Secondary Interface not responding to Requests
Posted: Tue Oct 24, 2023 6:19 pm
I recently deployed a new OpenVPN AS appliance in my AWS cloud environment. I'm trying to move the management interface off the outside and to the secondary interface on my management network.
16:34:43.036631 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069593144 ecr 0,sackOK,eol], length 0
16:34:47.032943 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069597145 ecr 0,sackOK,eol], length 0
I also tried modifying the config-local.json to "admin_ui.https.ip_address": "ens6" instead of ens5
I'm not sure what else I may need to do to get this interface to respond.
- I've confirmed routing is accurate and can reach other appliances within the same subnet.
I've confirmed security groups are accurate as I can see accepts within the AWS flow logging on traffic I send.
I've confirmed I can see the traffic reach the interface via tcpdump
I do not see any responses.
I updated IPTables with "sudo iptables -A INPUT -i ens6 -p tcp --dport 943 -s 10.0.0.0/12 -j ACCEPT"
ens6 is the interface I'd like TCP 943 (and 22 when I fix this) to work.
16:34:43.036631 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069593144 ecr 0,sackOK,eol], length 0
16:34:47.032943 IP Y.Y.Y.Y.60594 > ip-X.X.X.X.943: Flags [S], seq 1518267522, win 65535, options [mss 1254,nop,wscale 6,nop,nop,TS val 4069597145 ecr 0,sackOK,eol], length 0
I also tried modifying the config-local.json to "admin_ui.https.ip_address": "ens6" instead of ens5
I'm not sure what else I may need to do to get this interface to respond.