Hallo in die Runde,
ich habe mir nun neben L2TP/IPSec auch mal den OpenVPN-Server eingerichtet. Das ist ja an Sich eine feine Sache und ich kann soweit auch eine Verbindung mit der Config und einem berechtigten User die Verbindung aufbauen.
nun wollte ich mittels Reverse-Proxy eine Subdomain auf den Port für den VPN-Server umleiten.
eingehend https://sub.domain.de:443
zu https://localhost:1194
Das Anlegen hat funktioniert, nur scheint openVPN mit der Umleitung von Port 443 auf 1194 nicht zurecht zu kommen. im Log steht folgendes:
Mon Oct 22 11:04:30 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Mon Oct 22 11:04:30 2018 Windows version 6.1 (Windows 7) 64bit
Mon Oct 22 11:04:30 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Mon Oct 22 11:04:35 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 22 11:04:35 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]93.x.x.x:443
Mon Oct 22 11:04:35 2018 Attempting to establish TCP connection with [AF_INET]93.x.x.x:443 [nonblock]
Mon Oct 22 11:04:36 2018 TCP connection established with [AF_INET]93.x.x.x:443
Mon Oct 22 11:04:36 2018 TCP_CLIENT link local: (not bound)
Mon Oct 22 11:04:36 2018 TCP_CLIENT link remote: [AF_INET]93.x.x.x:443
Mon Oct 22 11:04:36 2018 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mon Oct 22 11:04:36 2018 Connection reset, restarting [0]
Mon Oct 22 11:04:36 2018 SIGUSR1[soft,connection-reset] received, process restarting
Die VPNConfig.ovpn sieht so aus:
dev tun
tls-client
remote sub.domain.de 443
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
dhcp-option DNS 192.x.x.x
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto tcp-client
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth RSA-SHA512
auth-user-pass
comp-lzo
<ca>
Hat noch jemand eine Idee? muss für nginx eventuell noch eine Konfig angelegt werden?
ich habe mir nun neben L2TP/IPSec auch mal den OpenVPN-Server eingerichtet. Das ist ja an Sich eine feine Sache und ich kann soweit auch eine Verbindung mit der Config und einem berechtigten User die Verbindung aufbauen.
nun wollte ich mittels Reverse-Proxy eine Subdomain auf den Port für den VPN-Server umleiten.
eingehend https://sub.domain.de:443
zu https://localhost:1194
Das Anlegen hat funktioniert, nur scheint openVPN mit der Umleitung von Port 443 auf 1194 nicht zurecht zu kommen. im Log steht folgendes:
Mon Oct 22 11:04:30 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Mon Oct 22 11:04:30 2018 Windows version 6.1 (Windows 7) 64bit
Mon Oct 22 11:04:30 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Mon Oct 22 11:04:35 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Oct 22 11:04:35 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]93.x.x.x:443
Mon Oct 22 11:04:35 2018 Attempting to establish TCP connection with [AF_INET]93.x.x.x:443 [nonblock]
Mon Oct 22 11:04:36 2018 TCP connection established with [AF_INET]93.x.x.x:443
Mon Oct 22 11:04:36 2018 TCP_CLIENT link local: (not bound)
Mon Oct 22 11:04:36 2018 TCP_CLIENT link remote: [AF_INET]93.x.x.x:443
Mon Oct 22 11:04:36 2018 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
Mon Oct 22 11:04:36 2018 Connection reset, restarting [0]
Mon Oct 22 11:04:36 2018 SIGUSR1[soft,connection-reset] received, process restarting
Die VPNConfig.ovpn sieht so aus:
dev tun
tls-client
remote sub.domain.de 443
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
dhcp-option DNS 192.x.x.x
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto tcp-client
script-security 2
reneg-sec 0
cipher AES-256-CBC
auth RSA-SHA512
auth-user-pass
comp-lzo
<ca>
Hat noch jemand eine Idee? muss für nginx eventuell noch eine Konfig angelegt werden?