NuSphere Forums Forum Index
NuSphere Forums
Reply to topic
Failed to start DBG session using ssh tunnel and openvpn


Joined: 31 May 2017
Posts: 57
Reply with quote
Hello,
I'm experiencing a weird problem with remote debugging when done through OpenVPN.

First: remote debuggin works perfectly with SSH Tunnelling inside PHPED If I don't keep the OpenVPN connection OPEN.

If I open an OpenVPN connection (with all the traffic going through it) I'm unable to connect anymore and in the browser I get:

Reason: failed to connect to the client at <my openvpn ip>:7869, please make sure that IDE is running

But if I open a shell and I type:

ssh -R 7869:localhost:7869 user@remote_host

I'm perfectly able to login on the server.

On the server in this case I'm able to see the connection:
[root@ip-172-31-43-236 centos]# netstat -nap|grep 7869
tcp 0 0 127.0.0.1:7869 0.0.0.0:* LISTEN 11434/sshd: www5379
tcp 0 1 172.31.43.236:39146 XXXXXXXXX:7869 SYN_SENT 11983/php-fpm: pool

Could you please check if the remote debuggin with SSH tunnelling works with OpenVPN?

Thank you!
View user's profileFind all posts by blacktekSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8334
Reply with quote
sounds like you have to re-check if SSH tunneling in PhpED is configured in your project.
Run project settings wizard. On the page where it asks about connectivity, make sure that your SSH Tunnel account is selected.
Also when you run debugger, check View->Tab->Tunnels to make sure that the tunnel is active.
NOTE that when you run your VPN it most definitely breaks all connections, including the tunnel one.

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 31 May 2017
Posts: 57
Reply with quote
Hello Dmitri, I confirm that the ssh tunnel is checked and when the project is started in the log I see that the debug session has correctly established. Moreover on the server I see the tunnel active when it starts. Moreover when a profiling session is started I see the new connection on the server, but it seems that the reply doesn't arrive to the client.

I've started the OpenVPN connection before starting the debug connection and before phped starts the debug tunnel.

Very weird. The same problem is happening on two different pc/clients.

Any idea?
View user's profileFind all posts by blacktekSend private message


Joined: 31 May 2017
Posts: 57
Reply with quote
Hello,
here the new tests done this morning - step by step

steps

1) PHPED closed

2) login on the remote server to debug:
# netstat -nap|grep 7869
#

No output

3) on local pc

C:\Users\pc\Desktop>netstat -an|grep 7869

C:\Users\pc\Desktop>telnet localhost 7869
Connessione a localhost...Impossibile aprire una connessione con l'host. sulla porta 7869: Connessione non riuscita [unable to open a connection]

4) Started OpenVPN connection (configured in order that all the traffic goes through the VPN).

5) Opened PHPED (not on the project to debug remotely). Nothing appears on the client and on the server

6) I active the project to debug remotely in PHPED.

in phped log tab I see:
Tunnel [tunn_name] remote tunnel successfully established on localhost:7869 12:02:52

7) on the remote server I see:

[root@ip-172-31-43-236 centos]# netstat -nap|grep 7869
[root@ip-172-31-43-236 centos]# netstat -nap|grep 7869
tcp 0 0 127.0.0.1:7869 0.0.0.0:* LISTEN 1193/sshd: www53797
tcp6 0 0 ::1:7869 :::* LISTEN 1193/sshd: www53797

Cool on the local pc I see:
C:\Users\pc\Desktop>netstat -an|grep 7869
TCP 0.0.0.0:7869 0.0.0.0:0 LISTENING
TCP [::]:7869 [::]:0 LISTENING

9) the "telnet localhost 7869" on the local pc opens a communication and after some carriage returns it exits

10) after step 9 in PHPED debug log tab I see (due to the telnet):
Debugger data fetch timeout, disconnecting 12:04:21

11) I start a profiling session on the remote server.

12) on the server I immediately see:
[root@ip-172-31-43-236 centos]# netstat -nap|grep 7869
tcp 0 0 127.0.0.1:7869 0.0.0.0:* LISTEN 1193/sshd: www53797
tcp 0 1 172.31.43.236:53864 79.11.247.189:7869 SYN_SENT 8779/php-fpm: pool <=====
tcp6 0 0 ::1:7869 :::* LISTEN 1193/sshd: www53797

13) on the client browser I see:
DBG 9.1.10
Failed to start DBG session
Reason: failed to connect to the client at <my vpn ip>:7869, please make sure that IDE is running

14) in phped there is no line in the log

15) locally if I do a new "telnet localhost 7869" I see the communication starting and in the phped log "Debugger data fetch timeout, disconnecting 12:09:30"

16) during the local telnet I see locally:
C:\Users\pc\Desktop>netstat -an|grep 7869
TCP 0.0.0.0:7869 0.0.0.0:0 LISTENING
TCP 127.0.0.1:7869 127.0.0.1:50977 TIME_WAIT <======
TCP [::]:7869 [::]:0 LISTENING

But I don't see the second line during the profiling session.

17) It seems that the debugger is unable to talk over an openvpn connection; here my .ovpn file:

remote <vpn remote ip> 1194
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 15 60
comp-lzo adaptive
auth-user-pass
client
auth MD5
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
[...CUT...]
-----END CERTIFICATE-----

</ca>

<cert>
-----BEGIN CERTIFICATE-----
[...CUT...]
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----
[...CUT...]
-----END PRIVATE KEY-----

</key>


Any idea? could you please test on your end too using an OpenVPN connection?

Thank you!
View user's profileFind all posts by blacktekSend private message


Joined: 31 May 2017
Posts: 57
Reply with quote
Hello Dmitri,
had you time to make a test?

tnx! Smile
View user's profileFind all posts by blacktekSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8334
Reply with quote
Perhaps, there is nothing for me to test, at least I don't see anything.
What you need is run project settings wizard and update connectivity -- you have to check tunnel option if you want to use ssh tunnels.
Regarding your tests 9) should be performed on the server, not on the client 13) is expected to show localhost in case if tunnel is to be used. But neither is as important as project settings wizard.

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 31 May 2017
Posts: 57
Reply with quote
Wizard succeeds with no error, but profiling fails.

Could you please try running a remote profiling with ssh tunnel and OpenVPN? The OpenVPN connection is working fine for the other operations, I've shown my config file. I don't know where to look further.

Tnx
View user's profileFind all posts by blacktekSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8334
Reply with quote
No problems, feel free to ignore my advises. I will feel free to ignore your questions that stem from ignoring my advises.

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 31 May 2017
Posts: 57
Reply with quote
Hello dmitri. Should I send a screenshot of debugger wizard output?

What can I do to follow your advices? I'm ready to execute the steps needed. Later I'll redo steps 9 and 13,now replying from mobile
View user's profileFind all posts by blacktekSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8334
Reply with quote
yup, that may help me understand it better what's going on on your side

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website


Joined: 31 May 2017
Posts: 57
Reply with quote
tests done.

connected with ssn tunnel without vpn

step 9 on the client and on the server both have the same result. They are able to open a telnet session with localhost on port 7869 and after the telnet session ends in the PHPED log I see:

"telnet localhost 7869" run locally: Debugger data fetch timeout, disconnecting 08:38:52
"telnet localhost 7869" run remotely: Debugger data fetch timeout, disconnecting 08:39:32

Now I've switched to another phped project, the tunnel was closed properly (Tunnel [<tunnel name>] remote tunnel on localhost:7869 is closed 08:39:48 )

Now I've started the openvpn connection and switched to the phped project with this problem; in the log tab I see:
Tunnel [<tunnel name>] remote tunnel successfully established on localhost:7869 08:41:24

local telnet is fine:
"telnet localhost 7869" run locally: Debugger data fetch timeout, disconnecting 08:38:52

remote telnet is fine too:
"telnet localhost 7869" run remotely: Debugger data fetch timeout, disconnecting 08:45:43

I try to start profiling on my remote project:
https://<website>/dbg-sample.php

Nothing in the PHPED log and in the browser I see:

DBG 9.1.10

Failed to start DBG session

Reason: failed to connect to the client at <vpn ip>:7869, please make sure that IDE is running
Not sure what it means? Visit http://www.nusphere.com/dbg/?err=-5 for troubleshooting.
If you didn't intend to run debug session you may want to drop debugger cookie by clicking this button:

Debugger request: "2705908@clienthost:7869;d=0,p=1"
Request found in: "$_COOKIE['DBGSESSID']"
Target PHP version: "7.2.x"
Server API: "FPM/FastCGI"
Extensions API: "320170718"
Modules API: "20170718"
PHP API: "20170718"


DBG Toolbar settings:
Development machine: clienthost
Port: 7869
Session: checked

Here the wizard output - no errors, only some warnings that I think are safe - I'm currently using PHPED 19.1 (I cannot upgrade to 19.2 at the moment):

PHP CHECK:

.php file extension is associated with PHP
Warning: (-25) installed version of PhpED is probably outdated
Warning: (-30) Failed to verify /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 SSL certificate, embedded browsers may fail to work
[E=62: Hostname mismatch]
Warning: (-30) Failed to verify /O=Digital Signature Trust Co./CN=DST Root CA X3 SSL certificate, embedded browsers may fail to work
[E=62: Hostname mismatch]
Warning: (-30) Failed to verify /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 SSL certificate, embedded browsers may fail to work
[E=10: certificate has expired]
dbg-wizard version is 4.0.4003
client outbound IP=<vpn ip>, another network
platform Linux-glibc-2.17/x86_64, supported
php version 7.2.29, ts: 0, sapi: fpm-fcgi
php.ini file is /etc/php.ini
php extension_dir /usr/lib64/php/modules
document root /var/www/vhosts/<redacted>/httpdocs/pub
debugger version 9.1.10, enabled
Info: Zend OPcache is loaded. This extension may interfere with php debugger
Info: xdebug is loaded. This extension may interfere with php debugger
Please check if a newer version of PhpED available
You may want to either install a valid SSL certificate onto your web server or switch to an external browser
if your experience any problems with debugger or with functions like step-in/step-out/breakpoints etc, please comment out or disable Zend OPcache extension in /etc/php.ini
if your experience any problems with debugger or with functions like step-in/step-out/breakpoints etc, please comment out or disable xdebug extension in /etc/php.ini
please proceed with [Next >>] button

Debugger check:
dbglistener is listening on: all addresses, port: 7869, upnp: 0
SSH tunnel status: successfully established, ok
Warning: (-30) Failed to verify /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 SSL certificate, embedded browsers may fail to work
[E=62: Hostname mismatch]
Warning: (-30) Failed to verify /O=Digital Signature Trust Co./CN=DST Root CA X3 SSL certificate, embedded browsers may fail to work
[E=62: Hostname mismatch]
Warning: (-30) Failed to verify /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 SSL certificate, embedded browsers may fail to work
[E=10: certificate has expired]
debug session is started
stepped into dbg-sample.php(2) line
breakpoint triggered at dbg-sample.php(3) line
succeeded with evaluating expression
succeeded with run to cursor at dbg-sample.php(9) line
debug session is finished
You may want to either install a valid SSL certificate onto your web server or switch to an external browser
click [Finish] button

Should I don any other test?

Please note that everything is the same without OpenVPN with the only exception that profiling works.

Any help is much appreciated.
View user's profileFind all posts by blacktekSend private message
Site Admin

Joined: 13 Jul 2003
Posts: 8334
Reply with quote
> I try to start profiling on my remote project

Details?
How do you run profiling?

_________________
The PHP IDE team
View user's profileFind all posts by dmitriSend private messageVisit poster's website
Failed to start DBG session using ssh tunnel and openvpn
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT - 5 Hours  
Page 1 of 2  

  
  
 Reply to topic