MeshCentral: Peering is broken
Describe the bug Peers cannot connect. Agents connected with 1 peer appear offline in the others.
To Reproduce Setup peering as per https://www.youtube.com/watch?v=j8xIRGScju0 Same data folder and everything. For convenience I use mongodb Atlas. I will change to a local replica when it works.
dubug -peer server 1
PEER: OutPeer s2: Connecting to: wss://ip.of.server.2:443/meshserver.ashx
PEER: OutPeer s2: Connected
PEER: OutPeer: BAD MESSAGE(A1)
PEER: OutPeer s2: Disconnected
server 2
PEER: InPeer: Connected (ip.of.server.1)
PEER: InPeer: Soft disconnect null (ip.of.server.1)
PEER: InPeer disconnect undefined (ip.of.server.1)
Server Software (please complete the following information):
- OS: Ubuntu 22.04
- Virtualization: Docker (official image)
- Network: WAN, no proxy
- Version: 1.1.11
- Node: v18.17.1
Additional context
I tried commenting out the “BAD MESSAGE” check to see how far it will go but it errors again in the next statement on line 107 with PEER: OutPeer: Server hash mismatch..
I then tried disabling TLS altogether and peering over ws:// but then errored out on line 130 with PEER: OutPeer: Server sign check failed.
Something is really wrong with the certificate comparison going on in multiserver.js
Your config.json file
{
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
"settings": {
"plugins":{"enabled": false},
"mongoDb": "mongodb+srv://username:password@mycluster.mongodb.net/?retryWrites=true&w=majority&replicaSet=atlas-dvh64d-shard-0",
"MongoDbBulkOperations": true,
"mongoDbChangeStream": true,
"cert": "my.domain",
"SessionKey": "SOME_SESSION_KEY",
"WANonly": true,
"port": 443,
"redirPort": 80,
"AgentPong": 300,
"SelfUpdate": false,
"AllowFraming": false,
"WebRTC": true,
},
"domains": {
"": {
"hide": 5,
"newAccounts": false,
"userNameIsEmail": true,
"agentSelfGuestSharing": false
},
"my-second.domain": {
"dns": "my-second.domain",
"hide": 5,
"newAccounts": false,
"userNameIsEmail": true,
"agentSelfGuestSharing": false
}
},
"peers": {
"serverId": "s1",
"servers": {
"s1": { "url": "wss://server.public.ip:443/" },
"s2": { "url": "wss://server.public.ip:444/" }
}
}
}
In the second configuration file the only thing that changes is the serverId to s2 and I use docker port mapping to map the second instance’s ports to +1 (81,444,4434).
About this issue
- Original URL
- State: open
- Created 9 months ago
- Comments: 30 (16 by maintainers)
Commits related to this issue
- Possible fix for server peering auth problem, #5373 — committed to Ylianst/MeshCentral by Ylianst 9 months ago
@Ylianst I found my issue with the cert signing over and over It’s because both servers in the peer are using the same data folder but different config files in the same data folder And when one server starts up, it’s code-signing the exes, but then when the other server starts up, it’s then code-signing the exes again Not sure if this is by design or a bug? I’ll open a separate issue for this
Hi @Ylianst the patch didnt work my output says
OutPeer: Bad server authentication message, length = 81, should be 98. HEX: 0001135c3ffd343cfd0733061773fd7d7ffd547d241271655f7bfd7d1267fdfd2f2329bd39ce596c1865b8606ba8cf98c71e50f78e72a91720a5e0257f2969855ccd9c6115ad27527469b9e229ff30727aI’ll test it out ASAP, posting from bed it’s 1am here and Mondays are impossible. Will close this if we’re good!
I just did a possible fix for this. Grab the latest multiserver.js here, keep a backup of the old one. Replace and run again. Let me know if it works.
@rallisf1 ive just re-read ur first post
Peers cannot connect. Agents connected with 1 peer appear offline in the others.i didnt try as i through the issue was trying to set it up! my bad! let me try wont be longEDIT: oh yeh i see the same? how weird?
done a PR so you dont have to edit the docker image next time for debug you will be able to set an environment
ARGS=--debug peerin the next release!