VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

iSCSI related applications
Post Reply
madikos
New here
Posts: 2
Joined: Sat Dec 05, 2020 2:52 am

VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

Post by madikos »

Hello everyone
I've got device:

Firmware: 4.2.6
Model : QNAP TS-459U+

I would like to connect it via iSCSI to my VMware ESXi 6.0u3, 5050593 server.

Unfortunately, when CHAP authentication is ON, in my virtualizator logs i see:
Login to iSCSI target iqn.2004-04.com.qnap:xxxxxxxxxx cc7a84 on vmhba35 @ vmk0 failed. Target returned login error of: 0201. error

I'd tried to set every easy login and pass, to avoid misstake, but no mather of anything, it just doesn't work.
When CHAP auth is off, everything work perfectly, but it's unsecure because any machine, could connect to it.

I've set ACL to denied all and allow only this server, but it seems to not working at all.
Even denied for everything, still is giving me a posibility to connect it to my pc
madikos
New here
Posts: 2
Joined: Sat Dec 05, 2020 2:52 am

Re: VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

Post by madikos »

For test, i'd used TS-351 with firmware 4.5.1.1480 and it work perfectly.

Does anyone have idea, why TS-459 got this problem??
deathmage85
Starting out
Posts: 20
Joined: Thu May 06, 2021 12:24 pm

Re: VMware EXSi 6.0u3 + TS-459U+ - problem with CHAP auth iSCSI

Post by deathmage85 »

Observation: Can I ask why your iSCSI is on an L3/L2 segment that is peering? - word to the wise, iSCSI should always be Out-of-Bound (OOB). I personally wouldn't enable CHAP on ISCSI, especially as the best practice is for ISCSI to OOB of normal LAN traffic.

Recommendation: isolate your ISCSI network from LAN traffic, disable CHAP, and the problem is resolved by mitigating risk completely as the iSCSI traffic is completely isolated (OOB).
Sr. System Administrator
Certifications: Microsoft Certified Solutions Expert x 3, Microsoft 365 Certified: Enterprise Administrator Expert, Microsoft Certified: Azure Administrator, Office 365 Messaging Administrator, Microsoft Certified: Azure Virtual Desktop Specialty, VMware VCP 5 & 6 DCV/NV, VMware vExpert 2015-2021, CompTIA: A+, Network+, Storage+, Server+, Security+, CySA+, CASP+
Blog: https://www.G15IT.com

Lab:
(1) TS-832X - (Hybrid) - (4) 8 TB WD Red Pro in RAID 10, (4) WD Blue 1 TB SSD's in RAID 5 - QM2 Dual M.2 SSD card

(1) TS-832X - (All-Flash) - (8) 1 TB WD Blue SSD's in RAID 5 - QM2 Dual M.2 SSD card

(2) TS-230 - (2) 6 TB's RAID 1 - Backup repository for Veeam BR 9.5

(1) TS-453D - (4) 6 TB's in RAID 6 - File Server with QM2 Dual M.2 SSD card
Post Reply

Return to “iSCSI – Target & Virtual Disk”