Added actionable errors for network issues.

[russjones]

Updated Application Access to return actionable error message when possible for network errors.

Fixes #47330

[russjones]

@rosstimothy Adding you to this because I added some timeouts in this PR when I realized no timeouts exists for Application Access.

[aws-amplify-us-west-2]

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-49246.d3pp5qlev8mo18.amplifyapp.com

[zmb3]

I think this is a slight improvement, but what we've done here is taught the user how to recreate the same error outside of Teleport, not what they need to do to fix it.

For example, today users get confused when they see a connection refused error. After this change merges, they'll see an error that says "run nc -vz.." and when they run that they will see a very similar connection refused error to what they saw with Teleport. This doesn't seem like it will get the user much closer to understanding what's going wrong.

What do you think about making these error messages discuss the cause of the error more? For example, connection refused errors mean that packet(s) did reach the target host, but that nothing was listening on the port, whereas connection timeouts likely indicate some sort of firewall getting in the way.

[russjones]

What do you guys think about the following updated error messages?

Connection Refused

Teleport was unable to connect to the requested host, possibly because the server is not
running. Ensure the server is running, listening on the correct port, and not blocked by
firewall rules.

Use "nc -vz HOST PORT" to help debug this issue.

No Route to Host

Teleport could not connect to the requested host, likely because there is no valid network
path to reach it. Check the network routing table to ensure a valid path to the host exists.

Use "ping HOST" and "ip route get HOST" to help debug this issue.

Connection Reset by Peer

Teleport could not complete the request because the server abruptly closed the connection
before the response was received. To resolve this issue, ensure the server (or load balancer)
does not have a timeout terminating the connection early and verify that the server is not
crash looping.

Use protocol-specific tools (e.g., curl, psql) to help debug this issue.

Context Deadline Exceeded

Teleport did not receive a response within %v, likely due to the system being overloaded
or due to network congestion. To resolve this issue, connect to the host directly and
ensure it is responding promptly.

Use protocol-specific tools (e.g., curl, psql) to assist in debugging this issue.

No Such Host

Teleport was unable to resolve the provided domain name, likely because the domain does not
exist. To resolve this issue, verify the domain is correct and ensure the DNS resolver is
properly resolving it.

Use "dig +short HOST" to help debug this issue.

[zmb3]

Connection Refused
Teleport was unable to connect to the requested host, possibly because the server is not
running. Ensure the server is running, listening on the correct port, and not blocked by
firewall rules.

I haven't encountered a firewall that results in a connection refused error. Usually they just silently drop packets and the client sees a network timeout.

I'd move firewalls from here to the "context deadline exceeded" error message, otherwise these new messages look good.

[webvictim]

Thank you @russjones!