[SOLVED] Hitting Proxmox Web GUI over VPN

A

adamb

Famous Member
Proxmox Subscriber
Mar 1, 2012
1,329
77
113
This is a interesting issue. Up until about a month ago this has worked.

Basic routing and firewall rules are still the same. I can traceroute to the hosts and I can see port 8006 open via zenmap on a VPN device.

Tcpdumping the traffic that looks good as well.

It feels like a TLS/Browser issue of some sort.

IE: Can't connect securely to this page
Chrome: This can't be reached
Firefox: Secure Connection failed

Web GUI's work as expected while on a LAN connection. Disabling our ESET AV/Firewall doesn't make a difference either.

Has anyone seen anything like this before?
 
Last edited:
adamb said:
Has anyone seen anything like this before?
Click to expand...
hm - not really - but if things seem working on the IP/TCP level - but not in the browser the steps for debugging in-between would be:
* `openssl s_client -connect <pve.ip.in.vpn>:8006`
* `curl -v https://<pve.ip.in.vpn>:8006`

that way you can compare the responses and certificates for any potential mismatch

on a hunch - I'd guess some middle-box (maybe the VPN endpoint) is doing ssl-interception... - but that's just a wild guess

I hope this helps!
 
Stoiko Ivanov said:
hm - not really - but if things seem working on the IP/TCP level - but not in the browser the steps for debugging in-between would be:
* `openssl s_client -connect <pve.ip.in.vpn>:8006`
* `curl -v https://<pve.ip.in.vpn>:8006`

that way you can compare the responses and certificates for any potential mismatch

on a hunch - I'd guess some middle-box (maybe the VPN endpoint) is doing ssl-interception... - but that's just a wild guess

I hope this helps!
Click to expand...
Appreciate the input. Curl and openssl look good to me.

If I use the -k switch with curl it appears I get all the way to the login prompt.

This is something browser specific.

The openvpn server is just a simple setup running on a CentOS7 VM.
 
adamb said:
This is something browser specific.
Click to expand...
anything shown in the developer tools? (js console or the network tab)?

also - try with a fresh installed browser - maybe it's some extension?
 
Stoiko Ivanov said:
anything shown in the developer tools? (js console or the network tab)?

also - try with a fresh installed browser - maybe it's some extension?
Click to expand...

Sigh, I thought I had ESET totally disabled, but I left SSL filtering enabled. It was that. It was the first thing I checked this morning and not sure how I missed it. I appreciate all the input either way!
 
  • Like
Reactions: datschlatscher and Stoiko Ivanov
Thanks for reporting back with the solution and marking the thread as SOLVED :)
 
You must log in or register to reply here.
Top Bottom