VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

iSCSI related applications
Post Reply
madikos
New here
Posts: 2
Joined: Sat Dec 05, 2020 2:52 am

VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

Post by madikos » Thu Dec 10, 2020 3:19 pm

Hello everyone
I've got device:

Firmware: 4.2.6
Model : QNAP TS-459U+

I would like to connect it via iSCSI to my VMware ESXi 6.0u3, 5050593 server.

Unfortunately, when CHAP authentication is ON, in my virtualizator logs i see:
Login to iSCSI target iqn.2004-04.com.qnap:xxxxxxxxxx cc7a84 on vmhba35 @ vmk0 failed. Target returned login error of: 0201. error

I'd tried to set every easy login and pass, to avoid misstake, but no mather of anything, it just doesn't work.
When CHAP auth is off, everything work perfectly, but it's unsecure because any machine, could connect to it.

I've set ACL to denied all and allow only this server, but it seems to not working at all.
Even denied for everything, still is giving me a posibility to connect it to my pc

madikos
New here
Posts: 2
Joined: Sat Dec 05, 2020 2:52 am

Re: VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

Post by madikos » Fri Dec 11, 2020 6:04 pm

For test, i'd used TS-351 with firmware 4.5.1.1480 and it work perfectly.

Does anyone have idea, why TS-459 got this problem??

deathmage85
Starting out
Posts: 14
Joined: Thu May 06, 2021 12:24 pm

Re: VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

Post by deathmage85 » Thu May 13, 2021 11:35 am

Observation: Can I ask why your iSCSI is on an L3/L2 segment that is peering? - word to the wise, iSCSI should always be Out-of-Bound (OOB). I personally wouldn't enable CHAP on ISCSI, especially as the best practice is for ISCSI to OOB of normal LAN traffic.

Recommendation: isolate your ISCSI network from LAN traffic, disable CHAP, and the problem is resolved by mitigating risk completely as the iSCSI traffic is completely isolated (OOB).
Sr. System Administrator
Certifications: Microsoft Certified Solutions Expert x 3 (Core Infrastructure, Security, & Productivity), Microsoft Certified Azure Administrator & Office 365 Messaging Administrator, VMware VCP 5 & 6 DCV/NV, VMware vExpert 2015-2021, CompTIA: A+, Network+, Storage+, Server+, Security+, Cybersecurity Analyst+ (CySA+), and Certified Advanced Security Practioner (CASP+)
Blog: https://www.G15IT.com

Lab:
(1) TS-832X - (Hybrid) - (4) 8 TB WD Red Pro in RAID 10, (4) WD Blue 1 TB SSD's in RAID 5 - QM2 Dual M.2 SSD card

(1) TS-832X - (All-Flash) - (8) 1 TB WD Blue SSD's in RAID 5 - QM2 Dual M.2 SSD card

(2) TS-230 - (2) 6 TB's RAID 1 - Backup repository for Veeam BR 9.5

(1) TS-453D - (4) 6 TB's in RAID 6 - File Server with QM2 Dual M.2 SSD card

Post Reply

Return to “iSCSI – Target & Virtual Disk”