Running a web app behind OpenVPN

Hi,

we are developing a web app that will have to run behind an OpenVPN tunnel.
Is there possibly an issue in Xojo when having tun adapters on the server?

The app runs fine when being accessed through the public IP of the server. But for security reasons this shall be blocked in the future.
I cannot get the app loading on the internal VPN IP. Even not if I specify --NetworkInterfaceIndex to the tun network adapter. It hangs loading the page forever. I tried different ports and also tested with a different App to verify that it should work in general. So the issue seems to be in Xojo.

Has anybody successfully installed an Xojo web app behind a VPN?

best regards

Fabian

Yes
I have a web app that I can reach both over the public internet and via our VPN. The app also connects via VPN to a database which is in a third location. I have not had any issues. Runs reliably all day long.

Is it possible there are any rules effecting traffic over your VPN that could be blocking any kind of traffic?

Do you get the loading page at all or does it never connect?
Are you able to get any kind of response at all using cURL or similar tool?

[quote=334668:@Fabian Eschrich]Hi,

we are developing a web app that will have to run behind an OpenVPN tunnel.
Is there possibly an issue in Xojo when having tun adapters on the server?

The app runs fine when being accessed through the public IP of the server. But for security reasons this shall be blocked in the future.
I cannot get the app loading on the internal VPN IP. Even not if I specify --NetworkInterfaceIndex to the tun network adapter. It hangs loading the page forever. I tried different ports and also tested with a different App to verify that it should work in general. So the issue seems to be in Xojo.

Has anybody successfully installed an Xojo web app behind a VPN?

best regards

Fabian[/quote]
What are you setting --NetworkInterfaceIndex to?

@John Joyce
I think VPN rules can not be the problem as I get http traffic through to other services on several ports.

It seems to me the loader starts because I can see my loading message in the title. Trying with curl I can see the unsupported Browser Message.

@Greg O’Lone
–NetworkInterfaceIndex=2 because that is the index for the machine IP address which I found while looping through System.GetNetworkInterface.

For more details I created 2 http log files from a simple, empty web app.

With vpn:
10.8.0.42 - - [08/Jun/2017:08:06:25 0200] “GET / HTTP/1.1” 200 3000 “-” “1”
10.8.0.42 - - [08/Jun/2017:08:06:26 0200] “GET /0487BBE642666D23614317F83871087AA8E9560E/styles.css HTTP/1.1” 200 11588 “-” “keep-alive”
10.8.0.42 - - [08/Jun/2017:08:06:26 0200] “GET /framework/framework.js HTTP/1.1” 200 93425 “-” “keep-alive”

Without vpn (public IP address changed to xxx.xxx.xxx.xxx):
xxx.xxx.xxx.xxx - - [08/Jun/2017:08:10:35 0200] “GET / HTTP/1.1” 200 3000 “-” “text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8”
xxx.xxx.xxx.xxx - - [08/Jun/2017:08:10:37 0200] “GET /framework/framework.js HTTP/1.1” 304 273 “-” “Login="
xxx.xxx.xxx.xxx - - [08/Jun/2017:08:10:37 0200] “GET /4C83F69F4E0050DF50E71BC5D54B85779AF27AC2/styles.css HTTP/1.1” 200 11588 “-” "text/css,
/
;q=0.1"
xxx.xxx.xxx.xxx - - [08/Jun/2017:08:10:38 0200] “POST /4C83F69F4E0050DF50E71BC5D54B85779AF27AC2/comm/event/Event.Open HTTP/1.1” 200 732 “-” "
/

xxx.xxx.xxx.xxx - - [08/Jun/2017:08:10:38 0200] “POST /4C83F69F4E0050DF50E71BC5D54B85779AF27AC2/comm/event/Event.Resized HTTP/1.1” 200 2 “-” “/
xxx.xxx.xxx.xxx - - [08/Jun/2017:08:10:38 0200] “POST /4C83F69F4E0050DF50E71BC5D54B85779AF27AC2/comm/event/LGwCbCO8.Shown HTTP/1.1” 200 2 “-” “/

That would indicate that the app is returning data. 200 3000 is httpstatus 200 (OK) and 3000 bytes were returned.

You can see that the framework is being delivered, but there are no requests beyond that. I’d open the developer tools on your browser and see if there are any errors.

yes, I see that the loader page is received on the browser but from then nothing happens anymore.
developer tools show no error.

I am wondering why the accept headers are empty in the vpn log

After some testing with several browsers and curl today I found out that the launch page always loads fine. I just cannot get framework.js to load through the VPN. No content filtering or firewall rules apply so I currently have no idea why this happens

Is there any caching happing at a local level? …network, VPN, local machine?
Perhaps something needs cleared.

Do you get the whole framework file if you try to load it directly by curl?

no there is 0 server response when trying to load the framework directly with curl

You aren’t even getting a header (run curl with -i flag)?

This is a standalone app?

after 2 days of intense testing and talking to some network gurus it turned out that the default MTU size of openvpn was the problem. we added tun-mtg 1300 now to the client configuration and now the framework.js can be loaded.
Thanks for your help

Good - I am glad that you worked it out!