openbalena vpn container forwarding requests to wrong ip address

openBalena
1

Hi all, Im trying to reach my devices through ssh tunnel, I’m using an old openbalena version (2.0.0) and proxytunnel to reach the devices, everything was working ok until I made some changes regarding expired certs and this functionality stopped working.
The vpn is working ok and all devices are still reachable from the vpn container.

my docker compose network changed from 172.18.x.x to 172.24.x.x
the vpn container keeps trying to forward requests to 172.18.x.x:3128 and timeouts, it seems the vpn gets the wrong ip from a call to the api:

https://api.xxxxxx.com/v5/service_instance?$select=ip_address&$filter=manages__device/any(d:d/uuid eq 'xxxxxxxx')

it returns:

{

    "d": [

        {

            "ip_address": "172.18.0.8",

            "__metadata": {

                "uri": "/resin/service_instance(NaN)",

                "type": ""

            }

        }

    ]

}

and then the vpn tries to fordward the request to the wrong ip.

Do I need to rerun some config script to fix this or can i just change the network configuration from docker to make it work? thanks in advance

2

Hi @jose-barrerro. Welcome to the forums!

4

I think the easiest thing to do would be to recreate the containers to make sure that the new values get picked up from the docker-compose. Have you tried that?

5

Note that you do not want to delete or recreate any volume information. I would definitely do a backup first and maybe snapshots if that’s possible. Then bring it down with docker-compose down and back up again with docker-compose up --force-recreate. Does that fix the issue? (Let me emphasize again, be sure to have a multi-pronged rollback strategy in the unlikely event that something breaks).

6

Actually, as I think about it (I think it wouldn’t hurt to do the above as an option) but are your devices actually connecting after the config change? Because it would seem that the devices haven’t checked back in again in order to update their IP.

7

In other words, they should be talking to the API and reporting their IP, as well as initiating the VPN connection. How far do they get with connecting?