We're Hiring!

Mattermost Discussion Forums

Unable to connect to MM server over OpenVPN

For feature requests, please see: Contributing Feature Proposals - Mattermost.

For troubleshooting questions, please post in the following format:

Summary
Unable to connect to MM server when connect to OpenVPN hosted on the router.

Steps to reproduce
MM Server Version 5.37.0 (happened with past versions as well), All mobile (v 1.45.1) and desktop clients

How can we reproduce the issue (what version are you using?)
OpenVPN is hosted on router, Ubiquiti USG Pro 4. Connect to OpenVPN, try to connect to MM on server behind router. It doesn’t connect. Disconnect OpenVPN, MM connects. MM is exposed to Internet and works on a normal network.

Expected behavior
MM should connect as usual when not connected to OpenVPN

Observed behavior
What did you see happen? Please include relevant error messages and/or screenshots.
MM shows connecting… At the top and no Internet on the main screen

I’m able to connect to all other local network resources and internet, only MM doesn’t connect.

Hello, @yanuk

Since it works with the normal network, you will need to check on how you configured OpenVPN to allow connectivity to pass through for Mattermost (you also mentioned that other local network resources are accessible).

Did you refer to any specific documentation when setting up Mattermost as well?

I mainly followed online resources.

Hi, @yanuk

Perhaps you can share more details on your OpenVPN configuration so the rest of the community can share their thoughts on it as well.

I noticed that you brought this up before in this forum post here but it was not specific to the issue occurring for OpenVPN.

Also, can you share the online resources you referred to so we can check on them and verify how the setup is done?

Thanks for your quick replies, that was a different issue. It went away after a few mobile app updates later.

my reverse proxy file is as follows:

Listen 448

<VirtualHost *:448>
   ServerName my.mattermost.domaincom
        ProxyPreserveHost On
   RemoteIPHeader X-Forwarded-For
        # setup the proxy
        <Proxy *>
                Order allow,deny
                Allow from all
        </Proxy>

                RewriteEngine On
        RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC,OR]
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
        RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
        RewriteRule .* wss://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]
        RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
        RewriteRule .* https://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]

        <LocationMatch "^/api/v(?<apiversion>[0-9]+)/(?<apiusers>users/)?websocket">
                Require all granted
                ProxyPass wss://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
                ProxyPassReverse wss://127.0.0.1:8065/api/v%{env:MATCH_APIVERSION}/%{env:MATCH_APIUSERS}websocket
                ProxyPassReverseCookieDomain 127.0.0.1  my.mattermost.domaincom
        </LocationMatch>

        <Location />
                Require all granted
               ProxyPass https://192.168.1.88:8065/
                ProxyPassReverse https://192.168.1.88:8065/
                ProxyPassReverseCookieDomain 192.168.1.88  my.mattermost.domaincom

        </Location>

OpenVPN on USG was set up using this
https://community.ui.com/questions/OpenVPN-Setup-and-Configuration-on-UniFi-Security-Gateway-Step-by-Step-Guide/2a12e083-03fe-47de-be21-36e7cbba6ccb

There’s absolutely nothing relevant in your apache configuration for the current topic.
This has nothing to do with Mattermost, but everything to do with openvpn and network configuration. It’s as if you opened a ticket at Coca-Cola Co. because your fridge is broken and cannot keep the bottle cool :slight_smile:
In any case, if ahmaddanial thinks this is a topic for this forum, then you’d be better off describing your network. Where does mattermost reside relative to the router/openvpn server? What IPs were the services assigned? Have you tried pinging the server? The more details, the better.

P.S. This is obsolete:

                Order allow,deny
                Allow from all

The fact that it still works is quite astounding. Look it up on the internet, there are are directives now which have superseeded this.