openvpn WEB_ADMIN real IP always 127.0.0.1

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

openvpn WEB_ADMIN real IP always 127.0.0.1

Post by edmoncu » Tue Nov 28, 2023 6:15 pm

Hi,

Noticed that after upgrading to openvpnas 2.12.3, when checking the Status > Log Reports, my web admin access to my openvpnas reports that my real IP is always 127.0.0.1 and not my actual ISP IP.

I wonder if this is a bug or a trigger of certain settings in my access server? the instances were all running on ubuntu 22 LTS and cent os 7.

The clients are being reported of their actual IP still though.

Thank you

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1321
Joined: Tue Feb 16, 2021 10:41 am

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by openvpn_inc » Tue Nov 28, 2023 9:39 pm

Hello,

Can confirm on my system with 2.12.3 that public IP is still being shown correctly on web login.

However, it sounds like a bug or imperfection. In reality when you access the Access Server on the TCP port 443 (the default HTTPS port and assuming default configuration) you are actually hitting the OpenVPN TCP daemon which then transfers the connection internally to the web services. That way the OpenVPN TCP daemon and the web services can share the same port. That is useful to bypass certain simple firewalls that block everything except TCP 443 (HTTPS traffic). And maybe in your particular configuration that shows up as 127.0.0.1 because it's internal traffic.

I'd suggest contacting support and sending a sacli support output so we can see if there is a particular configuration that would solve this.

Oh, and try accessing your Access Server's web interface on port TCP 943. Like https://123.45.67.89:943/ or such.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by edmoncu » Tue Nov 28, 2023 10:32 pm

I am able to confirm also that when accessing AS via https:// NOT using port 943 gets this behavior. in the previous versions, this did not happen. wonder if this is specific only to 2.12.3

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by edmoncu » Wed Nov 29, 2023 7:31 pm

Hi Johan,

I got an update from support that this was indeed a reproducible bug on the current 2.12.3 which was not present on older 2.11.3 AS. I was advised that the Devs are fixing this bug. However, no ETA is provided when will this fix gets a release date.

Thank you and kind regards

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1321
Joined: Tue Feb 16, 2021 10:41 am

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by openvpn_inc » Fri Dec 01, 2023 4:35 pm

Hi edmoncu,

Yeah, I've been keeping an eye on this. So basically it's the new DCO functionality which is in beta. When enabling that, the issue occurs. We'll fix it.

Giving an ETA is extremely difficult in software development. It will be fixed and it has our attention. But it's not a critical item. If you want it fixed now, turn off DCO.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by edmoncu » Sat Dec 02, 2023 3:47 am

Hi Johan,

Confirming that DCO is enabled at all my instances and disabling it restores the logging of IP correctly.
Given the tradeoff between performance and security of my instances, I am opting for security to accurately log activities for now.

Will await the update on fixing the DCO bug.

Thanks!

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by edmoncu » Fri Dec 08, 2023 10:31 am

Hi Johan,

Upon checking, update 2.13.0 seems to have not fixed this issue yet.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1321
Joined: Tue Feb 16, 2021 10:41 am

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by openvpn_inc » Fri Dec 08, 2023 12:20 pm

Hello edmoncu,

That is correct, it was also not mentioned or suggested anywhere that it would be. It will be fixed and it has our attention, but in some other future release of Access Server.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

edmoncu
OpenVPN User
Posts: 32
Joined: Fri Aug 07, 2020 4:30 pm

Re: openvpn WEB_ADMIN real IP always 127.0.0.1

Post by edmoncu » Fri Feb 16, 2024 7:31 pm

just an update that the recently released openvpnas v2.13.1 fixed this bug.
thank you!

Post Reply