[SOLVED] Hitting Proxmox Web GUI over VPN

adamb

Renowned Member
Mar 1, 2012
1,209
52
68
This is a interesting issue. Up until about a month ago this has worked.

Basic routing and firewall rules are still the same. I can traceroute to the hosts and I can see port 8006 open via zenmap on a VPN device.

Tcpdumping the traffic that looks good as well.

It feels like a TLS/Browser issue of some sort.

IE: Can't connect securely to this page
Chrome: This can't be reached
Firefox: Secure Connection failed

Web GUI's work as expected while on a LAN connection. Disabling our ESET AV/Firewall doesn't make a difference either.

Has anyone seen anything like this before?
 
Last edited:

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,949
1,073
164
Has anyone seen anything like this before?
hm - not really - but if things seem working on the IP/TCP level - but not in the browser the steps for debugging in-between would be:
* `openssl s_client -connect <pve.ip.in.vpn>:8006`
* `curl -v https://<pve.ip.in.vpn>:8006`

that way you can compare the responses and certificates for any potential mismatch

on a hunch - I'd guess some middle-box (maybe the VPN endpoint) is doing ssl-interception... - but that's just a wild guess

I hope this helps!
 

adamb

Renowned Member
Mar 1, 2012
1,209
52
68
hm - not really - but if things seem working on the IP/TCP level - but not in the browser the steps for debugging in-between would be:
* `openssl s_client -connect <pve.ip.in.vpn>:8006`
* `curl -v https://<pve.ip.in.vpn>:8006`

that way you can compare the responses and certificates for any potential mismatch

on a hunch - I'd guess some middle-box (maybe the VPN endpoint) is doing ssl-interception... - but that's just a wild guess

I hope this helps!
Appreciate the input. Curl and openssl look good to me.

If I use the -k switch with curl it appears I get all the way to the login prompt.

This is something browser specific.

The openvpn server is just a simple setup running on a CentOS7 VM.
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,949
1,073
164
This is something browser specific.
anything shown in the developer tools? (js console or the network tab)?

also - try with a fresh installed browser - maybe it's some extension?
 

adamb

Renowned Member
Mar 1, 2012
1,209
52
68
anything shown in the developer tools? (js console or the network tab)?

also - try with a fresh installed browser - maybe it's some extension?

Sigh, I thought I had ESET totally disabled, but I left SSL filtering enabled. It was that. It was the first thing I checked this morning and not sure how I missed it. I appreciate all the input either way!
 

Stoiko Ivanov

Proxmox Staff Member
Staff member
May 2, 2018
6,949
1,073
164
Thanks for reporting back with the solution and marking the thread as SOLVED :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!