Came across a rather annoying problem today with the OpenVPN Access Server when separating out admin and user access to the server.
After adding a secondary interface to the server (for admin access) and configuring OpenVPN AS to run the 'Admin Web UI' on it
The fatal mistake was after I removed the secondary interface - the admin interface defaulted back to my primary interface and the 'Client Web Server' IP address was set to '0.0.0.0' - hence I assume OpenVPN AS was not aware that the 'Client Web Server' port was also bound to the 'Admin Web Server' (usually it is fine to share the same port if the exact IP is specified in both sections.)
So the access-server GUI suddenly became unavailable. Tailing the openvpnas logs returned:
2016-12-06 15:41:24+0000 [-] OVPN 0 OUT: 'Tue Dec 6 15:41:24 2016 Exiting due to fatal error'
2016-12-06 15:41:24+0000 [-] OVPN 0 ERR: 'Tue Dec 6 15:41:24 2016 TCP/UDP: Socket bind failed on local address [AF_INET]172.30.0.194:443: Address already in use'
2016-12-06 15:41:24+0000 [-] Server Agent initialization status: {'errors': {u'openvpn_0': [('error', "process started and then immediately exited: ['Tue Dec 6 15:41:24 2016 TCP/UDP: Socket bind failed on local address [AF_INET]1.2.3.4:443: Address already in use']"), ('error', 'service failed to start or returned error status')]}, 'service_status': {'bridge': 'started', 'log': 'started', 'license': 'started', 'iptables_web': 'started', 'iptables_openvpn': 'started', 'ip6tables_openvpn': 'started', 'auth': 'started', 'ip6tables_live': 'started', 'client_query': 'started', 'api': 'started', 'daemon_pre': 'started', 'web': 'started', 'db_push': 'started', 'iptables_live': 'started', u'openvpn_0': 'off', 'crl': 'started', 'user': 'started'}}
Since I was unable to edit the configuration via the GUI I ended up examining the 'config.json' configuration file:
cat /usr/local/openvpnas/etc/config.json | grep 943
"admin_ui.https.port": "443",
"cs.https.port": "443",
Although changes to this file didn't seem to work and the error persisted.
So eventually I found out about the 'confdba' command - wich let me view the current database configuration (/usr/local/openvpn_as/etc/db/):
/usr/local/openvpn_as/scripts/confdba -a
and then modify (either the ip address keys or in my case I simply changed the ports aroudn so they would not conflict with eahc other):
/usr/local/openvpn_as/scripts/confdba -mk "cs.https.port" -v "446"
restart the service:
sudo service openvpnas restart
and viola - the web GUI was back up and running!
0 comments:
Post a Comment