From cca45acd95cfac048791b8fdbf7868013001eff2 Mon Sep 17 00:00:00 2001 From: Rowena Date: Mon, 21 Oct 2024 16:58:39 +0200 Subject: [PATCH 1/3] fix(pgw): add more troubleshooting --- .../troubleshooting/cant-connect-ssh.mdx | 6 +++++- network/public-gateways/concepts.mdx | 4 ++++ ...nt-connect-to-instance-with-pn-gateway.mdx | 21 ++++++++++++------- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/compute/instances/troubleshooting/cant-connect-ssh.mdx b/compute/instances/troubleshooting/cant-connect-ssh.mdx index da2e7b2dd2..1a7f194440 100644 --- a/compute/instances/troubleshooting/cant-connect-ssh.mdx +++ b/compute/instances/troubleshooting/cant-connect-ssh.mdx @@ -133,4 +133,8 @@ You must upload the content of the public part of the SSH key pair to the Scalew If you have any difficulties connecting to an Instance after uploading a new public SSH key to your Project, try the following: - If you cannot connect to your Instance at all via SSH, reboot your Instance from the console and try again. - If you can connect to your Instance using a previously uploaded SSH key but not the new one, go ahead and connect to your Instance with the old key. Once connected, run the `scw-fetch-ssh-keys --upgrade` command, which launches a script on your Instance to update your SSH keys. You can then check that the new key has been added to the `authorized_keys` file (`~/.ssh/authorized_keys`). Note that this command works only for Instances. - \ No newline at end of file + + +## Timeout when trying to connect + +You may find the SSH connection attempt times out without connecting. This is expected behavior if the Instance is attached to a Private Network on which there is also a Public Gateway advertising the default route. See our [dedicated troubleshooting](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/) page for more help with this issue. \ No newline at end of file diff --git a/network/public-gateways/concepts.mdx b/network/public-gateways/concepts.mdx index 40f1f32dc4..be73d76ce8 100644 --- a/network/public-gateways/concepts.mdx +++ b/network/public-gateways/concepts.mdx @@ -18,6 +18,10 @@ The Public Gateway can advertise a default route to resources on an attached Pri You can choose to activate the advertisement of the default route when attaching a Private Network to a Public Gateway. The default route is propagated through DHCP. + +After activating the default route, all outbound and inbound traffic for resources attached to the Private Network is directed through the gateway. This includes SSH traffic destined for Instances, which means you will need to [manage SSH connections differently](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/). + + ## DHCP DHCP was previously a functionality of Scaleway Public Gateways, but has now been moved and is integrated directly into Private Networks. [Read more about DHCP on Private Networks](/network/vpc/concepts#dhcp). diff --git a/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway.mdx b/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway.mdx index 25a5ee6e31..87fe56eab3 100644 --- a/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway.mdx +++ b/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway.mdx @@ -1,24 +1,29 @@ --- meta: - title: I cannot connect to my Instance using SSH after attaching it to a Private Network which has a Public Gateway + title: I cannot connect to my Instance using SSH after attaching it to a Private Network with a Public Gateway description: This page explains how troubleshoot connection problems after attaching an Instance to a Private Network which has a Public Gateway content: - h1: I cannot connect to my Instance using SSH after attaching it to a Private Network which has a Public Gateway + h1: I cannot connect to my Instance using SSH after attaching it to a Private Network with a Public Gateway paragraph: This page explains how troubleshoot connection problems after attaching an Instance to a Private Network which has a Public Gateway tags: troubleshoot error private-network private network vpc public-gateway dates: - validation: 2024-05-24 + validation: 2024-10-21 posted: 2021-05-26 categories: - network --- - +If you are having trouble [connecting to your Instance via SSH](/compute/instances/how-to/connect-to-instance/), when the Instance is attached to a Private Network which also has an attached Public Gateway, read on for help and solutions. -- [Owner](/identity-and-access-management/iam/concepts/#owner) status or [IAM permissions](/identity-and-access-management/iam/concepts/#permission) allowing you to perform actions in the intended Organization +The action to take depends on whether: -The action to take depends on whether the Private Network(s) your Instance is on have DHCP enabled, and whether your Public Gateway is set to advertise a default route (true by default). +- The Private Network(s) attached to your Instance have [DHCP enabled](/network/vpc/how-to/activate-dhcp/), and +- Your Public Gateway is set to [advertise a default route](/network/public-gateways/concepts/#default-route) (true by default). -If it is not the case, disconnect the Instance from the Private Network, as there may be other factors impacting your Instance, like one of your Instances running a DHCP server. +If the above two conditions are not true, there may be other factors impacting your Instance, like one of your Instances running a DHCP server. Try disconnecting and reconnecting the Instance from the Private Network. -If DHCP is activated and your Public Gateway is set to advertise a default route, this is expected behavior as all the traffic towards your Instance now goes through the Public Gateway. To access your Instance using SSH, first create a static NAT association between a port of your Public Gateway (eg 2222) and the private IP assigned to your Instance, on the SSH port (22 by default). Then, SSH to the Public Gateway's IP on port 2222. \ No newline at end of file +If DHCP **is** activated and your Public Gateway **is** set to advertise a default route, not being able to connect to your Instance via SSH is **expected behavior**. All the traffic towards your Instance now goes through the Public Gateway. + +To access your Instance using SSH, either: +- Use [SSH bastion](/network/public-gateways/how-to/use-ssh-bastion/), or +- Create a static NAT association between a port of your Public Gateway (eg 2222) and the private IP assigned to your Instance, on the SSH port (22 by default). Then, SSH to the Public Gateway's IP on port 2222. \ No newline at end of file From a9744b1bc71795ccad0104315cb7b161dd181891 Mon Sep 17 00:00:00 2001 From: Rowena Jones <36301604+RoRoJ@users.noreply.github.com> Date: Mon, 21 Oct 2024 17:12:32 +0200 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Benedikt Rollik --- network/public-gateways/concepts.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/public-gateways/concepts.mdx b/network/public-gateways/concepts.mdx index be73d76ce8..506135d558 100644 --- a/network/public-gateways/concepts.mdx +++ b/network/public-gateways/concepts.mdx @@ -19,7 +19,7 @@ The Public Gateway can advertise a default route to resources on an attached Pri You can choose to activate the advertisement of the default route when attaching a Private Network to a Public Gateway. The default route is propagated through DHCP. -After activating the default route, all outbound and inbound traffic for resources attached to the Private Network is directed through the gateway. This includes SSH traffic destined for Instances, which means you will need to [manage SSH connections differently](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/). +After activating the default route, all outbound and inbound traffic for resources attached to the Private Network is directed through the Public Gateway. This includes SSH traffic destined for Instances, which means you will need to [manage SSH connections differently](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/). ## DHCP From 67a45fc43d00c64a6c5146d0938459521f1eec1e Mon Sep 17 00:00:00 2001 From: Rowena Jones <36301604+RoRoJ@users.noreply.github.com> Date: Tue, 22 Oct 2024 10:08:04 +0200 Subject: [PATCH 3/3] Update compute/instances/troubleshooting/cant-connect-ssh.mdx --- compute/instances/troubleshooting/cant-connect-ssh.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compute/instances/troubleshooting/cant-connect-ssh.mdx b/compute/instances/troubleshooting/cant-connect-ssh.mdx index 1a7f194440..514104c8e7 100644 --- a/compute/instances/troubleshooting/cant-connect-ssh.mdx +++ b/compute/instances/troubleshooting/cant-connect-ssh.mdx @@ -137,4 +137,4 @@ You must upload the content of the public part of the SSH key pair to the Scalew ## Timeout when trying to connect -You may find the SSH connection attempt times out without connecting. This is expected behavior if the Instance is attached to a Private Network on which there is also a Public Gateway advertising the default route. See our [dedicated troubleshooting](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/) page for more help with this issue. \ No newline at end of file +You may find the SSH connection attempt times out without connecting. This may be expected behavior if the Instance is attached to a Private Network on which there is also a Public Gateway advertising the default route. See our [dedicated troubleshooting](/network/public-gateways/troubleshooting/cant-connect-to-instance-with-pn-gateway/) page for more help with this issue. \ No newline at end of file