I've been an OpenVPN user for several years now - from back in the early 1.x days... and while I've demoed Astaro in the past I didn't really have a reason to come back to it until they recently updated and have included SSL VPN (OpenVPN) - so I'm giving it a try again.
Well. By default the OpenVPN in Astaro 7 is configured as TCP and port 443 - which is a recent feature of OpenVPN 2.1 which allows the openvpn daemon to share the https port with a web server and helps remote users connected from highly protected remote networks.
However, using TCP adds an additional layer of overhead and reduces throughput. My current OpenVPN configuration is using UDP at a high port range - for this case we'll say 10000. This works great for my uses and I see about 10% better throughput on the connections vs. TCP.
So needless to say, when I configured Astaro's OpenVPN settings I went under the Advanced area and set the protocol to UDP and the port to 10000. Next thing I know I get a JavaScript (AJAX) error telling me the scripting has lost connection to the backend!!!??? So I try to refresh - NOTHING! - then I reboot the Astaro box.... now watching the console come up I see that the WebAdmin service fails. So I log onto the console and try to restart it manually - still fails. I try to find the logs - NOWHERE TO BE FREAKING FOUND!
Ok - so I reinstall - it's a fluke right? - It does the SAME THING when I reconfigure it two more times - yes I'm a bit persistent.
So - please tell me what I need to do to use UDP and a port other than 443. I assume this is possible - since the controls to change these settings wouldn't be there unless it was possible - right?
The only things I've set past the basic installation are:
1. Active Directory authentication over SSL
2. Added a group based off AD group membership (for SSL VPN connections)
3. Configured SSL VPN to 'Internal Network'
4. Configured SSL VPN to use above group.
-then- to break things.
5. Under SSL VPN advanced settings - protocol to UDP
6. Apply - so far so good.
7. Under SSL VPN advanced settings - port 10000
8. Apply - 'Cannot connect to backend.... !!!!'
Hardware: IBM NetVista P3 1Ghz, 256MB SDRAM, Two Intel EtherExpressJet PCI NICs, and One Intel Pro 100 NIC, a 40GB PC133 HD, and a 24X CDROM
Low end hardware, but workable for the few connections I'll have.
Also, I'm using an Astaro 7 home license. If this works out for my home network I may see about replacing our primary firewall at the office... hopefully to get us far away from PPTP connections...
Please help, this should just work. OpenVPN is a great product and I've never had a problem with it before - ever.
Also - if someone could tell me where I can get any service logging for failed services from the console??!!
Oh well - guess I'll start reinstalling it yet again.... [:@]
This thread was automatically locked due to age.
