telepresenceio / telepresence

Local development against a remote Kubernetes or OpenShift cluster

Home Page:https://www.telepresence.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

`Warning: DNS doesn't seem to work properly` for Telepresence on Windows via Teleport over Cloudflare WARP VPN

pjking07 opened this issue · comments

Describe the bug

When we connect to Telepresence via Teleport on any Windows host connected to Cloudflare WARP VPN, we observe that the Cloudflare VIF is temporarily removed while the tel0 VIF is being created, and then telepresence DNS does not work. We further observe from ipconfig /all that the tel0 adapter shows Connection-specific DNS Suffix and Connection-specific DNS Suffix Search List each containing only tel2-search.

Otherwise, we are able to successfully connect to Telepresence with:

  • Telepresence via Teleport on a macOS host connected to WARP VPN
  • Telepresence via Teleport in a Windows VM on a macOS host connected to WARP VPN
  • Telepresence via Teleport in a Windows VM on a Windows host connected to WARP VPN

To Reproduce

While connected to Cloudflare WARP VPN on a Windows host:

  • telepresence connect
    • Observe: Cloudflare WARP DNS is disconnected and reconnected while connect is executing
    • Observe: error: connector.Connect: failed to connect to root daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded
  • telepresence connect
    • Observe Warning: DNS doesn't seem to work properly

After the second connect, we are able to connect to k8s services via IP, but not via DNS.

❯ telepresence loglevel trace
Launching Telepresence User Daemon
Launching Telepresence Root Daemon
Warning: You are executing the "telepresence loglevel <error,warning,info,debug,trace> [flags]" command without a preceding "telepresence connect", causing an implicit connect to take place. The implicit connect behavior is deprecated and will be removed in a future release.
telepresence loglevel: error: connector.Connect: failed to connect to root daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded
❯ telepresence connect
Connected to context teleport.shared-services.wisely.io-olo-devenv, namespace user-pj (https://teleport.shared-services.wisely.io:3026)
Warning: DNS doesn't seem to work properly
❯ telepresence gather-logs
Warning: DNS doesn't seem to work properly
Logs have been exported to C:\Users\PJKing\telepresence_logs.zip

Expected behavior

I expected DNS to work properly.

Versions

Telepresence

❯ telepresence version
OSS Client     : v2.18.0
OSS Root Daemon: v2.18.0
OSS User Daemon: v2.18.0
Traffic Manager: not connected

Windows

Edition	Windows 11 Pro
Version	22H2
Installed on	10/16/2023
OS build	22621.3296
Experience	Windows Feature Experience Pack 1000.22687.1000.0

Kubernetes on AWS EKS

❯ kubectl version
Client Version: v1.29.1
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.10-eks-508b6b3
WARNING: version difference between client (1.29) and server (1.27) exceeds the supported minor version skew of +/-1

VPN-related bugs:

❯ telepresence test-vpn
telepresence test-vpn: error: the test-vpn command is deprecated. Please see https://www.getambassador.io/docs/telepresence/latest/reference/vpn to learn how to configure telepresence for your VPN.

Client: Cloudflare WARP 2024.2.187.0

❯ ipconfig /all
...

Unknown adapter CloudflareWARP:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Cloudflare WARP Interface Tunnel
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2606:4700:110:896a:dde9:63b0:f569:d4d3(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::83b:d647:4bed:d388%6(Preferred) 
   IPv4 Address. . . . . . . . . . . : 172.16.0.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 127.0.2.2
                                       127.0.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter tel0:

   Connection-specific DNS Suffix  . : tel2-search
   Description . . . . . . . . . . . : WireGuard Tunnel
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ffaf:d56c:a096:4bb%68(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.201.128.0(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.192.0
   IPv4 Address. . . . . . . . . . . : 172.22.0.0(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : ::ffff:127.0.2.2
                                       ::ffff:127.0.2.3
                                       127.0.2.2
                                       127.0.2.3
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       tel2-search
...

Additional context

We are unsure where the error lies and how to further diagnose this behavior.

❯ tsh version

WARNING
Detected incompatible client and server versions.
Minimum server version supported by tsh is 15.0.0-aa but your server is using 13.4.17.
Please use a tsh version that matches your server.
You may use the --skip-version-check flag to bypass this check.

Teleport v15.1.1 git: go1.21.7
Proxy version: 13.4.17
Proxy: teleport.shared-services.wisely.io:443

telepresence_logs.zip

I have found that extending the timeouts.trafficManagerAPI to 30s in config.yml resolves the error: connector.Connect: failed to connect to root daemon: rpc error: code = DeadlineExceeded desc = context deadline exceeded. However, the DNS reports not working as before.

config.yml

logLevels:
  userDaemon: trace
timeouts:
  trafficManagerAPI: 30s
❯ telepresence connect
Launching Telepresence User Daemon
Launching Telepresence Root Daemon
Connected to context teleport.shared-services.wisely.io-olo-devenv, namespace user-pj (https://teleport.shared-services.wisely.io:3026)
Warning: DNS doesn't seem to work properly
❯ telepresence version
OSS Client         : v2.18.0
OSS Root Daemon    : v2.18.0
OSS User Daemon    : v2.18.0
OSS Traffic Manager: v2.18.0
Traffic Agent      : docker.io/datawire/tel2:2.18.0

telepresence_logs.zip

This issue was resolved by #3564