Hi Martin,
I didn’t want to leave you hanging on this so I’m replying but I honestly have no idea what’s going on. It’s clearly an issue involving the VPN but besides that I don’t know that we’ve seen a problem quite like that.
One thing I am wondering: when you say Tomcat stops responding when accessed through the VPN, does it just stop responding to those requests? Or does it also stop responding to requests made by clients behind the firewall/on the same VLAN?
If the former, then the issue is definitely related to the VPN. It seems that most of the calls that you’re seeing freeze up are those requiring non-GET calls to the server, e.g. POST to forms, DELETE to REST API calls, etc., which implies some differences in handling those requests that may be affecting the VPN.
If the latter… I have no idea honestly :) The only way I can think of to diagnose something like that would be to use a tool like Wireshark to analyze the network traffic. You’d want to look at the transactions on both the client side and between the VPN gateway and your server.
Another question that raises is whether you have a front-end proxy server like nginx, Apache HTTPD, or HAProxy in front of the Tomcat. In that case, calls on the same VLAN would go client -> proxy -> Tomcat, while calls through the VPN would go client -> gateway -> proxy -> Tomcat. The main point would be that, if there is a proxy, you’d also want to look at traffic between the gateway and the proxy and between the proxy and Tomcat.
All of which could be further complicated by encryption, both in the VPN tunnel and if you have SSL termination set up on the proxy or on Tomcat. But you can at least monitor if there’s traffic in those channels...
Rick Herrick
Senior Software Developer
------ Original Message ------
Date 3/10/2023 3:07:07 AM
Subject [XNAT Discussion] Re: VPN clients connecting to XNAT experience hung application and resume operation after 300 seconds