Error on stop/start/deploy instances while connected on VPN

[leolns]

problem

When a client is connected to the VPN, any operation to stop, start, or create a new instance from the console results in an error. Version 4.21.0.0

In the server's log:

(```
DirectAgent-479:[ctx-b89239bb, 10.254.254.40, job-57256/job-57258, cmd: DhcpEntryCommand]) (logid:98f34a9f) SSH execution of command /opt/cloud/bin/update_config.py vm_dhcp_entry.json.842c51cb-d1e9-4147-a92f-8e26a73bd709 has an error status code in return. Result output: Invalid unit name "cloud-password-server@10.72.2.1,10.72.2.141" escaped as "cloud-password-server@10.72.2.1\x2c10.72.2.141" (maybe you should use systemd-escape?).
Traceback (most recent call last):
  File "/opt/cloud/bin/update_config.py", line 147, in <module>
    process_file()
  File "/opt/cloud/bin/update_config.py", line 57, in process_file
    finish_config()
  File "/opt/cloud/bin/update_config.py", line 42, in finish_config
    returncode = configure.main(sys.argv)
                 ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/cloud/bin/configure.py", line 1691, in main
    execDatabag(json_type, databag_map)
  File "/opt/cloud/bin/configure.py", line 1678, in execDatabag
    executor.process()
  File "/opt/cloud/bin/cs/CsDhcp.py", line 54, in process
    self.add(self.dbag[item])
  File "/opt/cloud/bin/cs/CsDhcp.py", line 234, in add
    if i > v['network'].network and i < v['network'].broadcast:                                                                                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: '<' not supported between instances of 'IPAddress' and 'NoneType'   

Inside the virtual router at /opt/cloud/bin/cs/CsDhcp.py:

if i > v['network'].network and i < v['network'].broadcast:

While a VPN connection exists, the VPN interface returns an empty broadcast, which triggers the error.

versions

Cloudstack 4.21.0.0
Esxi 8.0u3g
VPC with dual redundant VR on a Isolated Network

The steps to reproduce the bug

1. Connect into a vpn
2. Try to stop/start/deploy a new instance on webui

What to do about it?

No response

[boring-cyborg]

Thanks for opening your first issue here! Be sure to follow the issue template!

[weizhouapache]

@leolns
can you log into the VR, and share the output of ip a command ?

[leolns]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:01:00:ca:00:a1 brd ff:ff:ff:ff:ff:ff
altname enp3s0
altname ens160
inet 10.254.254.192/23 brd 10.254.255.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 1e:00:0e:00:00:a7 brd ff:ff:ff:ff:ff:ff
altname enp11s0
altname ens192
inet X.X.X.51/24 brd X.X.X.255 scope global eth1
valid_lft forever preferred_lft forever
inet X.X.X.56/24 brd X.X.X.255 scope global secondary eth1
valid_lft forever preferred_lft forever
inet X.X.X.52/24 brd X.X.X.255 scope global secondary eth1
valid_lft forever preferred_lft forever
inet X.X.X.57/24 brd X.X.X.255 scope global secondary eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 02:01:00:d8:00:1f brd ff:ff:ff:ff:ff:ff
altname enp19s0
altname ens224
inet 10.72.2.141/24 brd 10.72.2.255 scope global eth2
valid_lft forever preferred_lft forever
inet 10.72.2.1/24 brd 10.72.2.255 scope global secondary eth2
valid_lft forever preferred_lft forever
14: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1410 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet 10.1.2.1 peer 10.1.2.2/32 scope global ppp0
valid_lft forever preferred_lft forever
15: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet 10.1.2.1 peer 10.1.2.3/32 scope global ppp1
valid_lft forever preferred_lft forever

[weizhouapache]

@leolns
can you test the changes below with /opt/cloud/bin/cs/CsDhcp.py ?

diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
index 0f9f4a59374..e831001626d 100755
--- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
@@ -231,7 +231,7 @@ class CsDhcp(CsDataBag):
         i = IPAddress(entry['ipv4_address'])
         # Calculate the device
         for v in self.devinfo:
-            if i > v['network'].network and i < v['network'].broadcast:
+            if i > v['network'].network and v['network'].broadcast and i < v['network'].broadcast:
                 v['dnsmasq'] = True
                 # Virtual Router
                 v['gateway'] = entry['default_gateway']

[leolns]

It tested it and it worked!

Thanks

[weizhouapache]

fixed by #11681