I have setup a PPTP VPN server on AWS and everything works perfectly. When connected to my VPN e.g. www.getip.com shows the IP address of the VPN server.
So far so good...
On the same server I installed an Apache server where I run a PHP script to get me my own IP address:
$ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
Regardless if I am connected to VPN this code shows my local IP. I am not using varnish or any similar caching.
Any idea why this is the case?
- Are the $_SERVER variables saved in the PHP session?
Your help is very much appreciated.
[UPDATE]
The problem is definitely linked to the fact that the VPN server and the PHP script are on the same server. If I put the script on a different server everything works as desired. If connected to the VPN I expect to see the public IP of the server (which is the VPN server at the same time).
If you are using a VPC, then there is a problem in that the local IP will be used for all communication inside the VPC. The Public IP (EIP I assume) does not exist inside the VPC, it is assigned to the network interface and only translated in the IGW going in or out.
This means that when you check with www.getip.com you get the EIP just as expected since you pass the IGW, but inside the local net you will only see the local IP. Also, PPTP VPN works as it also passes the IGW.
Amazon suggests that you use the FDQN, even if you are on the inside and look up the external FDQN, you will get the local IP.
I do not know how this is in the Classic EC2, but I can only guess its similar.
If you absolutely need to have the public IP, you find it by using the Amazon service for this:
curl http://169.254.169.254/latest/meta-data/public-ipv4
or
curl http://169.254.169.254/latest/meta-data/local-ipv4
(See here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html)
Related
I'm at a complete loss as to why this is failing, so get ready for the novel describing exactly what I'm trying to accomplish and what I've tested so far.
Goal:
I'm building a webpage on my GoDaddy hosting account that I want to connect to my locally hosted Radarr server's API via PHP cURL.
I want to use PHP so I can obfuscate the IP, port, and APIKey on the client side. Plus, some of Radarr's API calls I would like to use cannot be run via query string.
Problem:
No matter what I try, I am getting nothing but the following error:
Failed to connect to <MY PUBLIC IP ADDRESS> port <PORT NUMBER>: Connection refused
(And yes, this is the publicly opened port, not the internal port on the server.)
Setup:
I installed Radarr on a FreeNAS (11.3-U5) jail hosted in my home. This is working beautifully.
I setup the FreeNAS jail with a dedicated IP address instead of allowing it to NAT internally, just to make sure it doesn't cause any issues.
I configured port forwarding on my router to allow external traffic into the Radarr server. This is working. Note: Xfinity is my ISP, but I purchased the router separately.
I have a GoDaddy hosting account where I've written a webpage to tie into Radarr's API on my local network. Currently, the webpage is also working beautifully to query data from the API, BUT it's connecting to Radarr via $.getJSON with JavaScript and jQuery.
(Before anyone says it, yes, I know GoDaddy hosting isn't the best option, but it's the one I'm using.)
Testing:
I swear I've tested EVERYTHING and I don't know why this is failing.
This IS working through the JavaScript/jQuery solution, meaning the Radarr server is up and running, the port is properly forwarded through my router, and GoDaddy's hosting isn't blocking the connection.
I CAN access the raw JSON API response in the browser simply by entering the full API URL call.
And while I'd say I am versed in PHP, I'm certainly no expert, so I even tried pulling a generic PHP cURL script from another StackOverflow post, changing the URL to mine, and running that with no luck. Note: The original script DID work to connect to another external API though.
Then I tried Postman, which worked, and I used Postman to create a PHP script, but that script failed.
All of the functional testing done on my local network was done using my publicly facing IP address. However, just to be certain, I also tried reaching the API through the browser off my network, and that worked just fine.
In a desperate attempt, I also reached out to GoDaddy support to see if they had any ideas. They went as far as creating a test PHP cURL script in the same hosting directory and had it simply pull Google's homepage. That worked just fine.
After GoDaddy was unable to help, I setup a free hosting account and free subdomain on AwardSpace, uploaded the script, and that failed too.
In digging into the Connection Refused error, someone suggested just trying to ping the IP through PHP. I attempted this, but it returned 100% packet loss. Also, I logged into my router and watched the incoming connections as I tested. Using the jQuery solution, I saw the incoming connection and it worked great. Using the PHP solution, it didn't register anything inbound.
Lastly, I have confirmed that the publicly opened port on my router is in the list of blocked port by Xfinity. However, since I can access the server externally through the browser and via the jQuery script, that can't be the issue.
There seem to be many, many, many articles online about the general Connection Refused error, but I haven't found a solution to my problem from any of them.
Does anyone have any suggestions?
I seem to be getting different results when I check my IP address while connected to my VPN and accessing my web server than I get when I do a whatsmyip Google search.
When I dont have my VPN connected (on my laptop in a remote location) and I access my web server, my PHP returns the ip address of the hotspot I am connected to where I am staying and the same address is shown when i google WhatsmyIP.
However, when I connect to my VPN, the Google WhatsmyIP shows my VPN public IP which is whats I expected but no matter what I try, my web server with my PHP script using the server variable of getenv('REMOTE_ADDR') that shows my public IP keeps showing the actual hotspot public IP and NOT the address that my VPN is broadcasting. My web server, if it makes a difference, is Microsoft IIS running on Server 2016 Standard.
My VPN server is running on my work network main server (also the web server) using Server 2016 and its inbuilt remote access services and I am using the built in VPN connection with Windows 10 on my laptop where I am staying.
Normally I would be thrilled that my script shows a users real address however when accessing intranet sites that are restricted to IP addresses on the work LAN, when I use my VPN or if I dont, it still sees me as a remote user and I cant find a way to see me as a local Intranet connected user with a local address of 192.168.1.xxx.
Other posters here and elsewhere have posted the exact opposite and are asking for how to get the true IP of incoming connections but maybe I am missing something but I have the exact OPPOSITE problem.
Does it have something to do with the fact the VPN server and the web server are on the same server and IP address ? Perhaps the VPN knows the true address being used to connect and it is passing that through to the PHP script through the web server. If this is the case, is there anything I can do to stop this without moving the VPN server to a different server than the web server I am accessing for its intranet content ?
Your true IP address is your public IP. IP address on the range:
1. 10.x.x.x ClassA
2. 172.16.x.x Class B
3. 192.168.x.x CLass C
Are private addresses that uses a NAT or PAT to get a real public address(your router address). This private ip addresses are not for public use. You can't route any traffic on the internet to an ip address 192.168.0.2, you can only route those ip inside your network. When you visit your page your having the expected result, your public IP.
hope it helps.
I have hosted website and api on apache server on linux machine. I am trying to access the api through node js (using request module)which is on the same network. From outside that network, the api is accessible and working fine. I have many apis on the machine and only few are throwing this error. Recent change which was made to server is changing the cookie domain from foo.bar.com to *.bar.com in php.ini file. The website is working good. There is not much load on the server too. Any help appreciated.
A "connection refused" error means a TCP connection can't be established, so the cookie domain change should not have an effect here.
Are you sure it's a Node.js "connection refused" error, and not, say, the API itself being able to connect somewhere else? Can you give us the exact error message, with any traceback, etc., context?
You say there are many APIs (assuming API servers) on the machine and only some fail (assuming you tested this from the machine that is having problems connecting to the API server machine).
Are the working servers on different ports compared to the non-working ones?
Do those servers work from within the network? You say they're working fine outside of it. (It's possible that your local network has a firewall policy that prohibits this local connection.)
Can you double-check that the non-working servers are actually running? (An easy way to establish this would be running ss -ltpn; it should give you a list of listening TCP ports and their associated processes.)
I've got a utility domain out there (let's call it utility-domain.com) that generates short URLs and a site (let's call it prod-domain.com) that is attempting to call utility-domain.com to generate a short URL for it. They are on the same LAMP server, running CentOS 5.5. This is actually going to be a cURL in a PHP script, but before I get there, I am trying to just do a simple curl http://utility-domain.com while ssh'd into the server to see if it will resolve. I'm getting an error of curl: (7) couldn't connect to host. I've set the /etc/hosts file to point utility-domain.com to 127.0.0.1, and confirmed with a ping while ssh'd in that it is resolving to the local IP. Any ideas on how to get this to resolve?
I realize running this code locally would be better than doing a cURL to it, but the utility domain is used in other remote applications, so I'm trying to keep the scripts in one place.
Obviously the 'utility-domain' resolved (as otherwise curl would fail differently) but the curl error explains that there was no TCP server listening to port 80 on the IP that curl tried to connect to. You can easily verify this by checking which IP curl decided to use and then you can try telnetting to that IP + port instead of using curl.
This problem can be due to many reasons but possibly your Apache is not configured to listen on 127.0.0.1 (or "any" or whatever) so you have to make sure to reach correct IP. Or you have to modify your server config.
In some configurations, the IP of a host internally is not the same as the IP shown externally and that can also make things a bit tricky when you try to access your site without going through the external means.
i have php files on my computer and i can very well access those from IIS using eighter localhost or loop-back address . But now if i want to access the same file of php from another computer not in the LAN but in a different computer on the internet what should i do? i was thinking of IP address(static) as an option but then i was not successful in finding a way to do the same .
thanks in advance....
I don't completely understand your question. Is your problem
1) You don't have a static IP? Then:
There are services as "No-IP" where you can create redirects. At their site, you can create a free domain name (which is a static IP as well) such as yourdomain.no-ip.com. Then on your server computer you can run their tool. This tool updates the IP all the time so it will be always correct.
2) You don't know how to access the server from out of the LAN because the IP of your network is the same for all computers (if you're looking from the outside)? Then:
Check your router settings, normally at: http://192.168.1.1. There you will be able to define rules how to redirect requests from the outside. For http, you should redirect requests to port 80 to the IP of the server computer (note: you can even use an other port on the server computer)!