Help with port-share

[jonathans]

Hi,
I need help with what I think is a port-share issue.
This is my /use/local/openvpn_as/etc/config.json file

Code: Select all

{
  "Default": {
    "admin_ui.https.ip_address": "eth0",
    "admin_ui.https.port": "943",
    "auth.ldap.0.name": "My LDAP servers",
    "auth.ldap.0.ssl_verify": "never",
    "auth.ldap.0.timeout": "4",
    "auth.ldap.0.use_ssl": "never",
    "auth.module.type": "pam",
    "auth.pam.0.service": "openvpnas",
    "auth.radius.0.acct_enable": "false",
    "auth.radius.0.name": "My Radius servers",
    "cs.cws_proto_v2": "true",
    "cs.https.ip_address": "eth0",
    "cs.https.port": "943",
    "cs.prof_sign_web": "true",
    "host.name": "xx.xx.xx.xx",
    "sa.initial_run_groups.0": "web_group",
    "sa.initial_run_groups.1": "openvpn_group",
    "vpn.client.routing.inter_client": "false",
    "vpn.client.routing.reroute_dns": "true",
    "vpn.client.routing.reroute_gw": "true",
    "vpn.daemon.0.client.netmask_bits": "20",
    "vpn.daemon.0.client.network": "5.5.0.0",
    "vpn.daemon.0.listen.ip_address": "eth0",
    "vpn.daemon.0.listen.port": "443",
    "vpn.daemon.0.listen.protocol": "tcp",
    "vpn.daemon.0.server.ip_address": "eth0",
    "vpn.server.daemon.enable": "true",
    "vpn.server.daemon.tcp.n_daemons": 1,
    "vpn.server.daemon.tcp.port": "443",
    "vpn.server.daemon.udp.n_daemons": 1,
    "vpn.server.daemon.udp.port": "1194",
    "vpn.server.group_pool.0": "5.5.16.0/20",
    "vpn.server.port_share.enable": "true",
    "vpn.server.port_share.ip_address": "127.0.0.1",
    "vpn.server.port_share.port": "10443",
    "vpn.server.port_share.service": "admin+client",
    "vpn.server.routing.private_access": "nat",
    "vpn.tls_refresh.do_reauth": "true",
    "vpn.tls_refresh.interval": "360"
  },
  "_INTERNAL": {
    "run_api.active_profile": "Default",
    "webui.edit_profile": "Default"
  }
}

And this is my apache conf:

Code: Select all

NameVirtualHost *:10443
Listen 10443

It's working if I go to https://domain.com:10443
But if I go to https://domain.com I just see the OpenVpn login screen.

What am I doing wrong?

[novaflash]

I am sorry, but what you want cannot be done.

First off, the config.json file is not the file actually used for the configuration. It is actually in an SQLite database in /usr/local/openvpn_as/etc/db/.
While you can use the script /usr/local/openvpn_as/scripts/confdba to alter settings in the database, it will not help you much because as far as I know these parameters are being ignored as they have long ago been transformed into hardcoded links internally to the web services of the Access Server for security reasons:

"vpn.server.port_share.ip_address": "1.2.3.4",
"vpn.server.port_share.port": "1234",

So, sorry, but port sharing cannot be done in this fashion. One thing you can do if you REALLY MUST share that port for whatever reason, is set up a reverse proxy that handles the incoming connections and based on preset rules divides the traffic between the Access Server and whatever other web services you want to have running on that specific port. Please note that unless the proxy forwards the external user's IP address correctly you will need to disable the session IP lock security measure.

This is a security check. The default value is “true”. If you run into the following message you can set it to false to disable this particular check (please note that this option is only configurable in the 1.8.3 development builds or later. If you are running the stable 1.8.3 build, you will need to update it to the latest versions for this option to become configurable).
“SESSION_ID only allowed to be used by client IP address that created it”

Normally this message won’t occur. If however you have a reverse proxy in front of your OpenVPN Access Server you may get this message when you log in at the web based client interface. Using such a setup, the server sees the reverse proxy initiating a connection followed by the actual client connecting. This triggers this security check and alerts the user. To disable this security check use the following commands in an SSH session or on the console of the Access Server:

/usr/local/openvpn_as/scripts/confdba -mk vpn.server.session_ip_lock -v false
/etc/init.d/openvpnas restart

Good luck.