Help

JSS Cluster detecting IP address of EC2 VPN Instance instead of JSS

livepersonit
New Contributor

Posted on ‎02-29-2016 02:55 PM

JSS Cluster environment is setup on Amazon EC2. We have 3 JSS in cluster in different regions. To connect the VPCs in these regions, we have multiple VPN instances that we route traffic through.

Goal:
2 JSS - we want to setup in Limited Access mode
1 JSS - setup in Full Access mode, and stores main database

Issue
When connecting a Limited JSS from one region to the Full JSS in another region, the traffic goes through our VPN instances. When logging onto the Full JSS, I see that the Cluster detects the IP address of the VPN instance instead of the source IP address of the Limited JSS.

VPN Instances are setup using OpenSwan on an Ubuntu box.

I've tried enabling RemoteIPvalve and added the following to our server.xml file on all JSS:
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="10.11.2.239|10.11.10.42" trustedProxies="10.11.2.239|10.11.10.42" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />

For InternalProxies, I entered the IP addresses of our VPN instances.

Does anyone have advice on getting JSS Cluster to detect the source IP?

0 Kudos
1 REPLY 1

kitzy
Contributor III

Posted on ‎02-29-2016 05:22 PM

I think you might be out of luck here. As far as I can tell, the JSS determines the IP address of a cluster node by looking at what IP address is accessing the database server. Since all the database server can see is the request coming from the VPN server, that's the IP it'll register. AFAIK there isn't a way around that, but I could be wrong. I'd recommend reaching out to your TAM if you haven't already, they might know something the rest of us don't.

0 Kudos