Problems with OpenSSL and local database connectivity

[Jochen Bern]

On 10.10.23 22:16, openssl-users-request at openssl.org digested:
> Date: Tue, 10 Oct 2023 14:16:10 -0600
> From: Patrick Headley <pheadley at linxco-inc.com>
> 
> I [...]  configured a couple OpenSSL connections using the network
> settings utility provided by Gnome. It used to be that any time the VPN 
> was connected all local network resources were unavailable. That seems 
> to have improved to where everything is available except for local 
> database connections. If the VPN connection is closed and then opened 
> again the local database connections may be available.
> 
> I perform database support so it would be nice if I could connect to 
> local databases while connected to a client through their VPN host. 
> Hopeing this is an issue that can be resolved.

(Bare) OpenSSL doesn't *do* VPNs, nor (AFAIK) connections that a host's 
"network setup" would be interested in. Are you running a) Open*VPN* 
(the protocol), by chance, or even more specifically b) OpenVPN (the 
software / client)?

In case of b), the server can insist that the VPN be "captive" (i.e., 
absorb *all* traffic except the communication with your client's default 
gateway). You'll have to talk to the server admin, "Client Configuration 
Directory (CCD)" might be a relevant keyword.

In case of a), client-side settings *might* be able to override the 
settings the server tries to push. (The OpenVPN plugin of NetworkManager 
comes to mind.)

Neither would, however, explain why *only* your DBs remain unreachable 
*unless* the connection to them uses different *IP addresses* than the 
rest (as opposed to just different ports) ...

Kind regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231011/2ba99872/attachment.p7s>