#community-help

Issues with Accessing TypeSense Cloud Server from Iran

TLDR Stephano reported his colleague in Iran had difficulty accessing the TypeSense cloud server. Jason helped with troubleshooting, speculating it could be due to US sanctions. Some connectivity achieved through VPN, but issues persisted.

Powered by Struct AI
Jun 14, 2021 (29 months ago)
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:02 PM
My colleague in Iran cannot access the TypeSense cloud server. Via a https:// url, his browser hangs on a /health request where as mine returns { ok: "true" }
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:10 PM
We're using AWS for Typesense Cloud, and AWS being a US-company, it looks like they might be blocking access to AWS resources from US-sanctioned countries (like Iran). Typesense is also a US-based entity and so we need to comply with those restrictions as well.
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:11 PM
He refreshed multiple times and it finally worked
07:11
Stephano
07:11 PM
We use a postgres and node server both hosted on AWS which do not pose problems
07:11
Stephano
07:11 PM
He’s said that it is very slow
07:12
Stephano
07:12 PM
And keeps getting This site can't be reached
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:12 PM
Oh I see, interesting
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:12 PM
Like I said we already host the rest of our backend on aws 🙂
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:12 PM
Which AWS region are you hosted in though?
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:13 PM
eu-west-1
07:13
Stephano
07:13 PM
Typesense is the same:
Single Region Ireland
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:14 PM
Hmmm. Could you try (temporarily) connecting to the Typesense Cloud node via it's public IP address?
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:14 PM
Ok
07:14
Stephano
07:14 PM
Where do I find the IP address?
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:17 PM
dig <http://xxx-1.a1.typesense.net|xxx-1.a1.typesense.net>
07:18
Jason
07:18 PM
Once you get the IP address, could you do this:

curl -vvvv -k 

and paste the output?
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:30 PM
~! ❯ curl -vvvv -k https://18.202.252.126/health            0.24s ~
*  Trying 18.202.252.126...
* TCP_NODELAY set
* Connected to 18.202.252.126 (18.202.252.126) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/cert.pem
 CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
07:31
Stephano
07:31 PM
07:31
Stephano
07:31 PM
When he turns on his VPN it works
07:34
Stephano
07:34 PM
This does not work for him in the browser with VPN off:
https://18.202.252.126/health      
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:37 PM
Does the curl command hang after that "Client hello" line?
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:37 PM
Yeah
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:38 PM
Hmmm, where is the VPN based out of? Ireland as well?
07:40
Jason
07:40 PM
Also, do you use a VPN to connect to your node app and DB as well?
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
07:54 PM
No I don’t think he did
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
07:58 PM
Could you do this: traceroute 18.202.252.126
08:00
Jason
08:00 PM
Basically there's something that's blocking or slowing down connections between his network and AWS. We've only added financial-level controls on our side for Iranian users per legal requirements. So if there's a network level block, it's either coming from AWS or some Internet Service Provider between his network and the AWS network
Stephano
Photo of md5-1b5a9819eb84d9342bdcd7da73258779
Stephano
08:09 PM
Without VPN:

8 traceroute: wrote 18.202.252.126 52 chars, ret=-1
 *traceroute: sendto: Can’t assign requested address
traceroute: wrote 18.202.252.126 52 chars, ret=-1
 *traceroute: sendto: Can’t assign requested address
traceroute: wrote 18.202.252.126 52 chars, ret=-1
 *
08:15
Stephano
08:15 PM
It makes no sense because the other services work great