`Warning: DNS doesn't seem to work properly` for Telepresence on Windows via Teleport over Cloudflare WARP VPN
pjking07 opened this issue · comments
Describe the bug
When we connect to Telepresence via Teleport on any Windows host connected to Cloudflare WARP VPN, we observe that the Cloudflare VIF is temporarily removed while the tel0 VIF is being created, and then telepresence DNS does not work. We further observe from ipconfig /all that the tel0 adapter shows Connection-specific DNS Suffix and Connection-specific DNS Suffix Search List each containing only tel2-search.
Otherwise, we are able to successfully connect to Telepresence with:
- Telepresence via Teleport on a macOS host connected to WARP VPN
- Telepresence via Teleport in a Windows VM on a macOS host connected to WARP VPN
- Telepresence via Teleport in a Windows VM on a Windows host connected to WARP VPN
To Reproduce
While connected to Cloudflare WARP VPN on a Windows host:
telepresence connect- Observe: Cloudflare WARP DNS is disconnected and reconnected while
connectis executing - Observe:
error: connector.Connect: failed to connect to root daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded
- Observe: Cloudflare WARP DNS is disconnected and reconnected while
telepresence connect- Observe
Warning: DNS doesn't seem to work properly
- Observe
After the second connect, we are able to connect to k8s services via IP, but not via DNS.
❯ telepresence loglevel trace
Launching Telepresence User Daemon
Launching Telepresence Root Daemon
Warning: You are executing the "telepresence loglevel <error,warning,info,debug,trace> [flags]" command without a preceding "telepresence connect", causing an implicit connect to take place. The implicit connect behavior is deprecated and will be removed in a future release.
telepresence loglevel: error: connector.Connect: failed to connect to root daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded
❯ telepresence connect
Connected to context teleport.shared-services.wisely.io-olo-devenv, namespace user-pj (https://teleport.shared-services.wisely.io:3026)
Warning: DNS doesn't seem to work properly
❯ telepresence gather-logs
Warning: DNS doesn't seem to work properly
Logs have been exported to C:\Users\PJKing\telepresence_logs.zip
Expected behavior
I expected DNS to work properly.
Versions
Telepresence
❯ telepresence version
OSS Client : v2.18.0
OSS Root Daemon: v2.18.0
OSS User Daemon: v2.18.0
Traffic Manager: not connected
Windows
Edition Windows 11 Pro
Version 22H2
Installed on 10/16/2023
OS build 22621.3296
Experience Windows Feature Experience Pack 1000.22687.1000.0
Kubernetes on AWS EKS
❯ kubectl version
Client Version: v1.29.1
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.10-eks-508b6b3
WARNING: version difference between client (1.29) and server (1.27) exceeds the supported minor version skew of +/-1
VPN-related bugs:
❯ telepresence test-vpn
telepresence test-vpn: error: the test-vpn command is deprecated. Please see https://www.getambassador.io/docs/telepresence/latest/reference/vpn to learn how to configure telepresence for your VPN.
Client: Cloudflare WARP 2024.2.187.0
❯ ipconfig /all
...
Unknown adapter CloudflareWARP:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Cloudflare WARP Interface Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2606:4700:110:896a:dde9:63b0:f569:d4d3(Preferred)
Link-local IPv6 Address . . . . . : fe80::83b:d647:4bed:d388%6(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 127.0.2.2
127.0.2.3
NetBIOS over Tcpip. . . . . . . . : Enabled
Unknown adapter tel0:
Connection-specific DNS Suffix . : tel2-search
Description . . . . . . . . . . . : WireGuard Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ffaf:d56c:a096:4bb%68(Preferred)
IPv4 Address. . . . . . . . . . . : 10.201.128.0(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.192.0
IPv4 Address. . . . . . . . . . . : 172.22.0.0(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : ::ffff:127.0.2.2
::ffff:127.0.2.3
127.0.2.2
127.0.2.3
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
tel2-search
...
Additional context
We are unsure where the error lies and how to further diagnose this behavior.
❯ tsh version
WARNING
Detected incompatible client and server versions.
Minimum server version supported by tsh is 15.0.0-aa but your server is using 13.4.17.
Please use a tsh version that matches your server.
You may use the --skip-version-check flag to bypass this check.
Teleport v15.1.1 git: go1.21.7
Proxy version: 13.4.17
Proxy: teleport.shared-services.wisely.io:443
I have found that extending the timeouts.trafficManagerAPI to 30s in config.yml resolves the error: connector.Connect: failed to connect to root daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded. However, the DNS reports not working as before.
config.yml
logLevels:
userDaemon: trace
timeouts:
trafficManagerAPI: 30s❯ telepresence connect
Launching Telepresence User Daemon
Launching Telepresence Root Daemon
Connected to context teleport.shared-services.wisely.io-olo-devenv, namespace user-pj (https://teleport.shared-services.wisely.io:3026)
Warning: DNS doesn't seem to work properly
❯ telepresence version
OSS Client : v2.18.0
OSS Root Daemon : v2.18.0
OSS User Daemon : v2.18.0
OSS Traffic Manager: v2.18.0
Traffic Agent : docker.io/datawire/tel2:2.18.0