DaveG's picture

Hey,

I have recently set up an OpenVPN in a VM on my network and all is working well from the connection side.

However for the moment I am having to manually download the certs via the webmin control panel, which is particularly annoying when setting up on mobile.

I have looked in to the addprofile command to generate a download link, this appears to work and spits out a url like this

https://myexternaldomain.com
server/profiles/somereallylongstring

Firstly, I assume this is supposed to be one long URL, in the terminal it appears as above on two lines with no "/" after the domain, so I have tried https://myexternaldomain.com/server/profiles/somereallylongstring  (wtih port 80 forwarded to my vpn's IP) but it does not work, I have also tried replacing the external domain with my external IP, internal IP and internal domain but none work.

I'm wondering if the webmin interface running on port 80 is interfering with the set up of these links or am I missing something?

 

Forum: 
Tags: 
Jeremy Davis's picture

Webmin should be running on port 12321 (via https). Depending on how you have configured Webmin to run on port 80, that would likely cause this issue.

Only one application can use each port. So if you have Webmin running on port 80, then the default LigHTTPD process (which provides the URL that the script should be giving) won't be able to do it's magic to generate the URL on the fly.

TBH, I'm not really sure why you are getting the URL split over multiple lines, but no one else has reported this issue (at least not to me), so I'm guessing that it's something specific to your setup. Also considering that our current OpenVPN appliance is getting a bit long in the tooth and overdue for an update, it seems especially likely that it's something that your specific circumstance has broken. Alternatively, it is possible that perhaps a recent auto update has broken something?

It's also worth noting that Webmin should really be running via HTTPS. Using it via plain HTTP is a security risk (as anyone can intercept the traffic and read you password, etc).

DaveG's picture

Sorry, slight mistake on my part, webmin itself is running on https / 12321. On port 80 I get a static turnkey titled page with the link to webmin and the webshell as well as some docs.

DaveG's picture

Ok, so just been playing and have managed to resolve this, although there may still be a bug somewhere.

As mentioned the command had been outputting over two lines:

URL: https://mydomain.com
server/profiles/somecode

I had just been assuming a line break had been inserted and was combining these two lines as https://mydomain.com/server/profiles/somecode. It turns out that "server" is supposed to be subbed for the line above not appened, as on a hunch I tried just https://mydomain.com/profiles/somecode and sure enough it worked, providing the qr code and download link

Not sure if "server" was supposed to have been auto replaced by the script with the correct host/ip or if it's intened to show like that and I just misunderstood, though if the later it could be made clearer.

Either way I'm good to go now.

Thanks
Dave

 

Jeremy Davis's picture

I'm really glad to hear that you managed to work it out, but it certainly doesn't sounds ideal.

So I've actually had a look at the adduser script (which I should have done sooner, rather than telling you no one else reported so it's probably not an issue, sorry about that...). So as it turns out, looking at the commit history of that file, it appears that someone else has tweaked that file since the last appliance update. I suspect that the change was in an effort to resolve the issue that you noticed. Unfortunately, for some reason, I didn't rebuild the appliance, I just accepted the changes. Looking closer at the commit messages though, it does note removing a line break?!

However, I'm not sure if it's actually fixing the full issue as my reading suggests that it would likely be returning something like this:

URL: https://mydomain.com/server/profiles/somecode

But as you note, that's not the correct path!

I should test it myself and will when we do the v16.0 updated rebuild - but I'm not sure when that will be. In the meantime, if you're open to testing the tweaked script, please download the updated version like this:

FILE=var/www/openvpn/bin/addprofile
URL=https://raw.githubusercontent.com/turnkeylinux-apps/openvpn/master/overlay/$FILE

wget -O /$FILE $URL

That should download the updated script over the top of the original one. You should then be able to re-run it just the same as you have before. You don't need to do antyhing beyond running the script, checking the URL works within the browser and letting me know.

Thanks tons if you do get a chance to do that. Even if you don't though, thanks anyway for posting regardless. Letting us know about the sub-par experience helps us make TurnKey better!

DaveG's picture

Yep, ran those commands and tried again and now the script does indeed spit out the full correct url on one line.

Many thanks for the fix.

 

 

 

Jeremy Davis's picture

Thanks so much for confirming the fix. It's likely irrelevant to you, but it's be included in the next update of our OpenVPN appliance.

Add new comment