Why am I getting a database provider sign in screen when using EZproxy and VPN
Symptom
- When using VPN with EZproxy I am not getting access as expected
Applies to
- All versions of EZproxy
Resolution
- Change from Split Tunnel VPN policy to Full Tunnel VPN policy, or change how VPN policy is applied to EZproxy
- Check the IP addresses that are in ExcludeIP and AutologinIP ranges and make sure they are correct and account for the VPN policy being used.
Additional information
VPN will impact Hosted EZproxy differently than Self-hosted EZproxy. Self-hosted EZproxy servers are on the institution domain and if split tunnel VPN is being used, traffic to EZproxy will be sent through the VPN (PrivateIP for EZproxy). If this IP is in an ExcludeIP range EZproxy will redirect the user to the database provider site. Since the database provider site is not on your local network, the traffic does not go through the VPN and the database provider will get the internet service provider IP address and will not be authorized.
Hosted EZproxy is not impacted as much by VPN. Since OCLC has the EZproxy server VPN policy being used does not impact what IP address is being seen by EZproxy unless you have a custom domain name on your EZproxy server. VPN can impact the IP address that is being seen if your institution uses a different pool of IP addresses for VPN internet access.
EZproxy will route users based upon the IP address that is seen. Understanding how your VPN policy is impacting the IP address that is being presented will allow you to troubleshoot these issues. Please note that VPN also impacts the IP address seen by the database providers. The IP address is what authorizes the user and if it is not registered as authorized you will not get authorized access.