From 36ea244cedd6153ade5b19cad05c187a85e3bf1d Mon Sep 17 00:00:00 2001 From: Tomas Celaya Date: Wed, 13 Dec 2017 16:57:29 -0800 Subject: [PATCH] Include a warning about the interaction between `translate_wan_addrs` and `bind_addr` in the Basic WAN guide. --- website/source/docs/guides/datacenters.html.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/website/source/docs/guides/datacenters.html.md b/website/source/docs/guides/datacenters.html.md index 66aaf0e7a7..583996c3e3 100644 --- a/website/source/docs/guides/datacenters.html.md +++ b/website/source/docs/guides/datacenters.html.md @@ -104,5 +104,19 @@ between IP addresses across regions as well. Usually, this means that all datace must be connected using a VPN or other tunneling mechanism. Consul does not handle VPN or NAT traversal for you. +Note that for RPC forwarding to work the bind address must be accessible from remote nodes. +Configuring `serf_wan`, `advertise_wan_addr` and `translate_wan_addrs` can lead to a +situation where `consul members -wan` lists remote nodes but RPC operations fail with one +of the following errors: + +- `No path to datacenter` +- `rpc error getting client: failed to get conn: dial tcp :0->:: i/o timeout` + +The most likely cause of these errors is that `bind_addr` is set to a private address preventing +the RPC server from accepting connections across the WAN. Setting `bind_addr` to a public +address (or one that can be routed across the WAN) will resolve this issue. Be aware that +exposing the RPC server on a public port should only be done **after** firewall rules have +been established. + The [`translate_wan_addrs`](/docs/agent/options.html#translate_wan_addrs) configuration provides a basic address rewriting capability.