This post discusses the Troubleshooting Steps for Connectivity Issues you can face while connecting to a Compute(Linux/Windows) & Database Instance in Oracle Cloud (OCI).
There could be multiple reasons of Instance Connectivity issues in OCI like:
- Issue 1: In Security List SSH port 22 (Linux) and Port 3389 (Windows) is not open from the internet in Cloud Firewall and port 1521 to connect to database listener.
- Issue 2: SSH Public key you generated was not uploaded properly while creating the instance (or you are not using Private Key Properly in Putty).
- Issue 3: You have forgotten to add the Private key under SSH->Auth
- Issue 4: It could be a typo issue for username
Before moving into the Issues, Pre-checks and its fixes, I would recommend you check my previous posts where I have covered how to create Compute(Linux/Windows) & Database Instance.
- Create Compute (Linux/Windows Machine) On Oracle Cloud (OCI)
- How To Create Database on Oracle’s Gen2 Cloud (OCI)
Steps for Connecting to a Compute (Linux/Windows) & Database Instance:
There are 3 main ways to network to Oracle Cloud Instance i.e…
- SSH (Secure Shell)
- IPsec VPN (Virtual Private Network)
- FastConnect
Note: Here is a slide from the Connectivity/Security Module of our Cloud Trainings ( 1Z0-932, DBA to Cloud DBA & EBS (R12) on Cloud).
Note: Here, I have explained the Troubleshooting steps of connectivity when you are using SSH (Secure Shell) with Public IP. If you want to connect On-Premise Data with FastConnect or IPSec VPN via DRG (Dynamic Routing Gateway) within the VCN, Create Instance or deploy Database on Private Subnet and use Private IP to connect.
Connectivity Issues:
At the beginning of this post, I mentioned there could be multiple reasons for issues on Instance connectivity, Let’s see how the error will look like:
- Issue 1: In Security List SSH port 22 (Linux) and Port 3389 (Windows) is not open from the internet in Cloud Firewall and 1521 Port to connect to database listener.
- telnet <public IP of Machine> 22
- telnet <public IP of Machine> 3389
Network Error: Connection timed out
- Issue 2: SSH Public key you generated was not uploaded properly while creating the instance (or you are not using Private Key Properly in Putty).
PUTTY Fatal Error: Disconnected: No supported authentication methods available (server sent: publickey, gssapi-keyex, gssapi-with-mic)
- Issue 3: You have forgotten to add the Private key under SSH->Auth
- Issue 4: It could be a typo issue for username
Troubleshooting:
Let’s start with the pre-checks you should follow before Troubleshooting to the Compute/Database Instance.
PRE-CHECKS:
- The Instance should be created in the Public Subnet.
- Subnet should have a Route to the Internet Gateway.
- Port 22 (Linux)/3389 (Windows) and Port 1521 should be Open in the Security List.
- If connected to the office VPN/network, Firewall Blocking, Port 22/3389 should be open.
- Test the Connectivity.
Check 1: Subnet Should be Public.
To connect to your instance, you’ll need its public IP address. You will get the public IP only when you have used the Public Subnet while creating the Instance. If you have selected the Private Subnet, you can’t change it to the public and you will have to create a new Instance in the Public Subnet.
Note: There are 2 types of Subnet Public & Private (Check more on Subnets here)
Private IP:
If you Create Instance or deploy Database on Private Subnet, you only get Private IP of your Machine & database host machine. It only accepts connections from machines within the VCN or you can connect to your on-premises network using FastConnect or IPSec VPN via DRG (Dynamic Routing Gateway)
Public IP:
When you create Instance or a database using Public Subnet, you will be getting Private & Public IP both and you will be able to access your Instance and database host machine using Public IP.
a) Steps to Get the Public IP of the Compute Instance:
- In the Console, click on “Compute”.
- Click on the Instance name to see its details.
3. Make a note of the Public IP Address.
b) Steps to Get the Public IP of the Database Instance:
Note: You will get the public IP only if you have used the Public Subnet. If you have selected the Private Subnet, you can’t change it to the public, and you will have to create a new Instance.
- Login to the OCI Console and navigate to the Database section.
2. Click on the Database name on which you want to connect.
3. On the left side of the Database Instance Details page, click on Nodes under the Resources.
Check 2: Route to the Internet Gateway (IGW).
Next Step is to check the Public Subnet belonging to the Instance should have a Routing Table going to the Internet Gateway.
- Login to the OCI console, navigate to the VCN & select the VCN which you have used during Instance creation.
- Go to the VCN details page, & click on the Public Subnet which belongs to the Instance.
3. This Subnet should have the Route Table associated with it and that Route Table should have a connection to the Internet Gateway.
Note: If you created the VCN without Related Resources, then you have to manually create the Internet Gateway & the Route Table.
a) Steps to Create Internet Gateway & Add Route Rule:
- Click on the VCN, then under Resources click on the Internet Gateway.
- Create an Internet Gateway and fill all the required details.
3. Click on the Route Table from the left Submenu.
4. Click on the Default Route Table and add the Route Rules.
5. Enter the required fields (Target type, Destination CIDR Block, Compartment, Target IGW).
Check 3: Port 22 (Linux)/3389 (Windows) and Port 1521 Should be Open.
Next step is to check if Port 22 (Linux) & 3389 (for Windows) is opened in the Security List.
Note: Security List is the firewall which allows the connection.
- Under Networking, click on VCN.
- From the left submenu, select the Public Subnet in which you have created the Database or the Compute machine.
- Click on the Security List and then click on the Security List name.
- Under your Security List, add an Ingress rule to open Port 22 (for Linux) & open Port 3389 (for Windows).
To know how to create a security list and open port in Oracle Gen2 Cloud check here
Note: If you want to open port 1521, then follow the same process & you can give the source CIDR of your choice, where 0.0.0.0/0 will open for the Public Internet & in the same way you can provide the VCN or Subnet CIDR.
In order to find if SSH port 22 is open on Cloud from the Internet, use telnet from the machine you are connecting
telnet <public IP of Machine> 22
If the port is open you should see output like
Trying 129.154.72.105…
Connected to .129.154.72.105
Escape character is ‘^]’.
In order to find if Port 3389 is open, use the cmd command prompt
telnet <public IP of Machine> 3389
Note: Make sure you have enabled Telnet Client in your Desktop/Laptop. Go to Programs and Features->Windows Features->Telnet Client.
Check 4: Office VPN/network, Firewall Blocking, Port 22/3389 Should be Open
If you are using Office VPN/Network while connecting to a Compute/Database Instance in Oracle Cloud (OCI). Make sure Port 22 for Linux Machine and Port 3389 for Windows machine are open.
Check if your Laptop/Pc Firewall is blocking the connectivity
Test the Connectivity:
Now that you have performed all the Steps for troubleshooting, check whether you can connect to your instance or not.
You can connect to a running Instance using a Secure Shell (SSH) for Linux or Remote Desktop connection for Windows. To connect to a Linux Instance from your Laptop, you can download a FREE SSH client called PuTTY from Here.
Enter the Public IP Address in the Hostname, then add the SSH Private key under SSH & then Auth. Click on Open.
Well, that was all on How to Create & Connect Windows/Linux machine on Oracle Cloud (OCI).
Hope the mentioned troubleshooting steps will help you.
Related/Further Readings
- Create Compute (Linux/Windows Machine) On Oracle Cloud (OCI)
- How To Create Database on Oracle’s Gen2 Cloud (OCI)
- [Video] Troubleshooting the Database Connectivity On Oracle Cloud (OCI)
- Oracle Cloud: Create VCN, Subnet, Firewall (Security List), IGW, DRG: Step By Step
- Networking In Oracle Gen 2 Cloud: VCN | Subnet | IGW | DRG | Firewall | Load Balancer
- Subnets Are Now Regional (OCI: New Feature)
Begin your journey towards becoming an Oracle Cloud [1Z0-932] Certified Architect by Joining the FREE Masterclass on How To Become Oracle Certified Cloud Architect [1Z0-932] in 8 Weeks, and start preparing today to clear the Oracle Cloud Infrastructure Architect Exam-(1Z0-932) Certification Exam.
Click on the image below to Register for the FREE Masterclass NOW!
FREE Community
Click on the below image to join our FREE Telegram Group.
The post [Troubleshooting] Compute (Linux/Windows) & Database Instance Connectivity Issue in Oracle Cloud (OCI) appeared first on Oracle Trainings.