X2Go Bug report logs - #1012
Session reconnect doesn't work (x2gobroker)

Full log

Message #90 received at 1012@bugs.x2go.org (full text, mbox, reply):

Received: (at 1012) by bugs.x2go.org; 15 Oct 2019 18:08:50 +0000
From mail@mel.vin  Tue Oct 15 20:08:48 2019
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_NONE
	autolearn=ham autolearn_force=no version=3.4.2
Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.142])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 459025DAED
	for <1012@bugs.x2go.org>; Tue, 15 Oct 2019 20:08:35 +0200 (CEST)
Received: from submission (posteo.de [89.146.220.130]) 
	by mout02.posteo.de (Postfix) with ESMTPS id A50912400E5
	for <1012@bugs.x2go.org>; Tue, 15 Oct 2019 20:08:34 +0200 (CEST)
Received: from customer (localhost [127.0.0.1])
	by submission (posteo.de) with ESMTPSA id 46t3MP6cyRz9rxL
	for <1012@bugs.x2go.org>; Tue, 15 Oct 2019 20:08:33 +0200 (CEST)
From: Melvin Vermeeren <mail@mel.vin>
To: 1012@bugs.x2go.org
Subject: Issue has been resolved
Date: Tue, 15 Oct 2019 20:08:28 +0200
Message-ID: <1904195.klsIam7rci@verm-r4e>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart4720267.Qom0uiC4Hy"; micalg="pgp-sha512"; protocol="application/pgp-signature"

[Message part 1 (text/plain, inline)]

Found part of the issue. To secure the services I use OpenVPN, even for SSH. 
For this example the "public hostname" is example.com. When you connect to the 
OpenVPN service example.com you can now also reach example.com through the 
secure VPN with IP 10.8.0.1.

The broker only listens on 10.8.0.1, so this means you need both a device 
holding the OpenVPN keys and username+password in the broker to log in. This 
way external, untrusted devices cannot try to log in at all. SSH daemon 
requires public keys, password auth is disabled.

In session profiles inifile, previously the value was host=10.8.0.1. This way 
the SSH traffic gets tunnelled through the VPN too. Now that this is changed 
to host=example.com, I can see status "(suspended)" or "(running)" in 
x2goclient, depending on the server state.

X2Go always uses the system's real $HOST to determine the session hostname. So 
even if inifile host=10.8.0.1 x2golistsessions will lists it as:
12345|foobar-50-....|50|example.com|...

Even though suspended/running status now works clicking on the suspended 
session in x2goclient still starts up a new session. The broker log:
> base_broker.X2GoBroker.select_session(): no X2Go Server could be contacted, 
> session startup will fail, tried these hosts: ['example.com']

The fix was to use the host syntax documented in load balancing mode:
host=example.com (10.8.0.1)

With this change everything works perfectly. I think the documentation, 
perhaps in the inifile itself, should add some IMPORTANT note regarding this. 
If the host field is not properly configured many things don't work properly.

tl;dr The host name MUST match whatever is listed in x2golistsessions and the 
host IP/target MUST match whatever the broker is bound to.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.