Initial Context lookup failure over VPN

Question

I have a setup as shown above. Recently, our Oracle databases were moved into a protected network segment protected by a firewall.

    Hashtable table = new Hashtable();
    table.put("java.naming.factory.initial", "com.ibm.websphere.naming.WsnInitialContextFactory");
    table.put("java.naming.provider.url", "corbaloc:iiop:ABCD1099.x.somecompany.com:2811");


    InitialContext iContext = new InitialContext(table);

    Object object = iContext.lookup("ejb/com/somecompany/sandbox/vpn/tests/SandboxSessionEJBHome");

    SandboxSessionEJBHome sandbox_home = (SandboxSessionEJBHome) PortableRemoteObject.narrow(object, SandboxSessionEJBHome.class);
    try {
        SandboxSessionEJB bean = (SandboxSessionEJB) sandbox_home.create();

    } catch (RemoteException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (CreateException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

Scenario #1: When there is no VPN (Cisco Anyconnect) turned on, my EJB 2.1 client can bind and create an initial context. I can lookup my stateless session EJB 2.1. It is all good so far. I have not coded any calls to the Oracle database yet. So, note that at this time, I do not have any calls going out to Oracle or even attempting any sort of JDBC connection.

Scenario #2: Now, the moment I turn the VPN on, I cannot create an Initial Context, the bind fails.

I dug further, the crux of the issue is this:

Before VPN is turned on, ABCD1099.x.somecompany.com and ABCD1099.m.n.somecompany.com both resolve to the same address. Once VPN is turned on, dual homing comes in, "ABCD1099.m.n.somecompany.com" becomes unroutable but "ABCD1099.x.somecompany.com" is still routable.

In my entire code and in the creation of the WAS profile, I used the hostname that is routable. However, the InitialContext keeps picking up the unroutable hostname. I have tried using IP addresses as well. It did not work. I keep getting the following exception.

16:19:05.133 com.ibm.ws.orbimpl.transport.WSTCPTransportConnection createSocket(server,client) P=943838:O=0:CT ORBRas[default] Bind Client Socket To A Specific NIC card=true, client=ABCD1099.x.somecompany.com/10.25.95.13:0, server=ABCD1099.m.n.somecompany.com/10.7.225.141:2811, LocalHost=ABCD1099.x.somecompany.com, ConnectTimeout=10000ms 

16:19:15.164 com.ibm.ws.orbimpl.transport.WSTCPTransportConnection connect:406 P=943838:O=0:CT ORBRas[default]  java.net.SocketTimeoutException: connect timed out
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:381)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:243)
    at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:230)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:377)
    at java.net.Socket.connect(Socket.java:539)
    at com.ibm.ws.orbimpl.transport.WSTCPTransportConnection.createSocket(WSTCPTransportConnection.java:367)
    at com.ibm.CORBA.transport.TransportConnectionBase.connect(TransportConnectionBase.java:359)
    at com.ibm.ws.orbimpl.transport.WSTransport.getConnection(WSTransport.java:436)
    at com.ibm.CORBA.transport.TransportBase.getConnection(TransportBase.java:187)
    at com.ibm.rmi.iiop.TransportManager.get(TransportManager.java:93)
    at com.ibm.rmi.iiop.GIOPImpl.getConnection(GIOPImpl.java:130)
    at com.ibm.rmi.iiop.GIOPImpl.locate(GIOPImpl.java:219)
    at com.ibm.rmi.corba.Corbaloc.locateUsingINS(Corbaloc.java:307)
    at com.ibm.rmi.corba.Corbaloc.resolve(Corbaloc.java:378)
    at com.ibm.rmi.corba.ORB.objectURLToObject(ORB.java:3796)
    at com.ibm.CORBA.iiop.ORB.objectURLToObject(ORB.java:3263)
    at com.ibm.rmi.corba.ORB.string_to_object(ORB.java:3694)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.stringToObject(WsnInitCtxFactory.java:1645)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getWsnNameService(WsnInitCtxFactory.java:1502)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootContextFromServer(WsnInitCtxFactory.java:1040)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext(WsnInitCtxFactory.java:962)
    at com.ibm.ws.naming.util.WsnInitCtxFactory.getInitialContextInternal(WsnInitCtxFactory.java:614)
    at com.ibm.ws.naming.util.WsnInitCtx.getContext(WsnInitCtx.java:128)
    at com.ibm.ws.naming.util.WsnInitCtx.getContextIfNull(WsnInitCtx.java:765)
    at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:164)
    at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:179)
    at javax.naming.InitialContext.lookup(InitialContext.java:436)
    at EJBInvocationTest.main(EJBInvocationTest.java:34)

Answer 1

From the command line on the server are you able to telnet to the destination when VPN is on?

telnet hostname port#

or traceroute the destination?

Is it possible while the VPN is on that while the destination is routable it is still going through the firewall which is blocking ports? I guess we would need to see the traceroute output to see if the destination is reachable and if it is what happens when telnet'ing to that destination on the port.

Answer 2

I don't know if this is still actual but... Initial lookup responds with a reference to an object depending on the name binding your server is using - so if the server responds with a reference to ABCD1099.m.n.somecompany.com it doesn't matter what you put in naming provider url since that is only used in initial lookup, while responses will use whatever name server is configured to respond with...

Both server and client use their names (as configured) in communication and you have to make sure that both are resolvable and routeable..