Multiple VPN connections interfere with DNS/resolving of hostnames

Hello there,

First of all: Thank DAppNode you so much for your efforts. This is a great project.

[Edit: github issue: https://github.com/dappnode/DAppNode/issues/187]

Now to my problems:

I am running DAppNode on my own NUC with geth and goerli-geth fully synced.

I succesfully establish my VPN connection over my LAN (via IP4), since for networking reasons (no public IPV4 address because of DS-LITE IP sharing, not willing to allow UPNP on my router and not willing of trying fancy IPV6 traffic rules at this point in time.)

When I connect my Linux Desktop via VPN, I can access the UI and everything seems to solve.
However, after a short while http requests to other sides slow massively down, and sometimes they are not reachable at all.
Also, after a while it the my.dappnode and other *.dappnode domains are not accessible anymore and I need to disconnect and reconnect VPN in order to get it working again.
Also, RPC request to the goerli-geth nodes (goerli-geth.dappnode:8545) work initially and then stop working after a while.

In addition, I am running lighthouse beacon and validators on another local VM (ubuntu server LTS 20.04).
There, I establish a VPN connection to my dappnode, and the behaviour is much more erratic even then on the desktop:
Initially, domains *.dappnode are resolved and pingable.
After a while, it stops working.

This can also be seen in the logs of the pyrmont lighthouse beacon:
Sometimes it works:

Nov 24 15:18:31 pyrmontt0 lighthouse[765]: Nov 24 15:18:31.417 INFO Imported deposit log(s)                 new: 1, total: 103300, latest_block: 3809046, service: eth1_rpc

and then some time later it doesn’t

Nov 24 15:19:08 pyrmontt0 lighthouse[765]: Nov 24 15:19:08.371 CRIT Error connecting to eth1 node. Please ensure that you have an eth1 http server running locally on http://localhost:8545 or pass an external endpoint using `--eth1-endpoint <SERVER-ADDRESS>`. Also ensure that `eth` and `net` apis are enabled on the eth1 http server, warning: BLOCK PROPOSALS WILL FAIL WITHOUT VALID ETH1 CONNECTION, service: eth1_rpc

Then again, it might work later again:

Nov 24 15:44:46 pyrmontt0 lighthouse[765]: Nov 24 15:44:46.407 INFO Imported deposit log(s)                 new: 1, total: 103310, latest_block: 3809150, service: eth1_rpc

And again not

Nov 24 15:45:55 pyrmontt0 lighthouse[765]: Nov 24 15:45:55.414 CRIT Error connecting to eth1 node. Please ensure that you have an eth1 http server running locally on http://localhost:8545 or pass an external endpoint using `--eth1-endpoint <SERVER-ADDRESS>`. Also ensure that `eth` and `net` apis are enabled on the eth1 http server, warning: BLOCK PROPOSALS WILL FAIL WITHOUT VALID ETH1 CONNECTION, service: eth1_rpc

The same is true for pinging/tracerouting/resolving .dappnode domains:
It works at times, then it doesn’t again.

Due to these connection problems I am losing attestations and will probably lose block proposals.

Any idea what is wrong?

After some more testing, I could narrow the problem down.
This might also be highly relevant for other people with similar problems.

The issue seems to be related to more than one device connecting to the VPN (and using DNA) at the same time.

I restarted all the devices, logged into my pyrmont VM and monitored the logs.
RPC requests worked well, new deposits on the goerli ETH1 chain were recognized, and no error messages appeared.
I let this be for about two hours, and it was always good.

Then, I established a second VPN connection from my Desktop, and almost immediately the RPC connections stopped resolving and the canonical error messages started appearing:

Nov 24 18:26:08 pyrmontt0 lighthouse[765]: Nov 24 18:26:08.469 CRIT Error connecting to eth1 node. Please ensure that you have an eth1 http server running locally on http://localhost:8545 or pass an external endpoint using `--eth1-endpoint <SERVER-ADDRESS>`. Also ensure that `eth` and `net` apis are enabled on the eth1 http server, warning: BLOCK PROPOSALS WILL FAIL WITHOUT VALID ETH1 CONNECTION, service: eth1_rpc

After disconnecting the VPN connection from my desktop again, after 5 or so minutes everything was good again and no error messages appeared.

To be sure that there is not some other post-config DNS problems from my router, I did a factory reset of the router. But the problem persists as soon as multiple VPN connections are established.

Maybe this helps in tracking down the error.

(I changed the title of this post to reflect this new development)

Hi @beralt85 and welcome to our community forum!

Thanks a lot for sharing this in case other users find it helpful.

As you have also filed an issue in GitHub someone from our dev team will take it from there.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.