Cannot connect to remote vault server

Hi All, Newbie here,

I am following the tutorial and setting up the deploy with the consul running in order to unseal the vault. When I run the vault client on the same machine as the vault server it’s all fine. I can unseal using the first key. When I try to unseal from another machine I get:

Error initializing: Put http://host_ip_address:8200/v1/sys/init: dial tcp host_ip_address:8200: connectex: No connection could be made because the target machine actively refused it.

I should think this is possible as per the tutorial:
"The Vault can be unsealed from multiple computers and the keys should never be together. "

I’ve checked that the ports are opened and there is no local firewall. It’s running on a VM in the cloud and the inbound rules have ports 8200 and 8500 opened.

I’ve also tried this on a linux box next to me and saw the same behavior os it cannot be a cloud setting.

Any ideas?

Perhaps your Vault configuration has it listening only on the loopback interface. Post the “listener” stanza of your Vault configuration. If you haven’t explicitly configured it, the default is to listen only on 127.0.0.1.

There are more ports than 8500 and 8200 involved:

You could check them, too.

listener “tcp” {
address = “127.0.0.1:8200”
tls_disable = 1
}

Got it. I needed to set the listener address to “0.0.0.0:8200”. Thanks.

1 Like