Hi,
I’m still struggling to have a fully functional nethserver installed on a remote VPS or dedicated server with public IP. I’m thinking the problem lies with the configuration of the network but I’m unable to figure out what I need to do.
I’ve tried this with both a VPS in a KVM environment and on a dedicated server from OHV to make sure it was not specific to that network/machine. In both i face the same issues.
First thing i notice is that I am unable to issue a letsencrypt certificate through the webgui, I’ve had to do it manually and import the certificate to the correct folder through shell. I keep getting the same error:
Failed authorization procedure. nethserver.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://nethserver.mydomain.com.well-known/acme-challenge/x7h7iY1Db0Puw2bsn6Y8AoOjYBbLYjLEsUW1qu4gxfI: Timeout
I then tried to configure transparent proxy server but, altough the clients are able to connect, there is no internet traffic going through as it’s getting blocked for some reason?when i tail the log i see this:
1497275428.680 0 176.185.23.20 TCP_DENIED/403 4063 CONNECT community.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
1497275430.680 0 176.185.23.20 TCP_DENIED/403 4063 CONNECT community.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
1497275432.679 0 176.185.23.20 TCP_DENIED/403 4063 CONNECTcommunity.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
1497275433.678 0 176.185.23.20 TCP_DENIED/403 4087 CONNECT community.nethserver.org:443 - HIER_NONE/- text/html
1497275434.678 0 176.185.23.20 TCP_DENIED/403 4063 CONNECT community.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
1497275435.002 0 176.185.23.20 TCP_DENIED/403 4036 CONNECT 127.0.0.1:59243 - HIER_NONE/- text/html
1497275436.680 0 176.185.23.20 TCP_DENIED/403 4063 CONNECT community.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
1497275437.630 1 176.185.23.20 TCP_DENIED/403 5420 POST http://community.nethserver.org/message-bus/a9be173714d54eea8eac682eaecec493/poll? - HIER_NONE/- text/html
1497275438.680 0 176.185.23.20 TCP_DENIED/403 4063 CONNECT community.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
1497275440.680 0 176.185.23.20 TCP_DENIED/403 4063 CONNECT community.nethserver.org/t/cant-get-web-proxy-to-work/6890:443 - HIER_NONE/- text/html
I also have the same issue with the VPN server. I’ve created a client, enabled roadwarrior server routing all traffic through vpn and downloaded the client certificate. Although it connects without any problem, I can’t access the internet. when i tail /var/log/messages I get a lot of “martian sources”:
Jun 17 14:13:23 neth kernel: ll header: 00000000: ff ff ff ff ff ff 0c c4 7a b5 38 c3 08 06 …z.8…
Jun 17 14:13:58 neth kernel: IPv4: martian source 152.789.345.87 from 127.0.0.1, on dev ens3
Jun 17 14:13:58 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:13:59 neth kernel: IPv4: martian source 152.789.345.87 from 127.0.0.1, on dev ens3
Jun 17 14:13:59 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:14:00 neth kernel: IPv4: martian source 152.789.345.87 from 127.0.0.1, on dev ens3
Jun 17 14:14:00 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:14:56 neth kernel: IPv4: martian source 152.789.345.4 from 127.0.0.1, on dev ens3
Jun 17 14:14:56 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:14:57 neth kernel: IPv4: martian source 152.789.345.4 from 127.0.0.1, on dev ens3
Jun 17 14:14:57 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:15:05 neth kernel: IPv4: martian source 152.789.345.4 from 127.0.0.1, on dev ens3
Jun 17 14:15:05 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:15:06 neth kernel: IPv4: martian source 121.149.345.9 from 127.0.0.1, on dev ens3
Jun 17 14:15:06 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:15:07 neth kernel: IPv4: martian source 89.74.208.3 from 127.0.0.1, on dev ens3
Jun 17 14:15:07 neth kernel: ll header: 00000000: ff ff ff ff ff ff 00 25 90 47 aa 22 08 06 …%.G."…
Jun 17 14:15:08 neth kernel: IPv4: martian source 126.190.251.6 from 127.0.0.1, on dev ens3
Jun 17 14:15:08 neth kernel: ll header: 00000000: ff ff ff ff ff ff 0c c4 7a b5 38 c3 08 06 …z.8…
The network interface is configured green, as per the install instructions.
Another thing that worries me is that in trusted networks, it assumes the entire shared network where the VPS is sitting as trusted, which i think may be a security risk from an attack coming from another VPS in the same network. Any way to restrict this? I’m unable to edit the default trusted network config.
Any help would be much appreciated and thanks in advance.