05-14-2018 10:40 PM
I'm trying to join a infoblox-member to an infoblox-master across a NAT boundary. For whatever reason the connection is established and then straight away the member disconnects. The following is logged...
Grid-member at x.x.x.x is no longer connected.
Suffice to say the respective rules for the OpenVPN (1194) and the Key Exchange 2114 across UDP are enabled and working and a traffic capture shows the member and master communicating across OpenVPN.
On the master I first add the member as its accessible NAT address. Connectivity has been verified.
On the member I ran the set network command and type in the accessable NAT address of the master. The member then restarts and after the reboot comes up reporting its LAN port IPv4 as the NAT address! It then fails the join and on restarts comes back up reporting its LAN port IPv4 as its actual address again. Very odd.
The log on the master looks like this.
x.x.x.x:1194 [VPN Node] Peer connection initiated with x.x.x.x:1194
[VPN Node]x.x.x.x:1194 MULTI_sva : pool returned IPv4=169.254.0.5
[VPN Node]x.x.x.x:1194 send_push_reply() safe_cap=940
Grid Member at x.x.x.x has connected to grid-master
Grid Member at x.x.x.x is no longer connected (The IP here reflects the member NAT address)
Grid Member at x.x.x.x is no longer connected (The IP here reflects the member actual IP address)
Am I adding the member incorrectly or missing something else that is obvious!
05-14-2018 11:11 PM
Ok, so I fixed this. It appears essential to configure the member servers advanced network settings and to define its NAT address. In Network > Advanced Enable NAT Compatibility. Leave the NAT Group empty and Add the NAT Addresses for the member. Without this it doesn't join. Kind of makes sense but I couldn't find anything about this in the official documentation.
05-15-2018 08:25 AM
The documentation for NAT Groups is in the Admin guide under the "Deploying a Grid" chapter.
Here is a link to the NIOS 8.2 Documentation -- which has been basically the same for a long time now: