You are here
Tom - Fri, 2015/01/23 - 06:54
Hi All.
I've recently deployed the Turnkey OpenVPN server to AWS from the Turnkey hub. I ran the shortcut scripts to create a user and profile, which worked well. I can make a connection from my Yosemite Macbook using the Tunnelblick client, and I can ping the IP address of the interface I added to this server that connects to an internal subnet that I use for management. Next step would be to configure routing and other features of OpenVPN, but I can't find the OpenVPN management web interface and port. OpenVPN's manual places this at :943/admin but this doesn't seem to work, and I haven't found anything poking around in the configs or in the Turnkey docs. Does anyone know what the /admin port is?
Thanks
-Tom
Forum:
TBH I'm not sure...
But from the build code (specifically that's the makefile) it opens ports 80 and 443 (i.e. default http/https). Have you checked them?
Yep, I've checked.
Hi Jeremy. Yes, I've checked them. 80 has a rewrite rule to 443, and 443 presents the Turnkey webmin interface (where you choose between opening Webmin or the web shell console.) with some links to OpenVPN clients and documentation. On either of those ports, going to /admin presents a 404. Further, exploring /var/www/openvpn/htdocs, which is where I understand the openVPN admin is supposed to be, reveals that index.html is actually the aforementioned Webmin page. Is it possible the OpenVPN admin gets clobbered by the Turnkey build? (thanks for the link to the build code, btw. I've never looked at it.) The URL is vpnr1.fieldlinguistics.org, if you'd like to try it.
My next step is going to be a ground-up install of openVPN just to see what it normally looks like and so I can make a comparision.
Ok, I've done some digging...
Thanks for bearing with me on that one... Now I've just set up an instance of the TKL OpenVPN appliance and can definitely confirm that there is no OpenVPN WebUI. It seems that there is nothing listening on 943 (or any other port (barring the ones you'd expect: SSH, HTTP/S, OpenVPN, Webmin & Webshell). I also had a look at the webserver (LigHTTPd in the case of this appliance) just to make sure that is was configured but just not enabled - no joy there either...
Then to google... And there is plenty of discussion about the 'OpenVPN Access Server Admin UI' (which as you mentioned is apparently available via port 943...). After much digging, searching and reading I have come to this conclusion (I'm not saying that this is definitive, just how it looks from what I've read - please feel free to correct me if you find info that differs...)
It seems that the 'OpenVPN Access Server' != 'OpenVPN Server'. The OpenVPN 'Access Server' is proprietary (i.e. non-free in both senses of 'free' - see pricing) full server config (available as software or as a pre-built appliance). It includes OpenVPN 'community version' but has more software and features (which from what I can gather are all proprietary) including the Admin WebUI you are after...
So it looks like you are fresh out of luck at this point...
FWIW from my reading, the TurnKey provide scripts do do a lot of the work that is provided by the Admin UI and there is also apparently a (commandline) interface (called the Management Interface - although I haven't tested it nor confirmed that it even works OOTB on the TKL OpenVPN appliance). Also in my travels I did find an opensource OpenVPN Admin WebUI on SourceForge but it is tagged as beta and appears to be abandonware (last release: 2013 - last answered SF forum post: 2011)
But the difference is only a single word!!!
Holy cow you are correct. I've conflated two completely different applications. After I installed the Turnkey OpenVPN I googled "OpenVPN", found the Open VPN Access Server, and printed sys admin guide, never having a clue that it wasn't the same. The document actually has an OpenVPN logo on it, probably because the company is named OpenVPN Technologies. That went right over my head as well.
Anyway, thank you so much for clearing this up Jeremy. I'm fine scripting the remaining config that I want from TKL OpenVPN, though I have to say, the help message is daunting. There's gonna be a slight learning curve. I really appreciate the work you put into figuring this out.
-Tom
They are both produced by 'OpenVPN' company
So they have the software (OpenVPN) which is free, open source software; then they have their proprietary product (OpenVPN Access Server) which includes lots more bells and whistles. They are both OpenVPN products hence why they both have the logo.
Actually it's a pretty standard business model in the open source world. I.e. a 'community' open source version and a proprietary 'premium' version. Personally I think that they could do a better job making it totally clear that's what is going on though... Even just something as simple as a comparison chart would make it crystal clear...
PS if you build anything useful that you think may add value to the TurnKey appliance please feel free to share! :)
You are most welcome Hank! :)
Add new comment