New Shake R18EB, not appearing online

Technical Support
1

Can you help me get R18EB online in swarm and linked to my MyShake (I’ve also got R16DA)?

RSH.R18EB.2019-03-17T22_51_26.logs.tar (766 KB)

Log files attached. Thanks.

2

hello,

thanks for your log files, they are very informative.

i have a few questions:

  1. can you describe your network set-up? what kind of LAN are you connected to? private, secondary school, university?
  2. do you know why your unit is being assigned a public IP address, as opposed to a LAN-type of address?
  3. can you confirm that you are able to reach NTP servers using the DNS servers your unit is using to resolve machine names?
    (DNS servers you are using: 142.104.6.1, 142.104.80.2)
    (sample NTP server: time.cloudflare)

a few recommendations:

  1. do not expose your unit to the internet-at-large unless absolutely necessary. we recommend that your unit be located on a local LAN, behind a router, to mitigate the possibility of it being hijacked by bad actors. if you must expose it directly, be absolutely certain to change the myshake user’s default password.
  2. refer to this page, (and if necessary, forward this to your network admin person) to confirm that all of the necessary ports are open.
  3. also confirm (with your network admin) you are able to access NTP servers outside your network. if you are on a university network, very often the university itself will provide its own NTP servers which need to be specified in the file /etc/ntp.conf

what is happening is that the NTP service is unable to communicate with an NTP server and so cannot set the computer clock. as a consequence, this causes a host of down-stream problems (system update isn’t downloaded, data cannot be forwarded, etc.).

once the problem accessing NTP servers is resolved, your units should return to their normal functioning state.

cheers,

richard

3

ivor
Leader

    March 13

hello,

thanks for your log files, they are very informative.

i have a few questions:

  1. can you describe your network set-up? what kind of LAN are you connected to? private, secondary school, university?

University (of Victoria)

  1. do you know why your unit is being assigned a public IP address, as opposed to a LAN-type of address?

This is how the VLAN in my department is configured.

  1. can you confirm that you are able to reach NTP servers using the DNS servers your unit is using to resolve machine names?

myshake@raspberryshake:/etc $ ping 1.debian.pool.ntp.org

PING 1.debian.pool.ntp.org (216.197.228.230) 56(84) bytes of data.

64 bytes from ntp.zaf.ca (216.197.228.230): icmp_seq=1 ttl=49 time=54.5 ms

^C

myshake@raspberryshake:/etc $ ping 2.debian.pool.ntp.org

PING 2.debian.pool.ntp.org (195.22.17.7) 56(84) bytes of data.

64 bytes from ftp.claranet.pt (195.22.17.7): icmp_seq=1 ttl=46 time=157 ms

64 bytes from ftp.claranet.pt (195.22.17.7): icmp_seq=2 ttl=46 time=156 ms

^C

myshake@raspberryshake:/etc $ ping time.cloudflare.com

PING time.cloudflare.com (162.159.200.123) 56(84) bytes of data.

64 bytes from time.cloudflare.com (162.159.200.123): icmp_seq=1 ttl=58 time=2.68 ms

^C

  1. (DNS servers you are using: 142.104.6.1, 142.104.80.2)

(sample NTP server: time.cloudflare)

These are UVic’s primary DNS.

myshake@raspberryshake:/opt $ ping 142.104.80.2

PING 142.104.80.2 (142.104.80.2) 56(84) bytes of data.

64 bytes from 142.104.80.2: icmp_seq=1 ttl=61 time=0.596 ms

^C

— 142.104.80.2 ping statistics —

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.596/0.596/0.596/0.000 ms

myshake@raspberryshake:/opt $ ping 142.104.6.1

PING 142.104.6.1 (142.104.6.1) 56(84) bytes of data.

64 bytes from 142.104.6.1: icmp_seq=1 ttl=61 time=0.554 ms

a few recommendations:

  1. do not expose your unit to the internet-at-large unless absolutely necessary. we recommend that your unit be located on a local LAN, behind a router, to mitigate the possibility of it being hijacked by bad actors. if you must expose it directly, be absolutely certain to change the myshake user’s default password.

Password is changed. It has to be on this network. UVic already traps many kinds of network connections coming into our VLAN. I don’t think there should be any problem with outgoing connections initiated by the Shake. I can access it on the VLAN at rs.local.

  1. refer to this page, (and if necessary, forward this to your network admin person) to confirm that all of the necessary ports are open.
  2. also confirm (with your network admin) you are able to access NTP servers outside your network. if you are on a university network, very often the university itself will provide its own NTP servers which need to be specified in the file /etc/ntp.conf

what is happening is that the NTP service is unable to communicate with an NTP server and so cannot set the computer clock. as a consequence, this causes a host of down-stream problems (system update isn’t downloaded, data cannot be forwarded, etc.).

once the problem accessing NTP servers is resolved, your units should return to their normal functioning state.

I’ve just forced the time change with date -s and restarted ntpd. I don’t know why it wouldn’t reset the clock itself.

4

Hi again,

ntpq -p showed I wasn’t able top connect to the default servers. I added UVic’s DNS servers at the head of the list and now I see a connection.

Ed

myshake@raspberryshake:/etc $ ntpq -p

 remote           refid      st t when poll reach   delay   offset  jitter
5

hi ed,

just to close the loop: ping does not use standard ports to communicate with a computer to confirm connectivity. NTP requires port 123 to be open both ways for both TCP and UDP protocols to work. successfully ping-ing a machine does not imply NTP will be able to communicate, as you discovered.

i see that you are now successfully connected to the server and forwarding your data. glad your issue is solved.

cheers,

richard