Crashplan...connect SSH tunnel to Jail or FreeNas IP?

[Jaknell1011]

After reading all possible threads on here (special thanks to the noobie post here: http://forums.freenas.org/threads/crashplan-plugin.15366/page-2#post-80234) I feel like I am getting VERY close to having this up and running. But I must be missing something.

I have the crashplan jail configured as 10.10.1.87. My FreeNas box is configured with IP 10.10.1.85.

The jail is listening on ports:
tcp4 0 0 *.4242 *.* LISTEN
tcp4 0 0 127.0.0.1.4243 *.* LISTEN

Everything seems to be running and all queries come back with expected results.

I am using Putty to create a tunnel from source port 4200 to destination "localhost:4243". I am connecting Putty to 10.10.1.85:22 (SSH) and creating the tunnel.

Is this the correct way to do it? When I open the crashplan UI I still get "Unable to connect to backup engine". (I have configured ui.properties to "serviceport=4200")

If I telnet localhost 4200 from inside the ssh session (10.10.1.85) I get unable to connect. If I telnet localhost 4200 inside the jail I am unable to connect. But if I telnet localhost 4243 inside the jail I get a connection.

I feel like I am missing something simple. Can anyone spot what it is?! Thanks.

 

[Dusan]

I have the crashplan jail configured as 10.10.1.87. My FreeNas box is configured with IP 10.10.1.85.

The jail is listening on ports:
tcp4 0 0 *.4242 *.* LISTEN
tcp4 0 0 127.0.0.1.4243 *.* LISTEN

Everything seems to be running and all queries come back with expected results.

I am using Putty to create a tunnel from source port 4200 to destination "localhost:4243". I am connecting Putty to 10.10.1.85:22 (SSH) and creating the tunnel.

In Putty set the tunnel destination as "10.10.1.87:4243". You current setup forwards the connection to FreeNAS, you need to direct it to the jail.

 

[Jaknell1011]

Quick Response! Thanks for the help.

OK I now have Putty set to 10.10.1.87:4243. Now when I try to connect Putty to 10.10.1.87 I get no response. Do I connect Putty to 10.10.1.87 or 10.10.1.85?

SSH 10.10.1.85 I get a connection, 10.10.1.87 I do not.

 

[Jaknell1011]

I also realized I can ping 10.10.1.85 from my PC, but not 10.10.1.87 (the jail). Should I be able to ping the jail? I can ping it from an SSH session on the FreeNas itself (10.10.1.85)

 

[Dusan]

You should connect Putty to 10.10.1.85, set the tunnel destination as "10.10.1.87:4243" and then point your Crashplan client to localhost:4200 (I assume the client is running on the same machine as Putty).

 

[Jaknell1011]

I have that exact configuration in Putty and Crashplan. I am getting a connection with the SSH and Putty but Crashplan keeps saying "Unable to connect..."

When I connect via shell to the jail it seems like everything is up and running as it should be, but I just can't seem to get the UI connected to the jail.

 

[Jaknell1011]

For reference, here is my Crashplan ui.properties file:

Code:

#Fri Dec 09 09:50:22 CST 2005
#serviceHost=localhost
servicePort=4200
#pollerPeriod=1000  # 1 second
#connectRetryDelay=10000  # 10 seconds
#connectRetryAttempts=3
#showWelcome=true
 
#font.small=
#font.default=
#font.title=
#font.message.header=
#font.message.body=
#font.tab=

And here is the results from my sockstat -4:

Code:

root@crashplan_1:/ # sockstat -4
USER    COMMAND    PID  FD PROTO  LOCAL ADDRESS        FOREIGN ADDRESS
root    java      5560  56 tcp4  127.0.0.1:4243        *:*
root    java      5560  57 tcp4  *:4242                *:*
root    java      5559  56 tcp4  127.0.0.1:4243        *:*
root    java      5559  57 tcp4  *:4242                *:*
root    java      5558  56 tcp4  127.0.0.1:4243        *:*
root    java      5558  57 tcp4  *:4242                *:*
root    java      5557  56 tcp4  127.0.0.1:4243        *:*
root    java      5557  57 tcp4  *:4242                *:*
root    java      5556  56 tcp4  127.0.0.1:4243        *:*
root    java      5556  57 tcp4  *:4242                *:*
root    java      5555  56 tcp4  127.0.0.1:4243        *:*
root    java      5555  57 tcp4  *:4242                *:*
root    java      5554  56 tcp4  127.0.0.1:4243        *:*
root    java      5554  57 tcp4  *:4242                *:*
root    java      5553  56 tcp4  127.0.0.1:4243        *:*
root    java      5553  57 tcp4  *:4242                *:*
root    java      5552  56 tcp4  127.0.0.1:4243        *:*
root    java      5552  57 tcp4  *:4242                *:*
root    java      5551  56 tcp4  127.0.0.1:4243        *:*
root    java      5551  57 tcp4  *:4242                *:*
root    java      5550  56 tcp4  127.0.0.1:4243        *:*
root    java      5550  57 tcp4  *:4242                *:*
root    java      5549  56 tcp4  127.0.0.1:4243        *:*
root    java      5549  57 tcp4  *:4242                *:*
root    java      5548  56 tcp4  127.0.0.1:4243        *:*
root    java      5548  57 tcp4  *:4242                *:*
root    java      5547  56 tcp4  127.0.0.1:4243        *:*
root    java      5547  57 tcp4  *:4242                *:*
root    java      5546  56 tcp4  127.0.0.1:4243        *:*
root    java      5546  57 tcp4  *:4242                *:*
root    java      5545  56 tcp4  127.0.0.1:4243        *:*
root    java      5545  57 tcp4  *:4242                *:*
root    java      5544  56 tcp4  127.0.0.1:4243        *:*
root    java      5544  57 tcp4  *:4242                *:*
root    java      5543  56 tcp4  127.0.0.1:4243        *:*
root    java      5543  57 tcp4  *:4242                *:*
root    java      5542  56 tcp4  127.0.0.1:4243        *:*
root    java      5542  57 tcp4  *:4242                *:*
root    java      5541  56 tcp4  127.0.0.1:4243        *:*
root    java      5541  57 tcp4  *:4242                *:*
root    java      5540  56 tcp4  127.0.0.1:4243        *:*
root    java      5540  57 tcp4  *:4242                *:*
root    java      5539  56 tcp4  127.0.0.1:4243        *:*
root    java      5539  57 tcp4  *:4242                *:*
root    java      5538  56 tcp4  127.0.0.1:4243        *:*
root    java      5538  57 tcp4  *:4242                *:*
root    java      5537  56 tcp4  127.0.0.1:4243        *:*
root    java      5537  57 tcp4  *:4242                *:*
root    java      5536  56 tcp4  127.0.0.1:4243        *:*
root    java      5536  57 tcp4  *:4242                *:*
root    java      5535  56 tcp4  127.0.0.1:4243        *:*
root    java      5535  57 tcp4  *:4242                *:*
root    java      5534  56 tcp4  127.0.0.1:4243        *:*
root    java      5534  57 tcp4  *:4242                *:*
root    java      5533  56 tcp4  127.0.0.1:4243        *:*
root    java      5533  57 tcp4  *:4242                *:*
root    java      5532  56 tcp4  127.0.0.1:4243        *:*
root    java      5532  57 tcp4  *:4242                *:*
root    java      5531  56 tcp4  127.0.0.1:4243        *:*
root    java      5531  57 tcp4  *:4242                *:*
root    java      5530  56 tcp4  127.0.0.1:4243        *:*
root    java      5530  57 tcp4  *:4242                *:*
root    java      5529  56 tcp4  127.0.0.1:4243        *:*
root    java      5529  57 tcp4  *:4242                *:*
root    java      5528  56 tcp4  127.0.0.1:4243        *:*
root    java      5528  57 tcp4  *:4242                *:*
root    java      5527  56 tcp4  127.0.0.1:4243        *:*
root    java      5527  57 tcp4  *:4242                *:*
root    java      5526  56 tcp4  127.0.0.1:4243        *:*
root    java      5526  57 tcp4  *:4242                *:*
root    java      5525  56 tcp4  127.0.0.1:4243        *:*
root    java      5525  57 tcp4  *:4242                *:*
root    python2.7  3918  3  tcp4  10.10.1.87:12346      *:*
root    sshd      3731  5  tcp4  *:22                  *:*
root    syslogd    3627  7  udp4  *:514                *:*

Lastly, "netstat -na | grep LISTEN | grep 42":

Code:

tcp4 0 0 *.4242 *.* LISTEN
tcp4 0 0 127.0.0.1.4243 *.* LISTEN 

 

[Dusan]

I don't use Crashplan so I can't help you much with that.
Do you get a connection when you run telnet localhost:4200 on the Putty machine?

Code:

#Fri Dec 09 09:50:22 CST 2005
#serviceHost=localhost
servicePort=4200
#pollerPeriod=1000  # 1 second
#connectRetryDelay=10000  # 10 seconds
#connectRetryAttempts=3
#showWelcome=true
 
#font.small=
#font.default=
#font.title=
#font.message.header=
#font.message.body=
#font.tab=

Just guessing, shouldn't the serviceHost setting be uncommented (no hash at beginning of the line)?

 

[Jaknell1011]

According to Crashplan, it does not need to be changed:

http://support.code42.com/CrashPlan/Latest/Configuring/Configuring_A_Headless_Client

For what it's worth I tried it both ways and still have no luck.
Thanks again for the help. I am going on work day 2 with this and it's starting to drive me crazy.

 

[Dusan]

Ah, one more thing. Did you enable the Allow TCP Port Forwarding option in the FreeNAS SSH server settings?

 

[Jaknell1011]

Do you get a connection when you run telnet localhost:4200 on the Putty machine?

I do not get a connection when I run telnet localhost:4200 from the putty machine.

It seems as though I am unable to connect to the jail from anything other than shell or my ssh session. I can't ping it and can't telnet to it.

I do have the Allow TCP Port Forwarding option enabled.

 

[Jaknell1011]

From inside the jail, I can ping another computer sitting right next to me, but not my own. That computer can also ping the jail (10.10.1.87) but I cannot. I am beginning to think something else is going on here.

*EDIT* Just tried from another computer. When I telnet to localhost 4200, I get a connection but as soon as I hit any buttons, it closes. Is this what it should do?

*Another UPDATE***

I looked in the logs for the Putty session and I am seeing this over and over:

Code:

2013-11-12 13:56:17    Looking up host "10.10.1.85"
2013-11-12 13:56:17    Connecting to 10.10.1.85 port 22
2013-11-12 13:56:17    Server version: SSH-2.0-OpenSSH_6.2_hpn13v11 FreeBSD-20130515
2013-11-12 13:56:17    Using SSH protocol version 2
2013-11-12 13:56:17    We claim version: SSH-2.0-PuTTY_Release_0.63
2013-11-12 13:56:17    Doing Diffie-Hellman group exchange
2013-11-12 13:56:17    Doing Diffie-Hellman key exchange with hash SHA-256
2013-11-12 13:56:18    Host key fingerprint is:
2013-11-12 13:56:18    ssh-rsa 2048 29:ef:11:7c:b7:83:a3:e2:72:39:8e:58:5e:73:1b:59
2013-11-12 13:56:18    Initialised AES-256 SDCTR client->server encryption
2013-11-12 13:56:18    Initialised HMAC-SHA-256 client->server MAC algorithm
2013-11-12 13:56:18    Initialised AES-256 SDCTR server->client encryption
2013-11-12 13:56:18    Initialised HMAC-SHA-256 server->client MAC algorithm
2013-11-12 13:56:21    Sent password
2013-11-12 13:56:21    Access granted
2013-11-12 13:56:21    Opening session as main channel
2013-11-12 13:56:21    Opened main channel
2013-11-12 13:56:21    Local port 4200 forwarding to 10.10.1.87:4243
2013-11-12 13:56:21    Allocated pty (ospeed 38400bps, ispeed 38400bps)
2013-11-12 13:56:21    Started a shell/command
2013-11-12 13:57:02    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:02    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:06    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:06    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:10    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:10    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:14    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:14    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:18    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:18    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:22    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:22    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:26    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:26    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:30    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:30    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:34    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:34    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:38    Opening connection to 10.10.1.87:4243 for forwarding
2013-11-12 13:57:38    Forwarded connection refused by server: Connect failed [Connection refused]
2013-11-12 13:57:42    Opening connection to 10.10.1.87:4243 for forwarding

I do have the setting to enable forwarding, is there something else necessary to make this happen?

*Do I need to have NAT enabled on the crashplan jail? I currently have autostart and vimage enabled, but not NAT. I thought I read somewhere NAT should be disabled.*

 

[Jaknell1011]

Just checked back at the noob post in my OP and it says uncheck vimage and check NAT. I did that and still have the same problems.

What do I need to do to edit the rc.conf of the jail (or maybe the ssh.config)? I think I need to enable TCP forwarding in there, but I'm not sure about how to do this.

Just checked on this and the files look properly configured.

 

[Jaknell1011]

This issue is to be considered resolved. After several tweaks and reboots I finally got this working. I am still having connectivity issues once inside crashplan, but I will create a new thread that better applies to my problems.

For anyone that stumbles upon this in their searching, here are the steps I took to get this part of the process working.

-Enabled TCP Forwarding in SSH settings in FreeNAS
-Enabled Forwarding in the sshd_config file in the jail
-Enabled Root Login in the jail
-Created a crashplan user inside the jail and added them to "wheel"
-Restarted SEVERAL TIMES, finally getting all java working and expected results in sockstat -4, and netstat.
-Created SSH Tunnel from port 4200 to 10.10.1.87:4243 (the jail IP) using Putty, then connected Putty to 10.10.1.87 (jail IP, not the freenas box IP)
-Modified ui.properties file inside Crashplan conf folder so that servicePort=4200 and was uncommented(no # in front of it).
-killed all crashplan processes and services, restarted the service (on my PC with the UI) and then restarted the desktop app.

This finally did get the crashplan UI to connect to the FreeNAS crashplan jail, and the UI let me begin to login. My problem now is when I type my crashplan credentials I get the message "! Unable to connect, check your network"

 

[Jaknell1011]

My problem is resolved and now I have another problem...*sigh*

If you get the error "Unable to connect, check your network" try creating a new account, not using an existing. No matter what I did to try our existing Crashplan account it did not work. As soon as I created a new account from the menu, it worked just fine. Also, it created the new account as a CrashPlan home user, even though I have 2 existing Pro Accounts I wanted to use.