Openvpn not working under EC2 in AWS ( 2 devices )

[uebv60ojw0]

So I had this problem a while ago on AWS EC2 - I'm still learning about networking and VPS's - and sysadmin in general

My setup process:

AWS Dashboard > EC2 ( Ohio )> AMI > Selecting OpenVPN 2 devices > all default configuration > lunching > shh into the instance ( OpenVPN ubuntu 20.04 server ) > all default setup

Code: Select all

Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:

Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 172.31.5.247
Please enter the option number from the list above (1-2).
> Press Enter for default [1]:

Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:

Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:

Should client traffic be routed by default through the VPN?
> Press ENTER for default [no]:

Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [no]:

Use local authentication via internal DB?
> Press ENTER for default [yes]:

Private subnets detected: ['172.31.0.0/16']

Should private subnets be accessible to clients by default?
> Press ENTER for EC2 default [yes]:

To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).

You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.

Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]: no

> Specify the username for an existing user or for the new user account: user
Type the password for the 'user' account:
Confirm the password for the 'user' account:

> Please specify your Activation key (or leave blank to specify later): _I LEFT IT BLANK



Initializing OpenVPN...
Removing Cluster Admin user login...
userdel "admin_c"
Adding new user login...
useradd -s /sbin/nologin "user"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: 3.139.105.00 [SERVER IP]
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating PAM config...
Enabling service
Starting openvpnas...

NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly.  Please ensure that your time and date
are correct on this system.

Initial Configuration Complete!

then I go to the user panel using the instance Ip and download the .ovpn file and i connect

and every thing seems nice until I try to check my Ip and nothing has change - and on the OpenVPN client no traffic seems to go to the server !

what wrong ? I didn't change anything every thing on default

What info/logs should I give ?

[Danran]

You most likely need to reconfigure your openvpn setup to route all traffic through the vpn by default. You can do this by re-initializing the configuration script. In terminal run

Code: Select all

/usr/local/openvpn_as/bin/ovpn-init --force

. Then make the following changes to your default settings when the script activates:

Code: Select all

used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 172.31.5.247
Please enter the option number from the list above (1-2).
> Press Enter for default [1]:1

Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:943

Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:443

Should client traffic be routed by default through the VPN?
> Press ENTER for default [no]:YES

Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [no]:YES

Use local authentication via internal DB?
> Press ENTER for default [yes]:yes

Private subnets detected: ['172.31.0.0/16']

Should private subnets be accessible to clients by default?
> Press ENTER for EC2 default [yes]:yes

To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).

You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.

Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]: no

> Specify the username for an existing user or for the new user account: user
Type the password for the 'user' account:
Confirm the password for the 'user' account:

> Please specify your Activation key (or leave blank to specify later): _I LEFT IT BLANK

THEN, you want to go the the admin page in the openvpn access server, and make sure that you IP address is correct for OpenVPN. More than likely, it is using your private subnets IP address, and not your Public IP address. So change that IP in the Access Server Web Interface, then re-download the config file and try again.

[uebv60ojw0]

Hi Danran, Thanks for replying (:


Thank you soo much ! - i didn't notice that the OpenVPN was using the private subnet IP


For anyone who faces the same issue here's the fix :

go thought the setup normally and after the completion you might notice that OpenVPN tells you to visit the admin and the client UI by visiting the private subnet IP

What you should do

1 . Visit the links using the public ip
2 . on configuration tab go to network settings
3 . change the private subnet ip to the public one
[AND THERE YOU GO (:]


Thank you Danran You're a life saver (: .