Cannot login from an IP address is is not banned by fail2ban. It is also in the whitelist

I need to be able to log in with a certain id address at a restaurant that I frequent. I have added it to the white list and I have verified that it is not in the failed to ban list of band IPS I also checked IP tables and it is not listed there anywhere but yet I cannot get past a this site is unreachable message.

I can make calls without going through the VPN.

WIth no VPN,

  • I cannot SSH to the server.
  • I cannot HTTP/S to the freePBX admin gui

With the VPN, all the protocols work.

The IP address is whitelisted. I have checked the iptables and there are no rules denying access to this IP address.

I am working with DigitalOcean on the problem this week.

Can you ping your server from the restaurant?

There’s actually not enough information from your side to diagnose the problem.

The server is unreachable from that IP address. I can reach it through my VPN.

The IP address is whitelisted.

It is not denied in the iptables.

What else do you need to know?u

So you have checked that you can read the server via a tunnel. If things don’t work, then Wireshark is your next friend.

Next time at the restaurant, I might try that out. I’m using my Android connected to the restaurant’s wifi.

On Android, first install fdroid, then install termux from fdroid.

Then you will have a linux/debian shell with most everything ‘apt install-able’

Very cool, but is there any other reason that would cause this besides a network problem?

No, basically if the data can’t flow, there can’t be a phone-call. So 100% a network thing.

My Android is v7. Tried to install traceroute and dig but no luck. Cannot update repos either

I don’t have that problem , did you use fdroid as your source for termux ? playstore is broken

So where do I get fdroid

From fdroid perhaps , do you have google on your phone ?

Got the APK. Got it installed. Termux works fine now.

Installed wireshark-gtk on Termux but my eyesight is too poor to be able to use the vncviewer on Android. I’ll bring my laptop in next week

tshark is just as functional.

There is no traffic coming from the restaurant’s IP address

Maybe Digitalocean has it blacklisted. I’ll raise a ticket with them

Or it’s the restaurant’s firewall/security appliance.

Why would they block this one address. I checked out many other addresses?

Traceroute goes all the way to my server

I have configured routers for restaurants in the past, where I allowed only certain services. You also do not know how many NAT translations with which table timings are involved. It may work, or not.