Ping failure

[fernandez.r.nqn]

Hi, I am having a problem with my Proxmox VE 6.4-13. The ping resolves my ip but does not return packets.

Code:
root@PP:~# ping download.proxmox.com
PING na.cdn.proxmox.com (144.217.225.162) 56(84) bytes of data.
^C
--- na.cdn.proxmox.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 75ms

Check the DNS and they are fine

Thanks

 

[oguz]

hi,

works here:

root@pve ~ # ping -c 4 download.proxmox.com
PING de.cdn.proxmox.com (212.224.123.70) 56(84) bytes of data.
64 bytes from de.cdn.proxmox.com (212.224.123.70): icmp_seq=1 ttl=59 time=29.6 ms
64 bytes from de.cdn.proxmox.com (212.224.123.70): icmp_seq=2 ttl=59 time=27.6 ms
64 bytes from de.cdn.proxmox.com (212.224.123.70): icmp_seq=3 ttl=59 time=20.7 ms
64 bytes from de.cdn.proxmox.com (212.224.123.70): icmp_seq=4 ttl=59 time=20.8 ms

--- de.cdn.proxmox.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 20.656/24.649/29.551/3.982 ms
root@pve ~ # ping -c 4 na.cdn.proxmox.com
PING na.cdn.proxmox.com (144.217.225.162) 56(84) bytes of data.
64 bytes from na.cdn.proxmox.com (144.217.225.162): icmp_seq=1 ttl=51 time=113 ms
64 bytes from na.cdn.proxmox.com (144.217.225.162): icmp_seq=2 ttl=51 time=113 ms
64 bytes from na.cdn.proxmox.com (144.217.225.162): icmp_seq=3 ttl=51 time=112 ms
64 bytes from na.cdn.proxmox.com (144.217.225.162): icmp_seq=4 ttl=51 time=112 ms

--- na.cdn.proxmox.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 8ms
rtt min/avg/max/mdev = 112.495/112.513/112.543/0.237 ms

can you ping other hosts like google.com and so on?

maybe you have ICMP dropped somewhere.

also not every host will respond to ICMP packets

 

[fernandez.r.nqn]

Hi, thanks for answering
No ping works

root@PP:~# ping -c 4 download.proxmox.com
PING na.cdn.proxmox.com (144.217.225.162) 56(84) bytes of data.

--- na.cdn.proxmox.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 58ms

root@PP:~# ping -c 4 na.cdn.proxmox.com
PING na.cdn.proxmox.com (144.217.225.162) 56(84) bytes of data.

--- na.cdn.proxmox.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 73ms

root@PP:~# ping -c 4 google.com
PING google.com (172.217.172.110) 56(84) bytes of data.

--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 52ms

Thanks

 

[oguz]

maybe you have ICMP dropped somewhere.

check your firewall configuration...

does everything else work? for example if you do a curl https://google.com do you get any response?

 

[fernandez.r.nqn]

Hi, Firewall is not configured



Response from curl:
root@PP:~# curl --proxy lcaproxy01:80 -v https://google.com
* Trying 10.12.242.8:80...
* Connected to lcaproxy01 (10.12.242.8) port 80 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to google.com:443
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> User-Agent: curl/7.74.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection Established
< Proxy-Agent: IWSS
< Date: Mon, 03 Jan 2022 11:46:53 GMT
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.google.com
* start date: Nov 29 02:22:33 2021 GMT
* expire date: Feb 21 02:22:32 2022 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5644ba85c560)
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< date: Mon, 03 Jan 2022 11:46:55 GMT
< expires: Wed, 02 Feb 2022 11:46:55 GMT
< cache-control: public, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host lcaproxy01 left intact


This Proxmox connects via Proxy


Best regards

Rodrigo

 

[oguz]

okay since curling google seems to work i guess we can rule out a general network issue...

Firewall is not configured

have you also checked the Datacenter firewall rules?

 

[fernandez.r.nqn]

Datacenter is this way



Best regards,
Rodrigo

 

[oguz]

could you please try:

apt install traceroute
traceroute -T download.proxmox.com
traceroute -I download.proxmox.com

and post it here?

also can you access the repositories with apt normally?

 

[gb00s]

Proxmox VE 6.4-13
Kernel 5.4.157-1-pve

I would like to jump in here as I have the same issue. Once I restart networking a ping works once or twice, apt update command works once and then everything stops working. This issue popped up after updating the system. Sometimes the dashboard is not reachable through https://ip:8006. Then 5 min later it's available.

traceroute -T download.proxmox.com

root@pve1:~# traceroute -T download.proxmox.com
traceroute to download.proxmox.com (212.224.123.70), 30 hops max, 60 byte packets
1 192.168.10.1 (192.168.10.1) 0.420 ms 0.567 ms 0.732 ms
2 228.88-199-145.vspace.pl (88.199.145.228) 3.966 ms 4.052 ms 4.004 ms
3 238.88-199-145.vspace.pl (88.199.145.238) 4.112 ms 4.133 ms 4.179 ms
4 1.88-199-147.vspace.pl (88.199.147.1) 4.291 ms 4.245 ms 4.319 ms
5 * * *
6 * * *
7 83.238.248.170 (83.238.248.170) 13.031 ms 12.948 ms 12.976 ms
8 83.238.248.16 (83.238.248.16) 14.808 ms 16.788 ms 17.298 ms
9 de-cix.edge1.fra2.de.first-colo.net (80.81.194.3) 27.966 ms 27.913 ms 27.384 ms
10 212.224.104.5 (212.224.104.5) 28.833 ms 27.937 ms 27.849 ms
11 de.cdn.proxmox.com (212.224.123.70) 36.924 ms 35.059 ms 33.315 ms

traceroute -I download.proxmox.com

root@pve1:~# traceroute -I download.proxmox.com
download.proxmox.com: Temporary failure in name resolution
Cannot handle "host" cmdline arg `download.proxmox.com' on position 1 (argc 2)

 

[oguz]

I would like to jump in here as I have the same issue.

not sure if you have the same issue since:
download.proxmox.com: Temporary failure in name resolution seems to imply your DNS is not working properly -- in the original post there's only an ICMP block. your GUI not being reachable also implies different issues to me.

Once I restart networking a ping works once or twice, apt update command works once and then everything stops working. This issue popped up after updating the system.

sounds weird but... did you reboot the machine after upgrades?

Proxmox VE 6.4-13
Kernel 5.4.157-1-pve

is also a little outdated, maybe you should also look into upgrading to PVE7 [0]

[0]: https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0

 

[fernandez.r.nqn]

could you please try:

apt install traceroute
traceroute -T download.proxmox.com
traceroute -I download.proxmox.com

and post it here?

also can you access the repositories with apt normally?

thanks for the answers, there is a firewall server in our network, it is blocking my communication

Best regards.
Rodrigo

 

[oguz]

thanks for the answers, there is a firewall server in our network, it is blocking my communication

so it works now?