OpenVPN Access Server - Not listening on 443

Ask questions about your Access Server configuration here.
Post Reply
michaelgierer3
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 20, 2019 6:11 pm

OpenVPN Access Server - Not listening on 443

Post by michaelgierer3 » Fri Dec 20, 2019 6:19 pm

Hello!

Today I installed the OpenVPN Access server on CentOS 8 using the offical install guide.

The installation went fine, but there is one problem: The OpenVPN access server does not listen to 443. So I'm not able to retrieve the configuration files on my mobile or clients.

I did literally nothing except running the script /usr/local/openvpn_as/bin/ovpn_init where I used the default values.

You can verify the non-existance of the port 443 by netstat:

Image

I did the portforwarding approprietly, since I tested it with the httpd-daemon. But I'm not running httpd with OpenVPN AS simultaneously!

Furthermore, I checked the web settings regarding the "Web Service forwading", which is set to "Yes" - so the OpenVPN AS should open the 443 socket ...

Image

Do you have any idea what's wrong with my setup?

Kind regards,
Michael

squeeb
OpenVpn Newbie
Posts: 2
Joined: Mon Mar 23, 2020 12:52 am

Re: OpenVPN Access Server - Not listening on 443

Post by squeeb » Mon Mar 23, 2020 1:08 am

Hi Michael,

OpenVPN-AS actually does this by port forwarding tcp/443 to an instance running on another port.

You can see the iptables rules responsible for this here:

Code: Select all

sudo iptables -L PREROUTING -t nat -v -n
Chain PREROUTING (policy ACCEPT 347 packets, 33112 bytes)
 pkts bytes target     prot opt in     out     source               destination
  136  9520 AS0_DPFWD_UDP  udp  --  *      *       0.0.0.0/0            X.X.X.X        udp dpt:1194 state NEW
   20  1088 AS0_DPFWD_TCP  tcp  --  *      *       0.0.0.0/0            X.X.X.X        tcp dpt:443 state NEW

sudo iptables -L AS0_DPFWD_TCP -t nat -v -n
Chain AS0_DPFWD_TCP (1 references)
 pkts bytes target     prot opt in     out     source               destination
    7   424 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            to:X.X.X.X:914

sudo ss -antp | grep 914
LISTEN     0      1      X.X.X.X:914                      *:*                   users:(("openvpn-openssl",pid=21010,fd=5))

It's worth running those commands first to determine if the counters are incrementing for traffic being punted to the openvpn-openssl process.

Post Reply