ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

iLO4 on Dl380p Gen8 - Connection issues over VPN

 
disti
Occasional Advisor

iLO4 on Dl380p Gen8 - Connection issues over VPN

Hi,

 

We have a brand new DL380p Gen8 with iLO4.

 

I configured iLO to use a static address (192.168.100.31/24) and I connected it to the local network.

 

If I try to ping/open web page/start console from the LAN everything is fine, and a continuous ping doesn't show lost packets.

 

However, if I try to connect through VPN (from 192.168.2.15/24) I experience a very strange behaviour: my server seems "dead" for long periods of time (from 15 to 30 minutes): no ping, no web access.

Then, suddenly, it starts responding for 2 to 5 minutes and then it dies again, with average ping times of 50ms.

 

During blackouts, I can connect via remote desktop to the server itself, using the IP assigned to the "normal" NICs.

 

Of course I tested my VPN connection: during blackouts every other client on the LAN is reachable from my remote pc: I can ping them and I can access services such as remote desktop, web pages, etc.

 

I had a look at my firewall logs (btw it's a Watchguard Firebox XTM525) but I couldn't find anything relevant.

 

iLO firmware version is 2.02 Sep 05 2014.

 

Any ideas?

 

Thank you!

 

Roberto Reale

 

 

 

18 REPLIES 18
hpkasabbagh
Frequent Advisor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Hello,

ILO Firmeware 2.03 was available. Check and try.

Sincerly,
Jimmy Vance
HPE Pro

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

do you have the correct defalt gateway set within iLO?

No support by private messages. Please ask the forum! Accept or KudoI work for HPE
hpkasabbagh
Frequent Advisor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Hello,

 

And what is result if test you network configuration on ILO: Test Settings on the Security→Directory during the blackout.

 

sincerly,

 

disti
Occasional Advisor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Thank you for your answers!

 

I updated to 2.03. It didn't help.

 

Default gateway is correct. In fact, I can sometimes connect to iLO; I think that with a wrong default gateway it would never connect. I double checked it anyway.

 

Directory network tests fail beacuse I don't need active directory, so I did not configure directory parameters.

 

I'm really confused...

disti
Occasional Advisor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

I found out that if I reset iLO I can ping it a couple of minutes, then it goes down.

 

Johan Guldmyr
Honored Contributor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

Hi, sometimes firewalls are mean to VPN traffic. Have you looked into the firewall more?

Doesn't seem like an iLO issue if there is no problem when connecting from the local network.

disti
Occasional Advisor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

I don't think this is a firewall issue, for two reasons:

 

1. Above all, every time I restart iLO, it does respond for a couple of minutes. I can't imagine how iLO restart could affect firewall inspection.

2. Ping works for each and every IP in the lan (included the IP assigned to Windows on the same machine), except iLO one.

 

Firewall is set up to log all blocked traffic, however it doesn't report anything blocked from/to the iLO IP!

 

Thank you!

 

Roberto

Jimmy Vance
HPE Pro

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN


@disti wrote:

I don't think this is a firewall issue, for two reasons:

 

1. Above all, every time I restart iLO, it does respond for a couple of minutes. I can't imagine how iLO restart could affect firewall inspection.

2. Ping works for each and every IP in the lan (included the IP assigned to Windows on the same machine), except iLO one.

 

Firewall is set up to log all blocked traffic, however it doesn't report anything blocked from/to the iLO IP!

 

Thank you!

 

Roberto


One of your other posts says that you have no issue conencting to iLO when attached to the same network. This pretty much rules out any issues with iLO itself. You also say you can get to other systems on the iLO network from the VPN.  The issue would appear to be with routing over the two networks, or maybe another system on your VPN has the same IP as your client?

No support by private messages. Please ask the forum! Accept or KudoI work for HPE
disti
Occasional Advisor

Re: iLO4 on Dl380p Gen8 - Connection issues over VPN

I did additional tests:

 

1. I tried to change IP address assigned to iLO. I have written documentation on IP addresses assignment and I was sure that the used IPs were not assigned to other devices, but I tried anyway. Same results.

 

2. I picked up one of our public addresses and I NATted icmp and tcp:80 to the iLO interface. Same results: whenever I restore iLO it responds for a minute or two, then it stops responding to pings from external, while internal pings are fine.

 

3. I enabled additional logging on the firewall. These logs show that incoming ping requests from my remote pc to iLO, both through vpn and nat, are welcome.

 

4. I logged in to iLO via ssh and I tried oemhp_ping command with external addresses (vpn and internet public addresses). No external address is reachable!

 

It seems that some sort of service that starts inside iLO, and that takes about one minute to start, interfere with external connections.