Web App http request from inside a VPN to a database also inside the VPN Fail

This last weekend the administrators of the University VPN where our Web Apps are running made some changes that required us to change the assigned IP address of web app’s server. Before this change everything worked fine.

The database is a web server sitting on port 80 and the web apps are on the same machine sitting on, for example, port 8883.

When the web app is opened it sends an http request (i.e. http://serverURL/AgencyLogInHeaders?the request) to the database for header information. The database no longer receives the request.

From my home computer outside of the VPN I can hit the database on port 80 as well as the Web App on port 8883.

If I connect my home computer to the VPN, I can no longer hit either the database or the web app.

So I think for some reason any request coming from inside the VPN to a web serer inside the VPN on our web server is being blocked. Which I thing explains why the Web App inside the VPN can no longer communicae with the database via HTTP.

Anyone have a clue as to what is the cause of this problem.



what OS are you on when inside the VPN ?
you could do a dns lookup to see what the servers URL resolves to
maybe thats messed up when you’re inside but not outside ?

Sorry, forgot to give the particulars…

Mac Yosemite
Xojo standalone web apps

open terminal and try the command DIG followed by the web URL (without params etc)
ie for apple you might do

 dig www.apple.com

and see if it resolves to the correct internal ip addess of your server
it may be the requests and dns is not set up right now for some reason :slight_smile:

I did a DNS Lookup with the Network Utility…

Not connected to the VPN…

[code]Lookup has started…
has.coe.hawaii.edu ->

After connecting to the VPN…

Lookup has started…
has.coe.hawaii.edu -> The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.)[/code]

I did a DIG and do not understand the results as I got results whether on or off the VPN, but while both had the same IP addresses, they were diferent than the DNS Lookup IP I got with Network Utility.

dig just gives you a ton of info

basically it tells you what IP address a given URL is at
and how it got that answer

but there are relevant lines to look for
for instance for me DIG www.apple.com returns this ANSWER

www.apple.com.		213	IN	CNAME	www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 9550	IN	CNAME	www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 1590 IN CNAME	e6858.dsce9.akamaiedge.net.
e6858.dsce9.akamaiedge.net. 20	IN	A

and I can follow www.apple.com (at the left) to the right which gives www.apple.com.edgekey.net
and then that turns into another and so on until finally we eventually translated all lines and get to the IP address

this is a “more complex one” because apple uses a CDN to deliver a lot of the content instead of you hitting their server directly

Xojo’s is much simpler

www.xojo.com.		1799	IN	A

you should see something similar on your connection
if you dont then that would explain why when you are inside the VPN you get no response
whatever is providing DNS services isnt returning the right address any more for whatever reason
but when you ARE Connected to the VPN it is
so things do not work when you are inside but not on the VPN but DO work when you are outside and connected to the VPN

not sure that helps or makes sense ?

@Norman Palardy so things do not work when you are inside but not on the VPN but DO work when you are outside and connected to the VPN

Just to clarify. I can hit both the xojo web app and the database web server when I am outside and not connected to the VPN. It does not work when I am outside the VPN but connected to the VPN. Not sure that makes sense. At home I am on my own network. I connect to the VPN using Open VPN Connect to get my computer on the VPN. In this configuration I cannot hit either of the web servers. Same goes for the Xojo web app which is on a computer inside and connected to the VPN, it cannot hit the database server which is on the same machine inside and connected to the VPN.

would lead me to think your server etc it not “inside” whatever the VPN connects to
which seems odd but …

so the VPN seems to NOT be resolving the addresses to the servers
which still leads me to say the VPN isnt set up right somehow
lord knows what

in 90% of all cases with VPN/openVPN issues the source for issues are missing routes on the hosts in question. You’ve written something about IP address changes. Please also check your routes if your VPN address segment can be reached from the desired server via the correct gateway and interface.

I’d be concerned that you can access the database from home i.e. outside the vpn.

on Windows we turn on split tunnelling which allows only traffic for the vpn to use the vpn everything else uses your normal internet connection. Maybe the Mac has something similar?