I am trying to make a callout to a SAP webservice that is connected through a VPN. It is not accessible and getting IO Exception Unauthorized end point error.
System.CalloutException: IO Exception: Unauthorized end point
The webservice is also available through a public internet IP, but for the security reasons the client wants to access the webservice from salesforce through a VPN connection. Is that possible? Any suggestions please?
Thanks,
It looks like you are performing operation with Metadata API.That requires Modify all data permission.
You should check the profile of the user that it has Modify all data permission or not.
Your server hosting the service will need to be able to respond to the public IP addresses that Salesforce uses to call it from Apex. Otherwise there would be no way for Salesforce to communicate with it.
You can see the list of IP addresses in - What are the Salesforce IP Addresses & Domains to whitelist?
I see you have the endpoint of http://xxx.stage.com/salesforce/api. Salesforce will need to be able to resolve xxx.stage.com to the public IP address of the target server.
Best Answer
Your service has to be accessible from the public Internet, because you can't access VPN from salesforce.
That said, there are many ways to secure your services from unintentional or malicious outside transactions. The organization I work for uses a multifaceted approach that includes many layers of protection.
Proxy
Don't tunnel directly from an external IP into your service (eg DMZ, port forwarding). Instead, consider a proxy server that requires authentication.
Authentication
You can use two way SSL and/or some authentication mechanism, such OAuth or tokens of other types. This will harden your service against access.
Client IP Filtering
Salesforce maintains a list of their IP addresses. You can configure your proxy to only allow transactions from this list of approved IP addresses.
Logging and IDS
Use a logging system, and train an Intrusion Detection System to detect unusual patterns. This will help identify and mitigate attacks. This is important in the event that someone does slip by all the other protection layers.