AWS OpenVPN AS - Error 9007 in admin login

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
maiconbaumx
OpenVpn Newbie
Posts: 2
Joined: Thu Oct 29, 2020 6:39 pm

AWS OpenVPN AS - Error 9007 in admin login

Post by maiconbaumx » Thu Oct 29, 2020 6:55 pm

Hello guys. How is it going? =]
I have an OpenVPN Access Server setup in AWS, using the tiered licensed image. Everything is working fine, but now I have to clusterize this setup to support more than 500 users. I've followed this article: https://openvpn.net/vpn-server-resource ... r-cluster/ in order to setup the cluster. However, after converting the local SQLite database to a remote MySQL in RDS (5.7), every user that have admin privileges, can't login in the admin panel. This is the message presented:

Code: Select all

Sorry, a session error has occurred

It is possible that your session has expired or your login credentials do not allow access to this resource. See error text below for further details:

    SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

Retry Login
I found some information related to this error, but everything was about OpenVPN on Portainer or issues related to iptables, none of this seems to be my case, I have an OpenVPN AS cluster running on EC2 instance and I have no errors related to iptables in OpenVPN log. What I can see in logs is something related to user session expiration:

Code: Select all

0-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [stdout#info] SESSION ERROR: not well-formed (invalid token): line 286, column 47: web/xmlrpc:455,python2.7/xmlrpclib:1144,python2.7/xmlrpclib:558 (xml.parsers.expat.ExpatError)'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [stdout#info] ERROR in renderHTTP (astatus.py)'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [stdout#info] ConfigQuery: not well-formed (invalid token): line 286, column 47'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [pyovpn.xml.udscli.UDSProxyQueryFactory#info] Starting factory <pyovpn.xml.udscli.UDSProxyQueryFactory instance at 0x7fb58faecea8>'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [pyovpn.xml.udscli.UDSProxyQueryFactory#info] Stopping factory <pyovpn.xml.udscli.UDSProxyQueryFactory instance at 0x7fb58fb445f0>'
2020-10-29T15:24:14-0300 [twisted.python.log#info] "-" - - [29/Oct/2020:18:24:13 +0000] "POST /RPC2 HTTP/1.0" 200 197 "-" "Twisted/XMLRPClib"
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: "2020-10-29T15:24:14-0300 [stdout#info] SESSION ERROR: GuardSession instance has no attribute 'node': flat/twist:24,flat/ten:83,flat/flatstan:103,flat/ten:70,flat/ten:61,flat/flatstan:264,flat/ten:70,flat/ten:61,flat/flatstan:247,flat/flatstan:236,verge/verge:153 (exceptions.AttributeError)"
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [UDSProxyQueryProtocol,client] expired session 18e8...'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [UDSProxyQueryProtocol,client] Logout of portal <twisted.cred.portal.Portal object at 0x7fb590c2c2d0>'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [pyovpn.xml.udscli.UDSProxyQueryFactory#info] Starting factory <pyovpn.xml.udscli.UDSProxyQueryFactory instance at 0x7fb58fb0bf80>'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: "2020-10-29T15:24:14-0300 [stdout#info] SESSION ERROR: ('Could not adapt', <pyovpn.web.weberr.SessionError object at 0x7fb58fb0f790>, <InterfaceClass nevow.inevow.ISession>): internet/defer:653,admin/autils:975 (exceptions.TypeError)"
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: '2020-10-29T15:24:14-0300 [stdout#info] ERROR in renderHTTP (astatus.py)'
2020-10-29T15:24:14-0300 [stdout#info] [WEB] OUT: "2020-10-29T15:24:14-0300 [stdout#info] <bound method AdminServerStatus.chain_get_edit_profile_name of <pyovpn.admin.astatus.AdminServerStatus object at 0x7fb58fba1250>>: ('Could not adapt', <pyovpn.web.weberr.SessionError object at 0x7fb58fb0f790>, <InterfaceClass nevow.inevow.ISession>)"

I've search a lot trying to figure out what is wrong in this converting process and the only interesting thing that I've found is: This problem only happens when I use the remote config_db. I mean, the remote and local (SQLite) config_db are exactly the same (I've checked multiple times), and everything works fine while using the SQLite one, but when I change to the remote config_db (RDS MySQL), this error appears.

Any idea of what could be causing the behaviour?

Thanks a lot!
Top
maiconbaumx
OpenVpn Newbie
Posts: 2
Joined: Thu Oct 29, 2020 6:39 pm

Re: AWS OpenVPN AS - Error 9007 in admin login

Post by maiconbaumx » Fri Oct 30, 2020 6:23 am

Hello!
Never mind guys. I ended up migrating all databases except config_db and setting up config_db again after creating the cluster.
Now I have an OpenVPN Access Server cluster running on Autoscaling Group using spot instances. Next step will be populate a Cloudwatch Custom Metric using the number of connected users to create the Autoscaling Policies for this environment.
If it's interesting for someone, please let me know, surely I can write a tutorial.

Thanks!
Top
Post Reply

Return to “The OpenVPN Access Server”