I was attempting to disable some CIPHER's per an Audit.
Found this page: https://openvpn.net/vpn-server-resource ... ss-server/
Added cipher ciphername to both boxes and then all the webpages stopped loading.
Should have thought that through a bit more but I am stuck with it now. I was wondering if anyone knew how to remove those settings through the command line or if anyone has any advice.
Settings change borked my GUI
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Settings change borked my GUI
If you change the ciphers without reinstalling the clients, you're gonna have a bad time. You can't change the cipher on an existing deployment without reinstalling the clients.
You can fix this by removing those items from your Access Server configuration.
You can fix this by removing those items from your Access Server configuration.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Jul 17, 2019 8:58 pm
Re: Settings change borked my GUI
Luckily we had it all set to default so I should be able to revert back if I can find out how. Since I cant access the UI, I am attempting to find the commands to force reset all the settings I just changed.
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Settings change borked my GUI
So... your Access Server is unreachable unless you are connected over VPN? A bit odd. Anyways.. run these commands on the command line to wipe these commands:
Please note that if you enter directives into either of the two boxes for 'client config directives' or 'server config directives' that they are NOT checked for validity. In fact, if you enter incorrect information in the 'server config directives' box or the 'client config directives' box it is possible that the server will fail. Fortunately it is easy to recover from this mistake by logging on to the console or an SSH session to the Access Server and performing the following commands:
/usr/local/openvpn_as/scripts/confdba -mk "vpn.server.config_text" -v ""
/usr/local/openvpn_as/scripts/confdba -mk "vpn.client.config_text" -v ""
service openvpnas restart
Please note that if you enter directives into either of the two boxes for 'client config directives' or 'server config directives' that they are NOT checked for validity. In fact, if you enter incorrect information in the 'server config directives' box or the 'client config directives' box it is possible that the server will fail. Fortunately it is easy to recover from this mistake by logging on to the console or an SSH session to the Access Server and performing the following commands:
/usr/local/openvpn_as/scripts/confdba -mk "vpn.server.config_text" -v ""
/usr/local/openvpn_as/scripts/confdba -mk "vpn.client.config_text" -v ""
service openvpnas restart
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.