Trouble getting in to lsst-lsp-stable.illinois.edu

I’m trying to get up to speed on the LSP but getting stuck at Step 1.
My platform: Windows 10 (2 laptops).
I successfully connect to the NCSA VPN as follows:

  • enter sslvpn.ncsa.illinois.edu into Cisco AnyConnect
  • when connected, enter password and “push”
  • authenticate with DUO on iPhone
  • point browser to https://lsst-lsp-stable.ncsa.illinois.edu/
    After ~ 30 second the browser times out with message “The server at lsst-lsp-stable.ncsa.illinois.edu is taking too long to respond.”

Tried this multiple times on each laptop, use Firefox or MS Edge browsers, same result.

Help.

– Paul O’Connor BNL

At least on the Mac there are several groups that you can select within Cisco AnyConnect. “ncsa-vpn-default” is the correct one to select.

If that doesn’t solve the problem, then the next question would be whether you can lookup the IP address for lsst-lsp-stable.ncsa.illinois.edu or if it is a routing problem thereafter.

It’s working for me, but I am on the NOAO VPN right now rather than the NCSA one.

Also, do you have any other VPNs running at the same time? If one of them takes over all traffic, it could have similar symptoms.

No other VPNs running. I’m on a home WiFi network signed into Google MS OneDrive accounts.

And you are definitely on “ncsa-vpn-default” ? That is not (confusingly) the default in my VPN client.

Cisco AnyConnect is not pre-populated with VPN names.
I’m not an experienced user of AnyConnect.
Based on another user’s suggestion I point AnyConnect at “sslvpn.ncsa.illinois.edu” as stated above, and go through the password/push authentication process. After that completes AnyConnect says “VPN: connected to sslvpn.ncsa.illinois.edu” and the dialog box shows “NCSA SSLVPN”.

If I enter “ncsa-vpn-default” AnyConnect fails with error message “The VPN connection failed due to unsuccessful domain name resolution”.

Note that I (on Windows 10) am using “Cisco AnyConnect Secure Mobility Client” Version 4.8.03052 which I installed based on my organization’s recommendation. I.e. I did not download from the URL given in the RSP wiki. Is there another Cisco VPN product, and could this be the issue? The user interface has only a single “Connect” dialog box.
image

so there aren’t any switches to experiment with.

What does the next screen look like after you push “Connect”? Does it have something like this?

In a Windows Command Prompt, after getting the “VPN connected” message, can you execute ping lsst-lsp-stable.ncsa.illinois.edu or ping 141.142.182.135?

Here’s the next screen: image

ping request times out (URL or IP address)

Please change “avl-vpn-default” to “ncsa-vpn-default” in that dialog box.

@ktl that fixed it, thanks. Not sure why Cisco defaulted me to another group, wonder if other users will experience this. Browser timeout after successful VPN connection is quite confusing.

The documentation for connecting to the VPN mentions this. It is unfortunate that the default is (I believe) the first in alphabetical order (at least until the user has chosen something different). It’s also unfortunate that that document doesn’t explicitly mention that the profile is selected in the “Group” field.

Unfortunately, there’s no way for us to give any better error message when the wrong profile/group is selected, as no connections can be made to any of our machines at that point.

Yes. However https://wiki.ncsa.illinois.edu/display/cybersec/Virtual+Private+Network+(VPN)+Service#VirtualPrivateNetwork(VPN)Service-VPNProfiles calls these “profiles” while the Cisco dialog requests “Group:”

We just had a long back-and-forth in the Stack Club today, and following that, on the Stack Club Slack channel, where two newcomers to LSP/RSP (me being one of them) had exactly this problem. On Slack, old-timers noted that many, many people have this problem. It’s probably worth considering if there’s some way to revise the instructions to highlight this more.

thanks @TomLoredo I’ll have a look at that Slack channel, sounds useful. I participated in a stack club live event at the 2019 project & science collaboration, where the facilitators got me through the firewalls.