problems on ubuntu 16.04 LTS (linode.com VPS)

Backup agent for Linux servers and workstations on-premises or in the public cloud

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby backup_wonder » Mon Jan 02, 2017 12:26 pm

tsightler wrote:[...]
VBR is really designed to work on a LAN, it doesn't really deal well with NAT or dual-homed public/private setups.
[...]


Thanks for that hint, unfortunatley this is currently the showstopper for us.
backup_wonder
Lurker
 
Posts: 1
Liked: never
Joined: Mon Jan 19, 2015 9:31 am

[MERGED] Backup over openvpn failing

Veeam Logoby simeon.hemus » Mon Jan 09, 2017 3:40 am

I am trying to backup a CentOS Server located in a datacentre that i have no access to the network.
I have asked the support people to open up specific ports, such as TCP 10002, 4444 & 2500 so i can Backup this server to our Veeam Backup Server, and it starts backing up successfully, but after a while it fails because i'm using openvpn to connect this CentOS box to our firewall using an SSL VPN.
CentOS Kernal: 2.6.32-504.30.3.el6.x86_64
Firewall: WatchGuard XTM850 using a Mobile SSL VPN

It appears that the backup job is failing because the VPN is dropping out.

Is there any way i can tweak the vpn or maybe come up with another solution where i can backup this server to our Veeam Backup Server in a different site?
simeon.hemus
Novice
 
Posts: 8
Liked: 1 time
Joined: Fri Nov 25, 2016 3:35 am
Full Name: Simeon Hemus

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby PTide » Mon Jan 09, 2017 8:15 am

Hi Simeon,

What was the error? Also how far did the job go before failure?

Is there any way i can tweak the vpn or maybe come up with another solution where i can backup this server to our Veeam Backup Server in a different site?
You need to ensure that the connection is stable throughout the whole backup job. VBR can resist to very bad high latency connections and minor packet loss but if the connection is dropped, the job fails. Cloud Connect is designed to address such problems, however Cloud Connect support will be added to VAL later.

Thanks

Thanks
PTide
Veeam Software
 
Posts: 3252
Liked: 273 times
Joined: Tue May 19, 2015 1:46 pm

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby vmniels » Mon Jan 09, 2017 8:23 am

OpenVPN does offer a start-up option which might help called --tun-mtu
You can increase the MTU size of the tun adapter to an amount of bytes both on the server & client side. This resembles Jumbo frames on a regular Ethernet LAN. Note that the MTU size on the underlying network switches was not altered.

You can try to find the best parameters by using --mtu-test and monitoring iperf to see how much mbit you utilize and need.
VCP-DCV
Veeam Certified Architect (VMCA)
http://foonet.be
vmniels
Veeam Software
 
Posts: 1633
Liked: 362 times
Joined: Mon Jul 15, 2013 11:09 am
Full Name: Niels Engelen

Re: [MERGED] Backup over openvpn failing

Veeam Logoby dgomes » Mon Jan 09, 2017 3:12 pm

simeon.hemus wrote:I am trying to backup a CentOS Server located in a datacentre that i have no access to the network.
I have asked the support people to open up specific ports, such as TCP 10002, 4444 & 2500 so i can Backup this server to our Veeam Backup Server, and it starts backing up successfully, but after a while it fails because i'm using openvpn to connect this CentOS box to our firewall using an SSL VPN.
CentOS Kernal: 2.6.32-504.30.3.el6.x86_64
Firewall: WatchGuard XTM850 using a Mobile SSL VPN

It appears that the backup job is failing because the VPN is dropping out.

Is there any way i can tweak the vpn or maybe come up with another solution where i can backup this server to our Veeam Backup Server in a different site?


In watchguard there is not much you can tweak for SSLVPN settings.
You might try to increase the timeout settings:
Image
And auto-reconnect:
Image
Hopefully Veeam will just see it as a packet drop if the re-connection is fast enough.
Also be sure you don't have any rules limiting the inbound VPN traffic.

Other than that you can attempt to modify client-side settings as suggested by vmniels, but I do not know if the VPN service on the watchguard box will take them into account.
dgomes
Influencer
 
Posts: 20
Liked: 7 times
Joined: Sat Jan 17, 2015 7:16 pm
Full Name: David

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby simeon.hemus » Wed Jan 11, 2017 6:25 am

i sent the error logs to Veeam support and this is what they replied with:

Code: Select all
Hello Simeon,

Thank you for the log files.  Unfortunately the only error message in Veeam logs is:
..
[10.01.2017 07:16:25] <140595021821696> lpbcore| WARN|Method invocation was not finalized. Method id [12]. Class: [N10lpbcorelib11interaction11ILpbServiceE]
[10.01.2017 07:16:25] <140595021821696> lpbcore| ERR |Failed to connect to the port [192.168.1.199:10002].
[10.01.2017 07:16:25] <140595021821696> lpbcore| >>  |Unable connect to backup server 192.168.1.199:10002.
[10.01.2017 07:16:25] <140595021821696> lpbcore| >>  |--tr:Failed to get client for VBR server [{7fc246e4-4ed5-4a3c-ad76-27ca79e1b533}].
..
Since this is an internal IP address, I can suggest that it could be a VPN issue. Hovewer, I'd recommend checking vpn logs (usually it is located in /var/log/syslog, depending on your VPN software).

dmesg also doesn\t show anything useful, only some firewall blocked ports:
..
Jan 10 07:16:19 dse-vmmxq3bn kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:50:56:9a:04:f8:00:23:e9:34:fe:83:08:00 SRC=113.20.17.238 DST=113.20.7.235 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=19639 PROTO=TCP SPT=22058 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 10 07:16:20 dse-vmmxq3bn kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:23:e9:34:fe:83:08:00 SRC=113.20.17.238 DST=113.20.7.239 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=28193 PROTO=TCP SPT=32572 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 10 07:16:32 dse-vmmxq3bn xinetd[1945]: START: ftp pid=24304 from=::ffff:203.88.112.237
..


Kind regards,
Konstantin Primakov
Veeam Technical Support


So i would assume that would confirm my suspicions that the VPN is dropping out.

The other thing that i'll mention is that my Veeam Backup & Replication version is: 9.5.0.711 (the first release of 9.5, the Agent for Linux says it is only supported by 9.5 update 1, but i have actually got a test CentOS VPN residing at another site that i control the hardware firewall and when i back this up, it is fine.

So i still suspect that it is probably openvpn being a bit unstable.
I'll try some of the suggestions above and get back to you on how i get on.
simeon.hemus
Novice
 
Posts: 8
Liked: 1 time
Joined: Fri Nov 25, 2016 3:35 am
Full Name: Simeon Hemus

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby simeon.hemus » Wed Jan 11, 2017 7:07 am

If i need to use the openvpn --mtu-test option, what values do i need to use with this and what iperf commands should i use to test the stability?
I do have the same timeout values as in gnomes pictured post above, but i don't have Authentication MD5 & Encyption Blowfish.
Should i try this with openvpn to be more stable??
simeon.hemus
Novice
 
Posts: 8
Liked: 1 time
Joined: Fri Nov 25, 2016 3:35 am
Full Name: Simeon Hemus

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby simeon.hemus » Fri Jan 13, 2017 8:26 pm

I changed the watchguard SSL VPN Settings to Authentication MD5 & Encyption Blowfish and changed the time out to 120 Seconds, and started the backup again. This time it uploaded 82GB of files before it failed.
Any other ideas of how i can get the Mobile SSL VPN more stable? or do you think it is better that i setup an IPSEC Mobile VPN?? would that be more stable?
simeon.hemus
Novice
 
Posts: 8
Liked: 1 time
Joined: Fri Nov 25, 2016 3:35 am
Full Name: Simeon Hemus

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby PTide » Mon Jan 16, 2017 8:05 pm

I don't think anyone on this forum has ever compared those two in terms of transmitting such amounts of data, I suggest you to try it.

Thanks
PTide
Veeam Software
 
Posts: 3252
Liked: 273 times
Joined: Tue May 19, 2015 1:46 pm

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby dgomes » Thu Jan 19, 2017 3:33 pm 1 person likes this post

simeon.hemus wrote:I changed the watchguard SSL VPN Settings to Authentication MD5 & Encyption Blowfish and changed the time out to 120 Seconds, and started the backup again. This time it uploaded 82GB of files before it failed.
Any other ideas of how i can get the Mobile SSL VPN more stable? or do you think it is better that i setup an IPSEC Mobile VPN?? would that be more stable?


You also need to keep in mind the watchguard mobile VPNs are labeled as such because of their intended use: mobile devices, laptops, or out-of-office PCs.
For the kind of thing you are doing it would need their branch office VPN functionality (BOVPN) that establishes a permanent tunnel between 2 sites. We do multi-terabyte backups via BOVPN for several customers with a watchguard at each site and it works very well.
dgomes
Influencer
 
Posts: 20
Liked: 7 times
Joined: Sat Jan 17, 2015 7:16 pm
Full Name: David

[MERGED] Is it safe to open a Veeam Repo for external access

Veeam Logoby prehcm » Mon Feb 13, 2017 2:08 pm

I'd like ot backup a physical server in the cloud to a local Repository.
I can setup my Firewall to redirect TCP traffic coming from my external server's IP only on ports 100002, 2500 to 5000, 49152-65535 to the Server where the Repository runs on according to: https://helpcenter.veeam.com/docs/agent ... tml?ver=10

I was however wondering if this is considered "safe" or if there is a "better practice"?
prehcm
Novice
 
Posts: 6
Liked: never
Joined: Mon Feb 13, 2017 12:45 pm
Full Name: Ovidiu Pacuraru

[MERGED] Is it safe to open a Veeam Repo for external acces

Veeam Logoby vmniels » Mon Feb 13, 2017 3:43 pm

I would suggest creating a VPN connection between the servers instead of opening it up to the world wide web.
VCP-DCV
Veeam Certified Architect (VMCA)
http://foonet.be
vmniels
Veeam Software
 
Posts: 1633
Liked: 362 times
Joined: Mon Jul 15, 2013 11:09 am
Full Name: Niels Engelen

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby PTide » Mon Feb 13, 2017 4:06 pm

@prehcm

Niels is spot on - the number of ports that needs to be opened is way too high. Please review the thread - it contains some considerations that might be useful.

Thanks
PTide
Veeam Software
 
Posts: 3252
Liked: 273 times
Joined: Tue May 19, 2015 1:46 pm

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby prehcm » Mon Feb 13, 2017 4:11 pm

@PTide @vmniels

I have now read this whole thread and I'm not worried about getting it to work through the FW as much as I was curious to know if there is a more elegant way.

I guess I'll use the 30 days demo to test if I can get a VPN tunnel up with the pre-job scripting and shutting the tunnel down with the post-job script.
If that works alright I'll buy the server version of the agent.
prehcm
Novice
 
Posts: 6
Liked: never
Joined: Mon Feb 13, 2017 12:45 pm
Full Name: Ovidiu Pacuraru

Re: problems on ubuntu 16.04 LTS (linode.com VPS)

Veeam Logoby dgomes » Sun Feb 19, 2017 10:53 pm

prehcm wrote:@PTide @vmniels

I have now read this whole thread and I'm not worried about getting it to work through the FW as much as I was curious to know if there is a more elegant way.

I guess I'll use the 30 days demo to test if I can get a VPN tunnel up with the pre-job scripting and shutting the tunnel down with the post-job script.
If that works alright I'll buy the server version of the agent.


I haven't found a way to do it more elegantly. Customer has hundreds of linux VMs at different providers like linode. He's considering dropping veeam soon, he does not want to have to do weird "hacks" even if they work, which I guess makes sense at this scale. Currently he has veeam for local backups and I told him to wait for 9.5 to check this out but he's losing patience now. He doesn't accept that he can't just simply point his cloud linux endpoints to the VBR server via WAN IP and have it work out of the box. So I've pretty much dropped this project and our boss no longer wants us offering this feature to customers when doing our infrastructure consulting.
dgomes
Influencer
 
Posts: 20
Liked: 7 times
Joined: Sat Jan 17, 2015 7:16 pm
Full Name: David

PreviousNext

Return to Veeam Agent for Linux



Who is online

Users browsing this forum: No registered users and 1 guest