This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

remote ssl vpn conflits whith https

gnomme over 16 years ago

If I enable remote ssl vpn I loose conectivity to my https for my internal webserver...is it a bug?

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

What version of Astaro?
Cancel
Vote Up 0 Vote Down

Cancel
0 gnomme over 16 years ago in reply to BAlfson

What version of Astaro?

Problem seems to have disapeared! Today I tryed and it works!....
I am using version 7.401 (yesterday I made the update)

Thanks anyway!
Cancel
Vote Up 0 Vote Down

Cancel
0 Lionking over 16 years ago in reply to gnomme

For me remote access via ssl does not work if I DNAT https to internal server.
ASG ver. 7.401. Https to internal server works.
Cancel
Vote Up 0 Vote Down

Cancel
0 gnomme over 16 years ago in reply to Lionking

For me remote access via ssl does not work if I DNAT https to internal server.
ASG ver. 7.401. Https to internal server works.

so it was a bug of the previous version?
Cancel
Vote Up 0 Vote Down

Cancel
0 Lionking over 16 years ago in reply to gnomme

I don't know how it worked before 7.400, I didn't DNAT https then, but still remote ssl doesn't work if I DNAT https.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to Lionking

Your DNAT rule reroutes 443 to a specific internal IP, so an SSL VPN can't work on 443. You must either change the public IP that's the target of your IP ('Additional Addresses') or change the 'Service' port you use for the VPN or HTTPS access. An additional IP address is the "standard" solution.
Cancel
Vote Up 0 Vote Down

Cancel
0 gnomme over 16 years ago in reply to BAlfson

Your DNAT rule reroutes 443 to a specific internal IP, so an SSL VPN can't work on 443. You must either change the public IP that's the target of your IP ('Additional Addresses') or change the 'Service' port you use for the VPN or HTTPS access. An additional IP address is the "standard" solution.

ok. but now I have the dnat rule 443 configured for my owa and no additional address and both works fine...strange
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 16 years ago in reply to gnomme

Wow! Maybe Astaro is doing some magic. Can you confirm that the 'Port' in 'Server settings' on the 'Settings' tab of 'Remote Access >> SSL' is 443?
Cancel
Vote Up 0 Vote Down

Cancel
0 gnomme over 16 years ago in reply to BAlfson

Wow! Maybe Astaro is doing some magic. Can you confirm that the 'Port' in 'Server settings' on the 'Settings' tab of 'Remote Access >> SSL' is 443?

no...I change it to 444. But first it doesn't worked. Onde hour later it tested and it works fine
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 gnomme over 16 years ago in reply to BAlfson

Wow! Maybe Astaro is doing some magic. Can you confirm that the 'Port' in 'Server settings' on the 'Settings' tab of 'Remote Access >> SSL' is 443?

no...I change it to 444. But first it doesn't worked. Onde hour later it tested and it works fine
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 16 years ago in reply to gnomme

It wasn't the Astaro progammers who were doing magic, it was gnomme! That's the right answer.

Thanks - Bob
Cancel
Vote Up 0 Vote Down

Cancel