Here is my setup. I've got a Cisco ASA 5505 (latest IOS). Behind it, I have a (Ubuntu 12.04) server running nginx, php-fpm, OwnCloud (all latest versions). My desktop also sits behind the ASA and is able to access OwnCloud just fine. If I connect my Android tablet to our wireless access point, then access the OwnCloud web interface, everything works just fine.
I've setup L2TP/IPSEC VPN on the ASA. I can disconnect my ethernet on my desktop, tether to my phone, and connect to the VPN. From there I am able to SSH into the nginx server, VNC into other desktop machines, and access the OwnCloud web interface. Everything works perfect.
I can connect the android tablet to the VPN (via hotspot tethering). From there I am able to SSH into the nginx server, VNC into desktop machines. The problem comes when I try to access the OwnCloud web interface. It doesn't work. It just sits there spinning. The strange thing is, I create a test.php file in the OwnCloud directory (with a simple echo('hello world');
) and that page loads just fine.
I have captured traffic on the server using tcpdump, and I can see the GET request come in. The server responds. Then I see a couple of duplicate ACKS coming from the tablet and a few retransmissions coming from the server.
I should note that VPN clients are given IP addresses on a different subnet.
Here is my nginx config:
upstream php-handler {
server 127.0.0.1:9000;
}
# redirect http to https
server {
listen 80;
server_name 10.3.3.3;
#return 301 https://$server_name$request_uri; # enforce https
root /var/www/owncloud/;
client_max_body_size 10G;
client_body_timeout 600s;
client_header_timeout 600s;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$1;
fastcgi_param PATH_INFO $2;
fastcgi_param HTTPS off;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
In summary, all devices work fine when on the local LAN. Desktop clients (OS X) work fine when connected over VPN. VPN Mobile clients (Android tablet) can SSH and VNC into local machines. HTTP requests also work fine for VPN on my simple test page, but are not able to access OwnCloud. What can I do to further diagnose the problem? What is the problem?