This last weekend the administrators of the University VPN where our Web Apps are running made some changes that required us to change the assigned IP address of web app’s server. Before this change everything worked fine.
The database is a web server sitting on port 80 and the web apps are on the same machine sitting on, for example, port 8883.
When the web app is opened it sends an http request (i.e. http://serverURL/AgencyLogInHeaders?the request) to the database for header information. The database no longer receives the request.
From my home computer outside of the VPN I can hit the database on port 80 as well as the Web App on port 8883.
If I connect my home computer to the VPN, I can no longer hit either the database or the web app.
So I think for some reason any request coming from inside the VPN to a web serer inside the VPN on our web server is being blocked. Which I thing explains why the Web App inside the VPN can no longer communicae with the database via HTTP.
Anyone have a clue as to what is the cause of this problem.
what OS are you on when inside the VPN ?
you could do a dns lookup to see what the servers URL resolves to
maybe thats messed up when you’re inside but not outside ?
[code]Lookup has started
has.coe.hawaii.edu -> 128.170.208.15
After connecting to the VPN
Lookup has started
has.coe.hawaii.edu -> The operation couldnt be completed. (kCFErrorDomainCFNetwork error 2.)[/code]
I did a DIG and do not understand the results as I got results whether on or off the VPN, but while both had the same IP addresses, they were diferent than the DNS Lookup IP I got with Network Utility.
basically it tells you what IP address a given URL is at
and how it got that answer
but there are relevant lines to look for
for instance for me DIG www.apple.com returns this ANSWER
;; ANSWER SECTION:
www.apple.com. 213 IN CNAME www.apple.com.edgekey.net.
www.apple.com.edgekey.net. 9550 IN CNAME www.apple.com.edgekey.net.globalredir.akadns.net.
www.apple.com.edgekey.net.globalredir.akadns.net. 1590 IN CNAME e6858.dsce9.akamaiedge.net.
e6858.dsce9.akamaiedge.net. 20 IN A 23.62.159.145
and I can follow www.apple.com (at the left) to the right which gives www.apple.com.edgekey.net
and then that turns into another and so on until finally we eventually translated all lines and get to the IP address
this is a “more complex one” because apple uses a CDN to deliver a lot of the content instead of you hitting their server directly
Xojo’s is much simpler
;; ANSWER SECTION:
www.xojo.com. 1799 IN A 174.138.47.113
you should see something similar on your connection
if you dont then that would explain why when you are inside the VPN you get no response
whatever is providing DNS services isnt returning the right address any more for whatever reason
but when you ARE Connected to the VPN it is
so things do not work when you are inside but not on the VPN but DO work when you are outside and connected to the VPN
@Norman Palardy so things do not work when you are inside but not on the VPN but DO work when you are outside and connected to the VPN
Just to clarify. I can hit both the xojo web app and the database web server when I am outside and not connected to the VPN. It does not work when I am outside the VPN but connected to the VPN. Not sure that makes sense. At home I am on my own network. I connect to the VPN using Open VPN Connect to get my computer on the VPN. In this configuration I cannot hit either of the web servers. Same goes for the Xojo web app which is on a computer inside and connected to the VPN, it cannot hit the database server which is on the same machine inside and connected to the VPN.
in 90% of all cases with VPN/openVPN issues the source for issues are missing routes on the hosts in question. You’ve written something about IP address changes. Please also check your routes if your VPN address segment can be reached from the desired server via the correct gateway and interface.
on Windows we turn on split tunnelling which allows only traffic for the vpn to use the vpn everything else uses your normal internet connection. Maybe the Mac has something similar?
