My AS server is deployed behind lvs , and the internal network uses the internal IP to access, and vpn and webui can be accessed normally.
But there is a problem when accessing the webui from the public network, the web page is not displayed completely, and the login page cannot be displayed. Check the page properties and find that there are multiple occurrences of 302 ERR_TOO_MANY_REDIRECTS error
Can someone help me?
cannot be accessed the webui from the public
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jun 05, 2021 10:30 am
-
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: cannot be accessed the webui from the public
I would recommend not using LVS, if possible, with OpenVPN AS. The OpenVPN AS cluster feature has it's own method of distributing load and providing availability (via round-robin DNS). Using LVS just adds complexity.
However, if you are serious about going down this messy rabbit hole, additional information is going to be needed.
Are you using LVS/NAT, LVS/TUN or LVS/DR?
What ipvsadm commands are you using?
Are you only using ipvsadm to configure load-balancing on the LVS server or is there a Layer 7 reverse proxy load balancer application (such as nginx) also running on the LVS server?
In the Google Chrome browser, if you press Ctrl-Shift-I to bring up the Inspect and go to the Network tab, what is the Response Header given when attempting to access the login page?
However, if you are serious about going down this messy rabbit hole, additional information is going to be needed.
Are you using LVS/NAT, LVS/TUN or LVS/DR?
What ipvsadm commands are you using?
Are you only using ipvsadm to configure load-balancing on the LVS server or is there a Layer 7 reverse proxy load balancer application (such as nginx) also running on the LVS server?
In the Google Chrome browser, if you press Ctrl-Shift-I to bring up the Inspect and go to the Network tab, what is the Response Header given when attempting to access the login page?
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Jun 05, 2021 10:30 am
Re: cannot be accessed the webui from the public
Thank you for your replychilinux wrote: ↑Mon Jun 07, 2021 5:05 pmI would recommend not using LVS, if possible, with OpenVPN AS. The OpenVPN AS cluster feature has it's own method of distributing load and providing availability (via round-robin DNS). Using LVS just adds complexity.
However, if you are serious about going down this messy rabbit hole, additional information is going to be needed.
Are you using LVS/NAT, LVS/TUN or LVS/DR?
What ipvsadm commands are you using?
Are you only using ipvsadm to configure load-balancing on the LVS server or is there a Layer 7 reverse proxy load balancer application (such as nginx) also running on the LVS server?
In the Google Chrome browser, if you press Ctrl-Shift-I to bring up the Inspect and go to the Network tab, what is the Response Header given when attempting to access the login page?
The use of lvs is to map the public network ip, because of the problem of my network environment.
LVS is FULLNAT mode.
And in order to eliminate the problem caused by LVS, I used Cisco ASA firewall to do port forwarding in other network environments. The same situation occurred, the AS server did not do any other configuration, but the deployment started.
When I turn off "Client Web Server forwarding" and turn on "Admin Web Server forwarding", I can access the admin webui through the public network ip, but cannot access the user webui
Chrome returns a lot of "302 Found".
Code: Select all
Request URL: https://myas.com/__session_start__/
Request Method: GET
Status Code: 302 Found
Remote Address: 1.1.1.1:443
Referrer Policy: strict-origin-when-cross-origin
To add, the vpn client can log in normally through the public network ip
-
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: cannot be accessed the webui from the public
In the admin panel, go to Cconfiguration -> Network Settings -> Hostname or IP Address
Change it from 1.1.1.1 to myas.com
Save the settings and restart the AS service
You will then have to use the DNS name regardless of if you are access it internally or externally but it should become available externally.
If you continue to have problems then please provide the *Response* Headers instead of the General section.
Change it from 1.1.1.1 to myas.com
Save the settings and restart the AS service
You will then have to use the DNS name regardless of if you are access it internally or externally but it should become available externally.
If you continue to have problems then please provide the *Response* Headers instead of the General section.