Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Can't seem to access OpenVPN AS remotely

  1. #11
    Join Date
    Nov 2008
    Location
    BSAA Headquarters
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Can't seem to access OpenVPN AS remotely

    If its a server, use clearos/zentyal (ClearOS runs a LDAP server, never tried Zentyal)
    Pfsense works as well, but not sure if it works with LDAP (never tried)

    OpenVPN +LDAP also works on plain old OpenVPN -> see http://code.google.com/p/openvpn-auth-ldap/

  2. #12
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,660
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Can't seem to access OpenVPN AS remotely

    Before you take drastic decisions, did you rule out firewall and vpn client problems?

    Can you confirm there is no firewall on the server (or in front of it) blocking incoming ports 914-917?
    Can you confirm the vpn client you are using to connect uses those ports?

    OpenVPN is easy to set up, but you do need some basic knowledge. I am not an expert myself.

    For example, if you want to give openvpn a shot this instructions should be enough:
    https://help.ubuntu.com/12.04/serverguide/openvpn.html

    But note that later administration might be complicated for you without GUI. You will have to create and download client keys over SSH or similar. Additionally if you want to use password authentication, it depends how do you create and control users on the server.
    If you plan to try openvpn first deinstall the SA version you installed.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 12.04 LTS 64bit & Windows 7 Ultimate 64bit

  3. #13
    Join Date
    May 2013
    Beans
    10

    Re: Can't seem to access OpenVPN AS remotely

    Quote Originally Posted by darkod View Post
    Can you confirm there is no firewall on the server (or in front of it) blocking incoming ports 914-917?
    Can you confirm the vpn client you are using to connect uses those ports?
    How do I check if there's a firewall at all on the server?

    The firewall on the router is blocking ports from 914-917. Should I port forward TCP or UDP with these ports?

    How do I check which port the VPN client is connecting from? I'm using Windows 7 for the client (which is unfortunately necessary).

    It's worth noting that AS provides a GUI for the client as well, which I found to be very convenient. Since it's settings is generated from the server, I'd assume it's configured correctly.

  4. #14
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,660
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Can't seem to access OpenVPN AS remotely

    On the server there is no firewall enabled by default unless you did it. So, there shouldn't be one. You can check iptables chains with:
    Code:
    sudo iptables -L -v -n
    If all chains INPUT, FORWARD and OUTPUT say ACCEPT then the firewall is not active. It lets all traffic pass.

    Yes, open 914-917 on the router, and forward tcp/914, tcp/915, udp/916 and udp/917 to the server private IP. By using netstat on the server you see which service is listening where. If you have a router with a firewall in front of the server, you need that port open and forwarded in order for the specific service to work, otherwise it has no route to reach the server.

    Their AS client should be set up by default to use the correct ports, if you didn't change any ports on the server side, but it's worth double checking. There might be an option in the client GUI that displays the port. For example, if you do change the AS server port, you need to have a way to change the port in the client GUI too, right? So there might be something in the options/preferences in the client GUI.

    For OpenVPN client usually it uses a configuration text file and the port is there, easy to check or change. For this AS client you will have to look around its GUI or consult the documentation.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 12.04 LTS 64bit & Windows 7 Ultimate 64bit

  5. #15
    Join Date
    May 2013
    Beans
    10

    Re: Can't seem to access OpenVPN AS remotely

    Quote Originally Posted by darkod View Post
    On the server there is no firewall enabled by default unless you did it. So, there shouldn't be one. You can check iptables chains with:
    Code:
    sudo iptables -L -v -n
    If all chains INPUT, FORWARD and OUTPUT say ACCEPT then the firewall is not active. It lets all traffic pass.

    Yes, open 914-917 on the router, and forward tcp/914, tcp/915, udp/916 and udp/917 to the server private IP. By using netstat on the server you see which service is listening where. If you have a router with a firewall in front of the server, you need that port open and forwarded in order for the specific service to work, otherwise it has no route to reach the server.

    Their AS client should be set up by default to use the correct ports, if you didn't change any ports on the server side, but it's worth double checking. There might be an option in the client GUI that displays the port. For example, if you do change the AS server port, you need to have a way to change the port in the client GUI too, right? So there might be something in the options/preferences in the client GUI.

    For OpenVPN client usually it uses a configuration text file and the port is there, easy to check or change. For this AS client you will have to look around its GUI or consult the documentation.
    OK, I'll open the ports in the router, and see if that worked tomorrow night. Also, I just noticed I used "LDAP" when I meant "PPTP", the other VPN protocol! My bad!

    In the meanwhile, here's what the IP table results were:
    Code:
    $ sudo iptables -L -v -n
    Chain INPUT (policy ACCEPT 5 packets, 583 bytes)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
      208 97705 AS0_ACCEPT  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      state RELATED,ESTABLISHED
        4   240 AS0_ACCEPT  all  --  lo     *       0.0.0.0/0            0.0.0.0/0                                                                                            
        0     0 AS0_IN_PRE  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      mark match 0x2000000/0x2000000
        0     0 AS0_ACCEPT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      state NEW tcp dpt:915
        4   208 AS0_ACCEPT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      state NEW tcp dpt:914
        0     0 AS0_ACCEPT  udp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      state NEW udp dpt:917
        0     0 AS0_ACCEPT  udp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      state NEW udp dpt:916
        0     0 AS0_WEBACCEPT  all  --  *      *       0.0.0.0/0            0.0.0.0/                                                                                          0            state RELATED,ESTABLISHED
        0     0 AS0_WEBACCEPT  tcp  --  *      *       0.0.0.0/0            0.0.0.0/                                                                                          0            state NEW tcp dpt:943
        1    52            tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      tcp dpt:22 state NEW recent: SET name: DEFAULT side: source
        0     0 LOG_AND_DROP  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 4 name: D                                                                                          EFAULT side: source
        1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      tcp dpt:22
    
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 AS0_ACCEPT  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      state RELATED,ESTABLISHED
        0     0 AS0_IN_PRE  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      mark match 0x2000000/0x2000000
        0     0 AS0_OUT_S2C  all  --  *      as0t+   0.0.0.0/0            0.0.0.0/0                                                                                           
    
    
    Chain OUTPUT (policy ACCEPT 223 packets, 151K bytes)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 AS0_OUT_LOCAL  all  --  *      as0t+   0.0.0.0/0            0.0.0.0/                                                                                          0
    
    
    Chain AS0_ACCEPT (7 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
      216 98153 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain AS0_IN (4 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            5.5.0.1                                                                                               
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            192.168.1.0/                                                                                          24
        0     0 AS0_IN_POST  all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                           
    
    
    Chain AS0_IN_POST (1 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 AS0_OUT    all  --  *      as0t+   0.0.0.0/0            0.0.0.0/0                                                                                             
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain AS0_IN_PRE (2 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 AS0_IN     all  --  *      *       0.0.0.0/0            5.5.0.0/20                                                                                            
        0     0 AS0_IN     all  --  *      *       0.0.0.0/0            192.168.0.0/                                                                                          16
        0     0 AS0_IN     all  --  *      *       0.0.0.0/0            172.16.0.0/1                                                                                          2
        0     0 AS0_IN     all  --  *      *       0.0.0.0/0            10.0.0.0/8                                                                                            
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain AS0_OUT (2 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain AS0_OUT_LOCAL (1 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      icmptype 5
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain AS0_OUT_S2C (1 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 AS0_OUT    all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain AS0_WEBACCEPT (2 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                             
    
    
    Chain LOG_AND_DROP (1 references)
     pkts bytes target     prot opt in     out     source               destination                                                                                           
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                      LOG flags 0 level 7 prefix "iptables deny: "
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
    Last edited by japtar; May 6th, 2013 at 02:58 AM.

  6. #16
    Join Date
    Nov 2009
    Location
    Segur De Calafell, Spain
    Beans
    11,660
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Can't seem to access OpenVPN AS remotely

    OK, you have no firewall on the server itself.

    I went little bit through the OpenVPN AS guide and it seem to use the standard port 443 for client connections. Don't understand it exactly, it might be using connection through browser, right? I was assuming the 914-917 ports going from the netstat results, but they could have designed the program to work how they want.

    Have you downloaded the guide and went through it? It seems to have sufficient info in there. In the menu on the left you have a link for Admin Guide, that's the PDF document:
    http://openvpn.net/index.php/access-.../overview.html

    Also, it looked to me like there is no free version of this product. If you paid for it, can their support help you little to set it up? You should be able to contact support for anything you paid for.
    Darko.
    -----------------------------------------------------------------------
    Ubuntu 12.04 LTS 64bit & Windows 7 Ultimate 64bit

  7. #17
    Join Date
    May 2013
    Beans
    10

    Re: Can't seem to access OpenVPN AS remotely

    Quote Originally Posted by darkod View Post
    OK, you have no firewall on the server itself.

    I went little bit through the OpenVPN AS guide and it seem to use the standard port 443 for client connections. Don't understand it exactly, it might be using connection through browser, right? I was assuming the 914-917 ports going from the netstat results, but they could have designed the program to work how they want.

    Have you downloaded the guide and went through it? It seems to have sufficient info in there. In the menu on the left you have a link for Admin Guide, that's the PDF document:
    http://openvpn.net/index.php/access-.../overview.html

    Also, it looked to me like there is no free version of this product. If you paid for it, can their support help you little to set it up? You should be able to contact support for anything you paid for.
    Good catch with the manual. I haven't paid anything for AS. I think the first 2 users are free (I'm just 1). I couldn't get the nearest wifi hotspot last time to test, but hopefully I can tonight!

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •