I have disabled the network card of my virtual machine in Google Cloud (right clic - Disable). Now it is impossible for me to reconnect or reactivate it. I'm new to this and can't figure out how to reactivate it.
If anyone has the solution, it would be helpful.
You cannot reactivate the interface because the vm just lost control with Google cloud when you deactivated the network interfacte.
You need to connect to the machine using the machine serial port (like in the old days).
Open the VM from the web interface and click in "edit".
Then select "Enable connecting to serial ports " (it is the first thing you can choose), and save the changes.
Open again the VM and wou'll see in "Remote Access" you can SSH to the machine AND connect to the serial port.
Once you have serial port access, you can log in.
If you don't have a user in the VM (because you used your GCP user) you'll need to reboot the VM while you're connected to the VM using the serial console and do a root password recovery.
Related
I was able to successfully SSH into the Google Cloud VM I had set up yesterday, but today for some reason I can't, and I didn't mess with any of the settings, especially not the Firewall settings. It keeps giving me these errors now:
Connection via Cloud Identity-Aware Proxy Failed
Code: 4003
Reason: failed to connect to backend
You may be able to connect without using the Cloud Identity-Aware Proxy.
Then when I click on "Connect without Identity-Aware Proxy" I get the following error:
Connection Failed
We are unable to connect to the VM on port 22. Learn more about possible causes of this issue.
I don't know what happened. Yesterday it was working fine and now it's not.
At first, try to disable Cloud Identity-Aware Proxy and connect to the VM instance via web Console.
After that, check logs:
Go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM -> at the VM instance details find section Logs and click on Serial port 1 (console)
Reboot your VM instance.
Check full boot log for any errors or/and warnings.
If your VM instance doesn't start up verify that your disk has a valid file system and a valid master boot record (MBR) by following the documentation General troubleshooting.
If you found errors/warning related to disk space you can try to resize it accordingly to the documentation Resizing a zonal persistent disk, also accordingly to the article Recovering an inaccessible instance or a full boot disk:
If an instance is completely out of disk space or if it is not running
a Linux guest environment, then automatically resizing your root
filesystem isn't possible, even after you've increased the size of the
persistent disk that backs it. If you can't connect to your instance,
or your boot disk is full and you can't resize it, you must create a
new instance and recreate the boot disk from a snapshot to resize it.
Otherwise try get access to your VM instance via serial console :
Enable serial console connection with gcloud command:
gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
--metadata serial-port-enable=TRUE
or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and check Enable connecting to serial ports
Create temporary user and password to login: shutdown your VM and set a startup script by adding at the section Custom metadata key startup-script and value:
useradd --groups google_sudoers tempuser
echo "tempuser:password" | chpasswd
and then start your VM.
Connect to your VM via serial port with gcloud command:
gcloud compute connect-to-serial-port NAME_OF_YOUR_VM_INSTANCE
or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> and click on Connect to serial console
Check what went wrong.
Disable access via serial port with gcloud command:
gcloud compute instances add-metadata NAME_OF_YOUR_VM_INSTANCE \
--metadata serial-port-enable=FALSE
or go to Compute Engine -> VM instances -> click on NAME_OF_YOUR_VM_INSTANCE -> click on EDIT -> go to section Remote access and uncheck Enable connecting to serial ports. Keep in mind that accordingly to the documentation Interacting with the serial console:
Caution: The interactive serial console does not support IP-based access
restrictions such as IP whitelists. If you enable the interactive
serial console on an instance, clients can attempt to connect to that
instance from any IP address. Anybody can connect to that instance if
they know the correct SSH key, username, project ID, zone, and
instance name. Use firewall rules to control access to your network
and specific ports.
If you weren't able to connect via serial console, try follow the documentation Troubleshooting SSH section Inspect the VM instance without shutting it down and inspect the disk of your VM on another VM. Same way you can transfer your data to another working VM instance.
I had had the same issue while running composer update.
In my case an rebooting of the VM-Instance has solved it.
Beased on these error messages, I guess that your project has Identity-Aware Proxy (IAP) enabled, which sometimes may affect the ability to SSH into an instance, depending on the configuration.
In order to rule out this, you may try the following:
Create the firewall rules for allowing IAP to connect to your instances
Grant the necessary permissions to use IAP
Tunnel the SSH connection through IAP
I setup a Google Cloud VM instance with Windows and connected to it through RDP, which worked fine. Though when I quit the session and tried to access it again, I obtained the following error message:
Chrome RDP could not connect to '35.246.214.127'. Please try again.
Error message by Chrome RDP
The instance is running (green light and stats are flashing on the dashboard).
I already checked the firewall settings as suggested and the required port permissions are granted.
The connection through SSH was also possible. But I need RDP to access running software on the GUI.
To use RDP in a GCE Windows VM:
Go to Compute Engine, and click in the arrow next to "RDP" > "Download RDP file".
Then click in the arrow next to "RDP" > "Set Windows password" > "Set" > and copy the password.
Then go to https://remotespark.com/view/rdp.html upload the file, set the user password, and connect.
Other option is enter in this VM > "Edit" > check "Enable connecting to serial ports" > "Save" > and then you can connect the VM through the serial port.
You can also try to restart the VM. Maybe your session still open and you could have a limit of only one user.
https://community.dynamics.com/365/b/dynamics365enterprisecloudfronts/posts/setup-simultaneous-remote-login-for-multiple-users
Lose control of the VM Instance Debian 9 in Google Compute Engine when I try to connect to a VPN Service Provider (NordVPN).
I have an active subscription with NordVPN and I have always used this VPN without problems, both from Windows, from Mobile, and from Linux on-premises virtual machines.
Now I find myself for a project to use it on different VM Debian 9 machines in Google Cloud.
I installed the client (the test was done both with the custom client of the vendor, and with openVPN with the list of the vendor's servers) but when I go to connect between the VM and the VPN I lose control of the machine, the terminal hangs. This problem does not occur if I use a local VM instead.
I can no longer ping it from both the internal address and the external address.
Premise that I am not a networking master.
The test was done both with the IP Forwarding enabled and disabled at the time the VM was created.
I only find material online to create a VPN server within GCP but it is not my case.
My situation is instead that the VM is the client and the VPN server is external.
No doubt I believe this situation is possible but I cannot understand that further settings I have to enter with respect to the local VM.
Thank you all.
It’s seems that the VPN Client is receiving network routes from your VPN Provider so the VM is routing all traffic through the VPN so all inbound connections are being dropped.
You best chance to know what’s going on inside your VM once the network access is not available, as you described, is to interact with the Serial Console [1]. In [1] you can find step by step how to access your VM using the serial console through your Google Cloud Platform panel.
Now, in GCP (normally) all VM have only 1 vNIC and is through that vNIC that all traffic is being routed. When you connect your VM to NordVPN a new Network device is created (tun). If your default route [4] is set to send all default traffic to your tun (the NordVPN) and not the vNIC of GCP, when a new SYNC [5] request gets to your VM, your VM will send the ACK answer through your network card TUN (NordVPN) and not to the ETH0 (Google VM). Because the connection did not began through NordVPN, NordVPN will drop the connection.
The behavior I explained is totally expected, because you want that all traffic from your VM go to NordVPN so you can surf the net anonymously. The disadvantage is that your VM will not be able to receive incoming traffic.
[1] https://cloud.google.com/compute/docs/instances/interacting-with-serial-console
[2] https://help.ubuntu.com/community/OpenVPN
[3] https://nordvpn.com/es/tutorials/linux/openvpn/
[4] https://www.cyberciti.biz/faq/howto-debian-ubutnu-set-default-gateway-ipaddress/
[5] https://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml
[6] https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway
I logged to my ssh in google cloud Linux Machine by mistake i changed firewall rule and i lost ssh connection. now i am not able login to ssh(22), Is there any way to recover that ?
I know I can take shanpshots of my machine and create new instances using that snapshot. but is there anyway to get again ssh login in same machine or i have to delete it.
Try connecting to the instance via the serial console: https://cloud.google.com/compute/docs/instances/interacting-with-serial-console. From there you should be able to repair the firewall rules.
pjhsea I tried your steps and it is connecting to serial port but it asks passphrase. I was not sure where I have given this passphrase. If you try to access serial port on gcloud console then it always asks for passphrase.
So I tried below steps and I was able to connect to serial port to change firewall setting on my ubuntu VM.
Goto Compute Engine -> VM Instances fro left side menu.
Click on name of the VM you are facing issue connecting using SSH.
It will open VM Instance details page.
On details tab under VM name there will be two dropdown for remote access.
SSH and Connect to serial console.
Click on serial console and select serial port 1(console)
This connect to serial console without any passphrase and I was able to change my firewall rules using below command.
ufw allow 22
Now you should be able to connect using SSH.
I don't have outbound RDP access, and want to connect to a new VM created on google cloud.
Is there a built in console for controlling them?
You can access the VM serial console.
To access the VM serial console, you have to go to: https://console.cloud.google.com/compute/instances?project=[your-project-id] then click on the name of your virtual instance, then check the option "Enable connecting to serial ports". After that click on "Connect to serial port"