OpenVPN Access Server - Not listening on 443

[michaelgierer3]

Hello!

Today I installed the OpenVPN Access server on CentOS 8 using the offical install guide.

The installation went fine, but there is one problem: The OpenVPN access server does not listen to 443. So I'm not able to retrieve the configuration files on my mobile or clients.

I did literally nothing except running the script /usr/local/openvpn_as/bin/ovpn_init where I used the default values.

You can verify the non-existance of the port 443 by netstat:



I did the portforwarding approprietly, since I tested it with the httpd-daemon. But I'm not running httpd with OpenVPN AS simultaneously!

Furthermore, I checked the web settings regarding the "Web Service forwading", which is set to "Yes" - so the OpenVPN AS should open the 443 socket ...



Do you have any idea what's wrong with my setup?

Kind regards,
Michael

[squeeb]

Hi Michael,

OpenVPN-AS actually does this by port forwarding tcp/443 to an instance running on another port.

You can see the iptables rules responsible for this here:

Code: Select all

sudo iptables -L PREROUTING -t nat -v -n
Chain PREROUTING (policy ACCEPT 347 packets, 33112 bytes)
 pkts bytes target     prot opt in     out     source               destination
  136  9520 AS0_DPFWD_UDP  udp  --  *      *       0.0.0.0/0            X.X.X.X        udp dpt:1194 state NEW
   20  1088 AS0_DPFWD_TCP  tcp  --  *      *       0.0.0.0/0            X.X.X.X        tcp dpt:443 state NEW

sudo iptables -L AS0_DPFWD_TCP -t nat -v -n
Chain AS0_DPFWD_TCP (1 references)
 pkts bytes target     prot opt in     out     source               destination
    7   424 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:X.X.X.X:914

sudo ss -antp | grep 914
LISTEN     0      1      X.X.X.X:914                      *:*                   users:(("openvpn-openssl",pid=21010,fd=5))

It's worth running those commands first to determine if the counters are incrementing for traffic being punted to the openvpn-openssl process.