I'm running into an issue with JNLP3. I have three slaves communicating through a proxy, so by the time the traffic gets to the master, they are coming from the same IP address. The port numbers are unique; they are ephemeral ports. With JNLP3, I can't get more than one slave connected at a time. Other slaves connect, but then I get a message:

      WARNING: Making

      {slave name}

      offline because it’s not responding
      Mar 28, 2016 11:35:31 PM hudson.node_monitors.ResponseTimeMonitor$1 monitor

      If I remove the "-Djenkins.slaves.JnlpSlaveAgentProtocol3.enabled=true" switch (reverting to JNLP2), I can connect multiple slaves at the same time, no issues.

          [JENKINS-33886] Can only connect one JNLP3 slave per IP address

          get the same problem,

          4 windows virtual machines connected via jnlp to the jenkins "master" via NAT,
          seems only the "last" machine started works, all others give "channel already closed" on starting a job - but they still think they're connected.

          Florian Doersch added a comment - get the same problem, 4 windows virtual machines connected via jnlp to the jenkins "master" via NAT, seems only the "last" machine started works, all others give "channel already closed" on starting a job - but they still think they're connected.

          akshay_abd added a comment - - edited

          I tried 2 different simple setups today and could not reproduce the issue:

          • 3 JNLP nodes connect to the master from the same machine
          • 2 JNLP nodes connect to the master from different machines

          In both cases the nodes were able to stay connected and do work. jeffkayser - you mentioned that your setup involved a proxy - could you tell me some details so I can mirror your setup?

          Also - if you have time can you confirm that a "simple" setup - ie. nodes connecting without a proxy involved work?

          akshay_abd added a comment - - edited I tried 2 different simple setups today and could not reproduce the issue: 3 JNLP nodes connect to the master from the same machine 2 JNLP nodes connect to the master from different machines In both cases the nodes were able to stay connected and do work. jeffkayser - you mentioned that your setup involved a proxy - could you tell me some details so I can mirror your setup? Also - if you have time can you confirm that a "simple" setup - ie. nodes connecting without a proxy involved work?

          Jeff Kayser added a comment -

          Hi, Akshay.

          You don't need a proxy. Just using an intervening Firewall/Router should do the trick. Basically, if your Master is connecting to slaves across the Internet, the JNLP3 logic will have problems.

          You should be able to replicate via:

          Master <=> Firewall/Router <=> Internet <=> Firewall/Router <=> multiple slave machines.

          Or, more simply:

          Master <=> Network <=> Firewall/Router <=> Slaves.

          The idea is that the Firewall/Router will NAT the IP addresses of the slaves to one IP address, and the Master, seeing multiple slaves connecting via the same IP address, will get confused.

          For example:

          Slave IP addresses:
          192.168.10.1
          192.168.10.2
          192.168.10.3

          NAT firewall / Router:

          Private IP <=> Public IP
          192.168.10.1 <=> 1.2.3.4 port 100
          192.168.10.2 <=> 1.2.3.4 port 200
          192.168.10.3 <=> 1.2.3.4 port 300

          Converts all private IP addresses of the slave machines (behind the
          firewall) to the publicly routeable IP address that firewall uses to connect to the Internet.

          Internet:

          Or any other intervening network.

          Master:

          Will see three different slaves try to connect with the same IP address
          (1.2.3.4) and different NAT ports.

          Master will get confused.

          I hope this helps.

          I have slaves that are on a remote network, across the Internet, with an intervening Firewall/Router, and JNLP3 did not work. JNLP2 works fine with that configuration.

          I'll create a simple test to replicate.

          Jeff Kayser
          Jeff.kayser@dbdr.com

          Jeff Kayser added a comment - Hi, Akshay. You don't need a proxy. Just using an intervening Firewall/Router should do the trick. Basically, if your Master is connecting to slaves across the Internet, the JNLP3 logic will have problems. You should be able to replicate via: Master <=> Firewall/Router <=> Internet <=> Firewall/Router <=> multiple slave machines. Or, more simply: Master <=> Network <=> Firewall/Router <=> Slaves. The idea is that the Firewall/Router will NAT the IP addresses of the slaves to one IP address, and the Master, seeing multiple slaves connecting via the same IP address, will get confused. For example: Slave IP addresses: 192.168.10.1 192.168.10.2 192.168.10.3 NAT firewall / Router: Private IP <=> Public IP 192.168.10.1 <=> 1.2.3.4 port 100 192.168.10.2 <=> 1.2.3.4 port 200 192.168.10.3 <=> 1.2.3.4 port 300 Converts all private IP addresses of the slave machines (behind the firewall) to the publicly routeable IP address that firewall uses to connect to the Internet. Internet: Or any other intervening network. Master: Will see three different slaves try to connect with the same IP address (1.2.3.4) and different NAT ports. Master will get confused. I hope this helps. I have slaves that are on a remote network, across the Internet, with an intervening Firewall/Router, and JNLP3 did not work. JNLP2 works fine with that configuration. I'll create a simple test to replicate. Jeff Kayser Jeff.kayser@dbdr.com

          Oleg Nenashev added a comment -

          Starting from JENKINS-34819 (remoting-2.59) it is possible to disable the protocol on the slave side. It should allow working around the issue

          Oleg Nenashev added a comment - Starting from JENKINS-34819 (remoting-2.59) it is possible to disable the protocol on the slave side. It should allow working around the issue

          Sam Gleske added a comment - - edited

          I plan to roll Mac slaves behind a NAT and would prefer their communication to be encrypted. I've voted/watched for a resolution.

          Sam Gleske added a comment - - edited I plan to roll Mac slaves behind a NAT and would prefer their communication to be encrypted. I've voted/watched for a resolution.

          Oleg Nenashev added a comment -

          sag47 In middle-term there is a plan to release JNLP4 (JENKINS-36871).
          The main PR is merged into the remoting master branch towards 3.0

          Oleg Nenashev added a comment - sag47 In middle-term there is a plan to release JNLP4 ( JENKINS-36871 ). The main PR is merged into the remoting master branch towards 3.0

          Oleg Nenashev added a comment -

          JNLP4 protocol is now available in both Jenkins Weekly and LTS lines. JNLP3 is explicitly not recommended for use. IMHO the recommendation would be to migrate from JNLp3 to JNLP4 if any issue happens.

          Oleg Nenashev added a comment - JNLP4 protocol is now available in both Jenkins Weekly and LTS lines. JNLP3 is explicitly not recommended for use. IMHO the recommendation would be to migrate from JNLp3 to JNLP4 if any issue happens.

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          docs/protocols.md
          src/main/java/org/jenkinsci/remoting/engine/JnlpProtocol3Handler.java
          http://jenkins-ci.org/commit/remoting/fe2587b7f9d78334e0ab05ab0b95f39b4b600a25
          Log:
          Docs - Noting JENKINS-37302, JENKINS-33886, and JENKINS-34121 in Errata

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: docs/protocols.md src/main/java/org/jenkinsci/remoting/engine/JnlpProtocol3Handler.java http://jenkins-ci.org/commit/remoting/fe2587b7f9d78334e0ab05ab0b95f39b4b600a25 Log: Docs - Noting JENKINS-37302 , JENKINS-33886 , and JENKINS-34121 in Errata

          Code changed in jenkins
          User: Oleg Nenashev
          Path:
          docs/protocols.md
          src/main/java/org/jenkinsci/remoting/engine/JnlpProtocol3Handler.java
          http://jenkins-ci.org/commit/remoting/86e13055079fd679a46b06fc7ce54ea1eb33ac1f
          Log:
          Merge pull request #155 from oleg-nenashev/doc/jnlp3_errata

          [Docs] - Noting JENKINS-37302, JENKINS-33886, and JENKINS-34121 in JNLP3 Errata

          Compare: https://github.com/jenkinsci/remoting/compare/b8f10d809829...86e13055079f

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: docs/protocols.md src/main/java/org/jenkinsci/remoting/engine/JnlpProtocol3Handler.java http://jenkins-ci.org/commit/remoting/86e13055079fd679a46b06fc7ce54ea1eb33ac1f Log: Merge pull request #155 from oleg-nenashev/doc/jnlp3_errata [Docs] - Noting JENKINS-37302 , JENKINS-33886 , and JENKINS-34121 in JNLP3 Errata Compare: https://github.com/jenkinsci/remoting/compare/b8f10d809829...86e13055079f

          Oleg Nenashev added a comment -

          Closing as "Won't fix", upgrade to JNLP4 is the recommended solution.

          If somebody wants to fix it, please feel free to reopen it and to create a pull request

          Oleg Nenashev added a comment - Closing as "Won't fix", upgrade to JNLP4 is the recommended solution. If somebody wants to fix it, please feel free to reopen it and to create a pull request

            Unassigned Unassigned
            jeffkayser Jeff Kayser
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: