[SOLVED] Hitting Proxmox Web GUI over VPN

A

adamb

Famous Member
Proxmox Subscriber
Mar 1, 2012
1,329
77
113
This is a interesting issue. Up until about a month ago this has worked.

Basic routing and firewall rules are still the same. I can traceroute to the hosts and I can see port 8006 open via zenmap on a VPN device.

Tcpdumping the traffic that looks good as well.

It feels like a TLS/Browser issue of some sort.

IE: Can't connect securely to this page
Chrome: This can't be reached
Firefox: Secure Connection failed

Web GUI's work as expected while on a LAN connection. Disabling our ESET AV/Firewall doesn't make a difference either.

Has anyone seen anything like this before?
 
Last edited:
adamb said:
Has anyone seen anything like this before?
Click to expand...
hm - not really - but if things seem working on the IP/TCP level - but not in the browser the steps for debugging in-between would be:
* `openssl s_client -connect <pve.ip.in.vpn>:8006`
* `curl -v https://<pve.ip.in.vpn>:8006`

that way you can compare the responses and certificates for any potential mismatch

on a hunch - I'd guess some middle-box (maybe the VPN endpoint) is doing ssl-interception... - but that's just a wild guess

I hope this helps!
 
Stoiko Ivanov said:
hm - not really - but if things seem working on the IP/TCP level - but not in the browser the steps for debugging in-between would be:
* `openssl s_client -connect <pve.ip.in.vpn>:8006`
* `curl -v https://<pve.ip.in.vpn>:8006`

that way you can compare the responses and certificates for any potential mismatch

on a hunch - I'd guess some middle-box (maybe the VPN endpoint) is doing ssl-interception... - but that's just a wild guess

I hope this helps!
Click to expand...
Appreciate the input. Curl and openssl look good to me.

If I use the -k switch with curl it appears I get all the way to the login prompt.

This is something browser specific.

The openvpn server is just a simple setup running on a CentOS7 VM.
 
adamb said:
This is something browser specific.
Click to expand...
anything shown in the developer tools? (js console or the network tab)?

also - try with a fresh installed browser - maybe it's some extension?
 
Stoiko Ivanov said:
anything shown in the developer tools? (js console or the network tab)?

also - try with a fresh installed browser - maybe it's some extension?
Click to expand...

Sigh, I thought I had ESET totally disabled, but I left SSL filtering enabled. It was that. It was the first thing I checked this morning and not sure how I missed it. I appreciate all the input either way!
 
  • Like
Reactions: datschlatscher and Stoiko Ivanov
Thanks for reporting back with the solution and marking the thread as SOLVED :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back