OpenVPN Access Server install and block ip address

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
anaconda77
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 31, 2014 11:37 am

OpenVPN Access Server install and block ip address

Post by anaconda77 » Wed Dec 31, 2014 12:22 pm

Hi,
I would like to install open vpn on my server and I have heard about open vpn access server (here : http://korben.info/installer-openvpn.html)
I have done those command :

Code: Select all

apt-get install openvpn
then

Code: Select all

dpkg -i apt-get install openvpn
the configuration has finished with :

Code: Select all

NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly.  Please ensure that your time and date
are correct on this system.

Initial Configuration Complete!
I have set a password for the user openvpn and then I have done a test on the web access UI and the client UI :
Admin UI: https://my_ip:943/admin
Client UI: https://my_ip:943/

Result : i can't acces on those web access, and I loose the connection because my @ ip is rejected.
Error message : Unable to connect
See the daemon.log :

Code: Select all

Dec 31 12:32:12 lp portsentry[3072]: attackalert: TCP SYN/Normal scan from host: my_ip/my_ip to TCP port: 943
Dec 31 12:32:12 lp portsentry[3072]: attackalert: Host my_ip has been blocked via wrappers with string: "ALL: my_ip : DENY"
Dec 31 12:32:12 lp portsentry[3072]: attackalert: Host my_ip has been blocked via dropped route using command: "/sbin/route add -host my_ip reject"
Dec 31 12:32:12 lp portsentry[3072]: attackalert: External command run for host: my_ip using command: "/sbin/iptables -I INPUT -s my_ip -j DROP && /sbin/iptables -I INPUT -s my_ip -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level debug --log-prefix 'Portsentry: dropping: '"
Dec 31 12:33:03 lp init: Switching to runlevel: 6
It's only when i wand to go on the web access. No problem with my others web pages
Only solution to recover my access : delete my @ ip in /etc/hosts.deny.

I have done an apt-get remove and apt-get purge of openvpn and openvpnas, then a new installation, the result is the same.

I have restart openvpnas many times, same result.


Here the configuration of as.conf file :

Code: Select all

AS_CONNECT=true
tmp_dir=~/tmp
lic.dir=~/licenses
run_start_retry.give_up=60
run_start_retry.resample=10
sa.show_c2s_routes=true
certs_db=sqlite:///~/db/certs.db
user_prop_db=sqlite:///~/db/userprop.db
config_db=sqlite:///~/db/config.db
log_db=sqlite:///~/db/log.db
db_retry.interval=1
db_retry.n_attempts=6
boot_pam_service=openvpnas
boot_pam_users.0=openvpn
system_users_local.0=root
system_users_local.1=openvpn_as
cs.user=openvpn_as
cs.group=openvpn_as
general.sock_dir=~/sock
sa.win_exe_dir=~/exe
sa.company_name=OpenVPN Technologies, Inc.
sa.sock=~/sock/sagent
cs.auto_generate=true
cs.ca_bundle=~/web-ssl/ca.crt
cs.priv_key=~/web-ssl/server.key
cs.cert=~/web-ssl/server.crt
cs.dynamic_port_base=870
sa.initial_run_groups.0=web_group
sa.reactor=epoll
sa.unit=0
iptables.web=true
vpn.server.user=openvpn_as
vpn.server.group=openvpn_as
my iptables -L :

Code: Select all

Chain INPUT (policy DROP)
target     prot opt source               destination
AS0_ACCEPT  all  --  anywhere             anywhere            state RELATED,ESTABLISHED
AS0_ACCEPT  all  --  anywhere             anywhere
AS0_IN_PRE  all  --  anywhere             anywhere            mark match 0x2000000/0x2000000
AS0_ACCEPT  tcp  --  anywhere             my.server               state NEW tcp dpt:915
AS0_ACCEPT  tcp  --  anywhere             my.server               state NEW tcp dpt:914
AS0_ACCEPT  tcp  --  anywhere             my.server               state NEW tcp dpt:917
AS0_ACCEPT  tcp  --  anywhere             my.server               state NEW tcp dpt:916
AS0_ACCEPT  udp  --  anywhere             my.server               state NEW udp dpt:919
AS0_ACCEPT  udp  --  anywhere             my.server               state NEW udp dpt:918
AS0_ACCEPT  udp  --  anywhere             my.server               state NEW udp dpt:921
AS0_ACCEPT  udp  --  anywhere             my.server               state NEW udp dpt:920
AS0_WEBACCEPT  all  --  anywhere             anywhere            state RELATED,ESTABLISHED
AS0_WEBACCEPT  tcp  --  anywhere             my.server               state NEW tcp dpt:943
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports 12345
fail2ban-apache-phpmyadmin  tcp  --  anywhere             anywhere            multiport dports www,https
fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere            multiport dports pop3,imap2
fail2ban-Apache-w00tw00t  tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:12345
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:telnet
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8443
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:ftp-data:ftp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9091
ACCEPT     udp  --  anywhere             anywhere            udp dpt:51413
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:51413
ACCEPT     udp  --  anywhere             anywhere            udp spt:51413
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:51413
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination
AS0_ACCEPT  all  --  anywhere             anywhere            state RELATED,ESTABLISHED
AS0_IN_PRE  all  --  anywhere             anywhere            mark match 0x2000000/0x2000000
AS0_OUT_S2C  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
I dont' have file configuration in the folder /etc/openvpn/ except the script update-resolv-conf
The version of OpenVPN AS is 2.0.11.


Why I have this block with OpenVPN AS ?
How I can avoid this and access on OpenVPN AS UI ?

Thanks in advance for your help.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN Access Server install and block ip address

Post by Traffic » Wed Dec 31, 2014 4:11 pm

I do not know what your issue is or how to solve it but ..

"apt-get install openvpn" is not the same as "OpenVPN-Access Server".

OpenVPN: is the Free Open Source Software - Community Edition

OpenVPN-Access Server: is Closed Source OpenVPN Technologies Commercial product.
Top
Post Reply

Return to “Installation Help”