cannot be accessed the webui from the public

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
wangqinghai
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 05, 2021 10:30 am

cannot be accessed the webui from the public

Post by wangqinghai » Mon Jun 07, 2021 2:46 pm

My AS server is deployed behind lvs , and the internal network uses the internal IP to access, and vpn and webui can be accessed normally.

But there is a problem when accessing the webui from the public network, the web page is not displayed completely, and the login page cannot be displayed. Check the page properties and find that there are multiple occurrences of 302 ERR_TOO_MANY_REDIRECTS error

Can someone help me?

chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: cannot be accessed the webui from the public

Post by chilinux » Mon Jun 07, 2021 5:05 pm

I would recommend not using LVS, if possible, with OpenVPN AS. The OpenVPN AS cluster feature has it's own method of distributing load and providing availability (via round-robin DNS). Using LVS just adds complexity.

However, if you are serious about going down this messy rabbit hole, additional information is going to be needed.

Are you using LVS/NAT, LVS/TUN or LVS/DR?

What ipvsadm commands are you using?

Are you only using ipvsadm to configure load-balancing on the LVS server or is there a Layer 7 reverse proxy load balancer application (such as nginx) also running on the LVS server?

In the Google Chrome browser, if you press Ctrl-Shift-I to bring up the Inspect and go to the Network tab, what is the Response Header given when attempting to access the login page?

wangqinghai
OpenVpn Newbie
Posts: 5
Joined: Sat Jun 05, 2021 10:30 am

Re: cannot be accessed the webui from the public

Post by wangqinghai » Tue Jun 08, 2021 3:03 am

chilinux wrote:
Mon Jun 07, 2021 5:05 pm
I would recommend not using LVS, if possible, with OpenVPN AS. The OpenVPN AS cluster feature has it's own method of distributing load and providing availability (via round-robin DNS). Using LVS just adds complexity.

However, if you are serious about going down this messy rabbit hole, additional information is going to be needed.

Are you using LVS/NAT, LVS/TUN or LVS/DR?

What ipvsadm commands are you using?

Are you only using ipvsadm to configure load-balancing on the LVS server or is there a Layer 7 reverse proxy load balancer application (such as nginx) also running on the LVS server?

In the Google Chrome browser, if you press Ctrl-Shift-I to bring up the Inspect and go to the Network tab, what is the Response Header given when attempting to access the login page?
Thank you for your reply

The use of lvs is to map the public network ip, because of the problem of my network environment.
LVS is FULLNAT mode.
And in order to eliminate the problem caused by LVS, I used Cisco ASA firewall to do port forwarding in other network environments. The same situation occurred, the AS server did not do any other configuration, but the deployment started.


When I turn off "Client Web Server forwarding" and turn on "Admin Web Server forwarding", I can access the admin webui through the public network ip, but cannot access the user webui

Chrome returns a lot of "302 Found".

Code: Select all

Request URL: https://myas.com/__session_start__/
Request Method: GET
Status Code: 302 Found
Remote Address: 1.1.1.1:443
Referrer Policy: strict-origin-when-cross-origin

To add, the vpn client can log in normally through the public network ip

chilinux
OpenVPN Power User
Posts: 156
Joined: Thu Mar 28, 2013 8:31 am

Re: cannot be accessed the webui from the public

Post by chilinux » Tue Jun 08, 2021 7:37 am

In the admin panel, go to Cconfiguration -> Network Settings -> Hostname or IP Address

Change it from 1.1.1.1 to myas.com

Save the settings and restart the AS service

You will then have to use the DNS name regardless of if you are access it internally or externally but it should become available externally.

If you continue to have problems then please provide the *Response* Headers instead of the General section.

Post Reply