP through VPN and also NATted IPs for hours.

I have no VLANs, the LAN setup is quite easy, indeed: subnet 192.168.100.0/24, gateweay on 192.168.100.1, no VLANs, iLO NICs on 192.168.100.154 and 192.168.100.155 (I have two servers).

 

As I stated in my previous posts, firewall logs have been throughly analyzed and showed that all traffic to iLO IP is authorized. Outbound traffic is always authorized from anyone to anyone. For testing purposes I also created ad hoc policies to explicitly allow traffic to/from iLO on the interested server.

 

As a side note I'd like to stress that iLO on the other server (same subnet, same gateway, same switch) is working perfectly.

 

 

0 Kudos
Reply
Jimmy Vance
HPE Pro

‎02-02-2015 01:32 PM

‎02-02-2015 01:32 PM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

@disti wrote:

As a side note I'd like to stress that iLO on the other server (same subnet, same gateway, same switch) is working perfectly.
 

In this case I'd call support and see about getting a new system board

No support by private messages. Please ask the forum! 
0 Kudos
Reply
waaronb
Respected Contributor

‎02-03-2015 01:11 PM

‎02-03-2015 01:11 PM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Ditto that... if another server with the same config is fine, then it's probably the system board (ILO in particular) misbehaving.

 

I have one server where the ILO remote console is unusable... everything is garbled.  I used to be able to see my mouse moving around and the screen was only a little mixed up, so I could kind of do things remotely.  But it's degraded to the point where it's nothing but static.

 

Point being, the ILO is a totally separate function on the mainboard and it can (and does) do weird things even when everything else is okay on that system.

0 Kudos
Reply
Mema
Occasional Visitor

‎09-17-2015 09:52 AM

‎09-17-2015 09:52 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Hi,
what was the solution to fix this problem?

0 Kudos
Reply
RossASL
Occasional Visitor

‎01-08-2016 06:11 AM

‎01-08-2016 06:11 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Hi Roberto,

Did you ever get to the bottom of this?

Thanks

Ross

0 Kudos
Reply
disti
Occasional Advisor

‎01-08-2016 06:49 AM

‎01-08-2016 06:49 AM

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

YES!

afrer months I found out that the switch the server was connected to had a wrong gateway address: it was set to the default 192.168.1.1 while in our network we use 192.168.100.1.

I corrected it and iLO started working!

That really confused me, because:

1. The switch itself had no routing functionality enabled.

2. Every other device on the network always worked properly (including other iLO devices)

3. The "malfunctioning" server used to work sometimes.

I still have to find an explanation to this...

 

BTW: the switch is a Cisco SG500.

 

Bye!

Roberto

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.