0-8-4
If its a server, use clearos/zentyal (ClearOS runs a LDAP server, never tried Zentyal)
Pfsense works as well, but not sure if it works with LDAP (never tried)
OpenVPN +LDAP also works on plain old OpenVPN -> see http://code.google.com/p/openvpn-auth-ldap/
Don't waste your energy trying to change opinions ... Do your thing, and don't care if they like it.
Staff Emeritus
Before you take drastic decisions, did you rule out firewall and vpn client problems?
Can you confirm there is no firewall on the server (or in front of it) blocking incoming ports 914-917?
Can you confirm the vpn client you are using to connect uses those ports?
OpenVPN is easy to set up, but you do need some basic knowledge. I am not an expert myself.
For example, if you want to give openvpn a shot this instructions should be enough:
https://help.ubuntu.com/12.04/serverguide/openvpn.html
But note that later administration might be complicated for you without GUI. You will have to create and download client keys over SSH or similar. Additionally if you want to use password authentication, it depends how do you create and control users on the server.
If you plan to try openvpn first deinstall the SA version you installed.
Darko.
-----------------------------------------------------------------------
Ubuntu 18.04 LTS 64bit
5 Cups of Ubuntu
How do I check if there's a firewall at all on the server?Originally Posted by darkod
The firewall on the router is blocking ports from 914-917. Should I port forward TCP or UDP with these ports?
How do I check which port the VPN client is connecting from? I'm using Windows 7 for the client (which is unfortunately necessary).
It's worth noting that AS provides a GUI for the client as well, which I found to be very convenient. Since it's settings is generated from the server, I'd assume it's configured correctly.
Staff Emeritus
On the server there is no firewall enabled by default unless you did it. So, there shouldn't be one. You can check iptables chains with:
If all chains INPUT, FORWARD and OUTPUT say ACCEPT then the firewall is not active. It lets all traffic pass.Code:sudo iptables -L -v -n
Yes, open 914-917 on the router, and forward tcp/914, tcp/915, udp/916 and udp/917 to the server private IP. By using netstat on the server you see which service is listening where. If you have a router with a firewall in front of the server, you need that port open and forwarded in order for the specific service to work, otherwise it has no route to reach the server.
Their AS client should be set up by default to use the correct ports, if you didn't change any ports on the server side, but it's worth double checking. There might be an option in the client GUI that displays the port. For example, if you do change the AS server port, you need to have a way to change the port in the client GUI too, right? So there might be something in the options/preferences in the client GUI.
For OpenVPN client usually it uses a configuration text file and the port is there, easy to check or change. For this AS client you will have to look around its GUI or consult the documentation.
Darko.
-----------------------------------------------------------------------
Ubuntu 18.04 LTS 64bit
5 Cups of Ubuntu
OK, I'll open the ports in the router, and see if that worked tomorrow night. Also, I just noticed I used "LDAP" when I meant "PPTP", the other VPN protocol! My bad!
In the meanwhile, here's what the IP table results were:
Code:$ sudo iptables -L -v -n Chain INPUT (policy ACCEPT 5 packets, 583 bytes) pkts bytes target prot opt in out source destination 208 97705 AS0_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4 240 AS0_ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 AS0_IN_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x2000000/0x2000000 0 0 AS0_ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:915 4 208 AS0_ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:914 0 0 AS0_ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:917 0 0 AS0_ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:916 0 0 AS0_WEBACCEPT all -- * * 0.0.0.0/0 0.0.0.0/ 0 state RELATED,ESTABLISHED 0 0 AS0_WEBACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/ 0 state NEW tcp dpt:943 1 52 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: DEFAULT side: source 0 0 LOG_AND_DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 4 name: D EFAULT side: source 1 52 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 AS0_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 AS0_IN_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x2000000/0x2000000 0 0 AS0_OUT_S2C all -- * as0t+ 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 223 packets, 151K bytes) pkts bytes target prot opt in out source destination 0 0 AS0_OUT_LOCAL all -- * as0t+ 0.0.0.0/0 0.0.0.0/ 0 Chain AS0_ACCEPT (7 references) pkts bytes target prot opt in out source destination 216 98153 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_IN (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 5.5.0.1 0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.1.0/ 24 0 0 AS0_IN_POST all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_IN_POST (1 references) pkts bytes target prot opt in out source destination 0 0 AS0_OUT all -- * as0t+ 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_IN_PRE (2 references) pkts bytes target prot opt in out source destination 0 0 AS0_IN all -- * * 0.0.0.0/0 5.5.0.0/20 0 0 AS0_IN all -- * * 0.0.0.0/0 192.168.0.0/ 16 0 0 AS0_IN all -- * * 0.0.0.0/0 172.16.0.0/1 2 0 0 AS0_IN all -- * * 0.0.0.0/0 10.0.0.0/8 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_OUT (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_OUT_LOCAL (1 references) pkts bytes target prot opt in out source destination 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 5 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_OUT_S2C (1 references) pkts bytes target prot opt in out source destination 0 0 AS0_OUT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AS0_WEBACCEPT (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOG_AND_DROP (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix "iptables deny: " 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Last edited by japtar; May 6th, 2013 at 02:58 AM.
Staff Emeritus
OK, you have no firewall on the server itself.
I went little bit through the OpenVPN AS guide and it seem to use the standard port 443 for client connections. Don't understand it exactly, it might be using connection through browser, right? I was assuming the 914-917 ports going from the netstat results, but they could have designed the program to work how they want.
Have you downloaded the guide and went through it? It seems to have sufficient info in there. In the menu on the left you have a link for Admin Guide, that's the PDF document:
http://openvpn.net/index.php/access-.../overview.html
Also, it looked to me like there is no free version of this product. If you paid for it, can their support help you little to set it up? You should be able to contact support for anything you paid for.
Darko.
-----------------------------------------------------------------------
Ubuntu 18.04 LTS 64bit
5 Cups of Ubuntu
Good catch with the manual. I haven't paid anything for AS. I think the first 2 users are free (I'm just 1). I couldn't get the nearest wifi hotspot last time to test, but hopefully I can tonight!
Posting Permissions
Adv Reply
Bookmarks