Issue with VPN Connectivity

[FlyingMongoose]

So this is baffling me and direct NFO support is drawing as much a blank as me (not their fault, it really is baffling). But let me outline my issue.

I am connecting to a VPN so that I can connect to an SQL Server (these both are maintained and managed by a third party).

The VPN assigns an IP within it's own Virtual Private Network (that's how VPN's work, right?), and the SQL Server is only accessible from within the VPN (and only accepts connections from within that as well).

I have this VPN set up on my NFO Server and when attempting to connect to, or ping the SQL Server within the VPN I end up with a request timed out (like it's not even there). There is no outside connection option to the SQL Server by the way, the VPN is the only option.

However, connecting to the VPN via any desktop client (non server), including 2 of my PC's and one of my co-workers computers, it connects just find to the SQL Server.

First up: There are no firewalls, nor are there any anti-virus softwares that would block, in any shape form or manner the communication between these services.

The fact that it is working from a desktop environment means the VPN itself is configured fine, and there is no difference in configuration method between the environments either.

Does anyone have any insight whatsoever as to what could cause something like this to happen?

[soja]

Strange. Do you only have 1 IP on your vds?

Your problem is, when on the vds, you cannot see/use the sql server, but when using the VPN on the vds you can see/use it fine?

Just making sure I fully understand the question

[FlyingMongoose]

Actually, there are 5 IP's to the server, but that's not relevant.

Problem is this:
On the server, can connect to the VPN, but can not connect to the SQL Server (will not even Ping), the even stranger part when looking at VPN status, the VPN shows the SQL server within its network.

On any other computer, can connect to the VPN, and can connect to the SQL Server

[Edge100x]

The VPS here is a VPN client only, then?

I would recommend taking a packet capture on each end to see what's being sent and what's being received. This will tell you whether traffic has the correct properties, and whether everything is arriving on the other side successfully. That in turn will give you a direction for further troubleshooting.

Also make sure that the remote IP address is being assigned correctly, that the SQL client is binding to that IP address specifically, and that the tunnel is appropriately encapsulating the traffic. (If your application tries to send traffic out over the open internet using anything but an IP address assigned by us, it would fail.)

[soja]

(If your application tries to send traffic out over the open internet using anything but an IP address assigned by us, it would fail.)

Kind of off topic, sorry, but is this a countermeasure to IP spoofing?

Thanks

[Edge100x]

soja, yes.

[FlyingMongoose]

The VPS here is a VPN client only, then?

I would recommend taking a packet capture on each end to see what's being sent and what's being received. This will tell you whether traffic has the correct properties, and whether everything is arriving on the other side successfully. That in turn will give you a direction for further troubleshooting.

Also make sure that the remote IP address is being assigned correctly, that the SQL client is binding to that IP address specifically, and that the tunnel is appropriately encapsulating the traffic. (If your application tries to send traffic out over the open internet using anything but an IP address assigned by us, it would fail.)

Well it's a physical server machine.

Just curious, what you think is happening is this.
VPN Connection <-> Out to the Web <-> SQL Server and because it's taking a trip "out to the web" via the VPN connection, it's blocking it due to VPN assigning a different IP address?

[Edge100x]

My thought was that it was sending traffic directly to the internet using a different IP address (the external IP instead of the internal IP), skipping the VPN. Your traffic captures will confirm if this is the case.

[FlyingMongoose]

So I'm not seeing any indication of that except the possibility it's going via the VPN Server
72.15.145.20

But it looks to me like the routing is working properly within the VPN, it does a proper check of where the request (ping) is coming from, and tries to keep it within when attempting to do so.

[FlyingMongoose]

This is truly baffling me :-/ all signs point to "it should be working"... and I don't get it.

[Edge100x]

I don't have a lot of experience with VPNs and this sounds like a pretty specific issue that I'd have to really drill down into (hands-on) if I were seeing it. I'm not sure how much more help we can provide through the forum here.

The support for the developer of the VPN software might be able to help you further.

[FlyingMongoose]

I've narrowed it down a bit, I've established that through a route print and a ping I can't hit the gateway of the VPN. 192.168.22.1.