Koozali.org: home of the SME Server

[SOLVED] SoftEther VPN Installed but ...

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #15 on: February 27, 2017, 01:59:40 PM »
please, post the result of:
netstat -napt | grep 443
# netstat -napt | grep 443
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      2708/vpnserver

Quote
it seems that another service is using TCP 443 and so apache can't run.
if it is the case, stop etherVPN and restart apache
When I get my next break.

Quote
other that start planning migration to SME9, you'd tell us why you need etherVPN.. maybe we'd find another way to achieve your aims..
Installed SoftEtherVPN because currently using PPTP for VPN but:
1) PPTP is fragile, especially over mobile phone networks, and frequently dropping out
2) PPTP is more vulnerable to attack than OpenVPN or SoftEtherVPN
3) OpenVPN seems to have stalled.

HTH

Offline Stefano

  • *
  • 10,874
  • +3/-0
Re: SoftEther VPN Installed but ...
« Reply #16 on: February 27, 2017, 03:12:28 PM »
# netstat -napt | grep 443
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      2708/vpnserver

ok, etherVPN is using 443, so apache won't run at aell
config, if you can (I don't use and don't know anything about etherVPN), etherVPN to use another port

Quote
Installed SoftEtherVPN because currently using PPTP for VPN but:
1) PPTP is fragile, especially over mobile phone networks, and frequently dropping out
2) PPTP is more vulnerable to attack than OpenVPN or SoftEtherVPN
3) OpenVPN seems to have stalled.

HTH

please.. define "stalled".. openvpn is the way to go if you want an easy integration, security and a setup and forget service

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #17 on: February 28, 2017, 10:12:43 AM »
In the back of beyond at the moment, and can't get into server to adjust settings, so I have been doing some re-reading. Perhaps I should have done it earlier! Like all problems, it seems now that the answer is glaringly obvious, once you have seen it.

I hope the answer is a slight adjustment to the settings to the server. Have a look at the HOWTO page ( https://wiki.contribs.org/SoftEther_VPN ) and scroll down to the image for "Create Local Bridge". My next move will be to play with the "Management of Listeners" panel in the middle left of the screen. It looks as though I have the opportunity to adjust or disable the ports on which it listens. More when I've had a play.

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
[SOLVED] Re: SoftEther VPN Installed but ...
« Reply #18 on: March 01, 2017, 01:14:54 AM »
Yes, it was that simple. Stopping the SoftEtherVPN from listening on port 443 re-enabled the SME Apache server instantly. No reboot was necessary. BUT the port stays stopped even after a reboot.

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #19 on: March 01, 2017, 11:23:49 PM »
Couple of points....

You really need to get to v9 whatever the cost. v8 goes end of life within weeks.

I am not sure about your hardware - in part it depends on Redhat Compatibility and in part how many users you have. There is plenty of cheap and powerful secondhand gear about. Make friends with a local IT recycler and see what deals you can grab.

VPN. Openvpn routed with PHPKI to generate your own certificates is very easy and very stable.

https://wiki.contribs.org/OpenVPN_Routed

You could also possibly look at Ipsec as that is supported by default in Android on recent versions

Both of them are pretty straightforward to install and use straight from repos.

HTH.

B. Rgds
John
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Jean-Philippe Pialasse

  • *
  • 2,841
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #20 on: March 02, 2017, 04:59:37 AM »
I second for the migration to SME9

However I must note that softehrnet is a promising piece of software compared to other vpn we currently have. Why? Simply because it handle multiple protocols. Also it seems to work trhough a https SSL tunnel, which defy most of available firewall. Believe me I have been testing to connect to my server trought a numerous sites with firewall that will not let pass any ssh, openvpn, filter port, filter protocols.

THe only vpn I was able to use everytime was a simple cisco vpn using port 443.

the problem remaining here is that it prevents our server to be a normal https webserver. We have however some alternative that might be possible : http://www.vpntutorials.com/tutorials/openvpn-sharing-a-port-with-a-webserver-on-port-80-443/ maybe softethernet can offer similar solutions !

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #21 on: March 02, 2017, 11:05:48 AM »
OK. Diatribe at the "dedicated followers of fashion", otherwise known as the "Constant Upgrade" merchants. First of all it started as Microsoft FUD (Fear, Uncertainty and Doubt) to feed their profits, and it has been taken up by far too many as "the way things ought to be". Every iteration of the Constant Upgrade cycle requires both new software and new hardware. Everybody profits except the poor lag (lag is a slang term for a prisoner) on the end of the chain who has to fork out for it all. What benefit does SME9 bring to the end user over SME8? Apart from avoiding the poisonous FUD? As for the idea spouted earlier that SME9 has support for the next decade ... EOL of 20 Nov 2020 is not a decade away (not even half a decade away) unless IT professionals count dates differently from the rest of us. Given the changes required and the relatively short time before the same people will want to be chasing me off SME9, I am seriously thinking of skipping SME9 altogether and waiting for SME10 to go stable.

It will be quite clear that I haven't slavishly followed Microsoft to Win10, either. One of the reasons for opting for SoftetherVPN over OpenVPN is the wider range of Windows clients that are supported. I have not suffered, except where programmers have deliberately set out to make their programs inoperable on previous versions of Windows, largely by unthinkingly grabbing Microsoft's latest and greatest compiler which of course has those attributes deliberately built in. As with most private set-ups, my biggest risk is actually my router which hasn't seen a software upgrade since the thing was manufactured. Neither have any others. And that is the start of a rant about the absolute stupidity of the IoT (Internet of Things) which I will save for another day.

If there is plenty of good quality relatively new hardware around, I must live in a different part of the planet from that author. It has dried up, companies are not replacing stuff unless it is broken. Surprisingly, Microsoft didn't force the hardware market with their compulsory upgrade to Win10 so no one bought new to cope with it. Therefore whatever the market has round here at present is rubbish, and there isn't much of that either. The IT recyclers that I used to trade with regularly have all gone out of business. Those that remain try to survive on overpriced peripherals, not on main box computing grunt.

Sorry the anger overflowed a bit, but please ... when I ask for help on a problem, that is the problem that I want help with. However well meaning, the paternalistic advice to solve instead a whole series of different (and bigger) problems did not address my immediate difficulty.

My greatest thanks go to the suggestor of:
 netstat -napt | grep 443


Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #22 on: March 02, 2017, 01:16:19 PM »
OK,

I suggest you temper your anger with a bit of a reality check.

People are trying to save you from yourself, not make a fool of you.

You said you were on v8.x - not us. We always try and remind people that v8 goes EOL on 31 March 2017 because the RHEL/CentOS 5 base does.

https://access.redhat.com/support/policy/updates/errata/

If you want to continue running a unsupported, and in time, potentially insecure OS then that is your prerogative, but don't expect help when you have an issue. It's not FUD, but fact. Yes v8 will run until the end of the universe. So will DOS, Windows 3.x, 95, 98, 2000, XP..... But is it secure ? If it is connected to the outside world with your company data on it, is that a wise idea? What happens if your hardware blows and you can't get a suitable replacement hardware to run it?

v9 was released 06/2014 some 4 years after RHEL/CentOS 6. That can hardly be called rushing. We are not 'dedicated followers of fashion' - that's the first time I have ever heard Koozali SME called that - most complain that we are too far behind the times. It has a 10 year support plan and goes EOL in 2020. Not our choice but RHEL. Also not our choice to have backup/restore instead of in place upgrade. Again, that is an upstream decision.

The benefit of v9 over v8 is that it is supported with updates. Simples.

By all means wait for v10, but be aware there is absolutely no timescale for release. Obviously it will happen faster if people like yourself got involved in testing etc...... but don't just sit there and wait for everyone else to do something. We are all volunteers, and all have day jobs.

Hardware. You mentioned the hardware you were running, not us. I merely passed comment. You live in exactly the same country that I used to from the looks of things, and where our company is still based.

You don't even need 'relatively new' if you are trying to replace a Celeron 733Mhz with 512mb RAM. Exactly how old is that ?

I have 2 x 32U racks, one in my UK office and one where I live abroad, both full of 2nd hand kit. The only things I have bought new are a PoE switch and a few routers. I have built this up slowly from a couple of simple desktop PCs come servers that I started with. All the rest I have bought off ebay or recyclers. It has cost 2/5ths of nothing in reality.

You can buy a DL380 G5 for around £100 on ebay. Fill it with some drives and you are away. You don't have to do that overnight, but start somewhere. ML310 G3/G4/G5 ? I have a ML350G2 someone GAVE me that I use as a backup box with a 6 drive RAID array - I bought a pile of 2/h 320GB SCSI drives for pennies so I have a hot spare, plus several cold ones on the shelf. I could easily use it as our main server...... But the point is it cost me less than buying a new desktop machine. Battery backed cache for a RAID card ? I bought new batteries off Farnell for about £1.50 each, split the case and soldered them in. A damn sight cheaper than buying a new battery pack and works perfectly. There is stuff out there. You might just have to hunt a bit to get a good deal. Ultimately your business depends on this stuff. It might cost time and money to upgrade stuff, but it's a long term benefit to the business.

No, this is not about your immediate issues, but from the things that you mentioned we realise that you are potentially going to have some in the near future.

So, in essence we are commenting on things that you have said and have tried to give you the benefit of our knowledge and experience, not take you to pieces or make a fool of you. Please take it in the spirit it was offered.

Rgds
John
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Stefano

  • *
  • 10,874
  • +3/-0
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #23 on: March 02, 2017, 04:04:16 PM »
OK. Diatribe at the "dedicated followers of fashion", otherwise known as the "Constant Upgrade" merchants.
]zac[
no diatribe, no FUD
your O.S. is going EOL, that means that it will likely become unsure..
we suggest to you to keep it updated and secure.. it's a good thing for you, isn't it? :-)

Quote
My greatest thanks go to the suggestor of:
 netstat -napt | grep 443

thank you.. you're more than welcome..
feel free to participate in SME's development.. we need man power

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #24 on: April 01, 2017, 05:28:37 PM »
I suggest you temper your anger with a bit of a reality check.
And I suggest you answer the questions that I actually asked, instead of the questions you wanted to answer.

<snip>...</snip>

No, this is not about your immediate issues,
which is what I asked about
but from the things that you mentioned we realise that you are potentially going to have some in the near future.
and you couldn't hold back from lecturing me.

I don't think I will be volunteering. Your philosophy and mine are clearly incompatible. I won't be asking for any more help here either, whatever version I may or may not be using in the future.

Offline Stefano

  • *
  • 10,874
  • +3/-0
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #25 on: April 01, 2017, 05:44:12 PM »
And I suggest you answer the questions that I actually asked, instead of the questions you wanted to answer.


actually, you had the answers you need and you had some good advices too
If you ask me "is it the right direction to the place I want to reach?" I can answer you "yes, of course" or "you'd better turn to the right", but I'd add "pay attention not to go too fast, the road is full of holes"
the second part is not an answer to your question, but a good advice, isn't it?

Quote
I don't think I will be volunteering. Your philosophy and mine are clearly incompatible. I won't be asking for any more help here either, whatever version I may or may not be using in the future.

that's a pity, indeed..
may I suggest everybody to reset and start again? :-)

Offline ReetP

  • *
  • 3,853
  • +5/-0
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #26 on: April 01, 2017, 11:00:34 PM »
And I suggest you answer the questions that I actually asked, instead of the questions you wanted to answer.

No, I tried to offer some friendly advice.

"Please take it in the spirit it was offered."

Quote
which is what I asked aboutand you couldn't hold back from lecturing me.

As above. It was friendly advice, not lecturing. We have been trying to warn people about v8 going EOL for their own security as many are not aware of, and do not understand, the consequences. You have not been singled out for being attacked, so don't take things personally.

Quote
I don't think I will be volunteering. Your philosophy and mine are clearly incompatible. I won't be asking for any more help here either, whatever version I may or may not be using in the future.

Yup, normal story. Lots of take and precious little give. And probably with a philosophy like yours you won't be getting much help if all you are going to do is pour scorn on what were well meant comments.

I'm sure you enjoy the fruits of those who labour long and hard in their spare time to build your Koozali SME server for nothing, and you to use for nothing. You probably even enjoy some of the code that I wrote. So please, bear that in mind before you comment. Don't bite the hand that feeds you.

By ignoring the advice to upgrade you are undoubtedly making a rod for your own back. As we tried to point out, v8 has been in production a long long time, and as of today is no longer supported. You can make your own choices as to whether you remain on it, but just bear in mind that you will not get any assistance with it from now on. Regardless of whether v9 will run on your hardware, which is not our fault, it is still sound advice.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

guest22

Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #27 on: April 01, 2017, 11:27:25 PM »
I won't be asking for any more help here either, whatever version I may or may not be using in the future.

You can do whatever you want with your current or future issues. They are yours after all, so please do not blame us for your issues.

Offline DanB35

  • ****
  • 764
  • +0/-0
    • http://www.familybrown.org
Re: [SOLVED] SoftEther VPN Installed but ...
« Reply #28 on: April 02, 2017, 03:07:51 AM »
And I suggest you answer the questions that I actually asked, instead of the questions you wanted to answer.
So you come back to the thread, a month later, to rant at the people who were and are trying to help you (and also, BTW, solved your immediate question)?  Really?

It is unreasonable to expect, on any Internet forum, that responses to your questions will be strictly limited to the questions as presented.  I'm active on a number of forums, covering quite a variety of topics, and there isn't one where your expectation is anything close to the reality.  Responses to questions will address related issues--deal with it.  You don't own the threads you create, and you don't get to dictate what subjects are and are not acceptable to discuss there.

As to this particular issue, we're making the recommendation solely for your benefit--it isn't like any of us sees a financial benefit from your upgrading.  Security vulnerabilities against the CentOS 5 packages will be discovered.  They will not be fixed.  The security of your system will therefore be compromised.  These are not mere remote possibilities; they are certainties.  The only uncertainties are time and severity.

But by all means, it's your server.  Do with it what seems best to you, even if it's contrary to the recommendations of those who build and maintain the software it runs.  But don't expect that anyone will be able to offer much help if you continue on your present course.
......