Error: Failed to Handshake the request

Hi All,

I am new to hashicorp boundary. I am getting the following error. More details below.

Error:

kex_exchange_identification: read: Connection reset by peer
error fetching connection to send session teardown request to worker: Error dialing the worker: failed to WebSocket dial: failed to send handshake request: Get “https://<Worker Pubic IP>:9202/v1/proxy”: read tcp 100.64.0.1:54553-><Worker Pubic IP>:9202: read: connection reset by peer

Setup

2 VM machines

1 VM - boundary controller
1 VM - boundary worker

I have leveraged the systemd unit file for setting up boundary.

Configuration details are as follow.

Boundary Controller Config

disable_mlock = false
controller {
name = “kubernetes-controller”
description = “A controller for a kubernetes demo!”
database {
url = “postgres://postgres:postgres@localhost:16001/boundary?sslmode=disable”
}
public_cluster_addr = “<My Domain>:9201”
}
listener “tcp” {
address = “0.0.0.0”
purpose = “api”
tls_disable = false
tls_cert_file = “/etc/fullchain.pem”
tls_key_file = “/etc/privkey.pem”
}
listener “tcp” {
address = “0.0.0.0”
purpose = “cluster”
tls_disable = false
}
kms “aead” {
purpose = “root”
aead_type = “aes-gcm”
key = “sP1fnF5Xz85RrXyELHFeZg9Ad2qt4Z4bgNHVGtD6ung=”
key_id = “global_root”
}
kms “aead” {
purpose = “worker-auth”
aead_type = “aes-gcm”
key = “8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=”
key_id = “global_worker-auth”
}
kms “aead” {
purpose = “recovery”
aead_type = “aes-gcm”
key = “8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=”
key_id = “global_recovery”
}

Boundary Worker Config

disable_mlock = false
worker {
name = “kubernetes-worker”
description = “A worker for a kubernetes demo”
controllers = [“10.0.0.27”]
address = “<worker public ip>:9202”
public_addr = “<worker public ip>:9202”
}
listener “tcp” {
address = “0.0.0.0”
purpose = “proxy”
tls_disable = false
}
kms “aead” {
purpose = “worker-auth”
aead_type = “aes-gcm”
key = “8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=”
key_id = “global_worker-auth”
}

That probably means the client can’t contact the worker for some reason. Is this happening when you try to open your first connection to a target? Does it happen with all targets?

First connection is working fine. All the subsequent connections are throwing an error.

Command Executed:

boundary connect ssh -addr=<Boundary Domain> -target-id <Target ID> – -l <username> -i <private keyfile>

Screenshot

As you can see from the above screenshot first connection is successful. Once I logout from target instance and reinitiate the same request I am getting an error.

I’m not getting that with the test SSH target on a dev instance – there might be some reason the target is rejecting the connection beyond Boundary issues. What do you see if you watch the sshd logs on the target while you connect successfully vs. when your connection is rejected?

the problem is due to the Zscaler software which is blocking the above operations. If I execute same set of commands from AWS EC2 machine they are working. Thanks.