At least one of our users who is using a MacBook is getting connection refused errors in Chrome when trying to access their Passbolt instance. The Mac user can ping the server by hostname and none of the Windows users are having trouble with this. When I look at the access logs I don’t even see any attempts to connect to the server. My thought is that there is some difference in how Mac and Windows do DNS that is causing the issue, but I wanted to get some more feedback on this.
Hi @TyrellM and welcome to this forum
« Connection refused » means you reach a server but this server, or something between your Mac and this server such as a firewall or proxy blocks the connection.
When you ping the passbolt server from your Mac, does it return the correct IP address of your Passbolt or address of another server ?
Last but not least, did you try to connect from your Mac from a new fresh chrome browser session or from Firefox ?
When we ping the server it does return the correct IP, and using a new fresh Chrome browser and Firefox give the same results. We tried connecting with the MacOS firewall totally turned off to quickly make sure that was not the issue. I’m just using the standard Nginx proxy on the Passbolt server, but don’t know why that would be only refusing connections from this one computer.
Very weird problem, and you have no connection attempts from this Mac machine in your nginx logs ?
Can you open a terminal on your Mac, run the command below and send us back the output ?
curl -Iv https://your.passbolt.url
I’ll check the nginx logs again to make sure after some meetings this morning.
The curl output is:
Trying correct IP address of server…
connect to correct IP address of server port 443 failed: operation timed out
closing connection 0
curl: (7) Failed to connect to my.passbolt.hostname port 443: Operation timed out
This operation timed out means there is a firewall somewhere blocking your connection. Not necessarily on your Mac or on Passbolt server, but somewhere on your network between your Mac and the passbolt server.
I guess your Passbolt server is not on the same network range than your desktop machines, maybe it is on another vlan, or in a DMZ ? Do you have a firewall, a proxy or a router who is routing your traffic ?
I use myself a Mac and I never noticed any difference on how MacOS manage the network stack compared to Windows or Linux.
At the moment we’re just in a testing environment so everything is all on the same subnet. There shouldn’t be anything between them, but I’ll trace the route and see where it dies off, maybe time to break out Wireshark as well.
Can you give us a feedback when you find the problem ? thanks !
As soon as I can get with the user and get more information I will. Thanks
@TyrellM Something like Fail2ban can cause this as well if the request violated some kind of rule or maybe too many requests and got throttled or banned. Possibly did the incoming machine get blacklisted somehow?
We don’t currently have anything like Fail2Ban set up as far as I know, but that is something I hadn’t thought about. We ended up getting him access by flushing the DNS cache and Firefox could connect. Chrome still won’t for some reason, but at least he can start using his password manager.