Koozali.org: home of the SME Server

[SOLVED] SoftEther VPN Installed but ...

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
[SOLVED] SoftEther VPN Installed but ...
« on: February 26, 2017, 04:29:56 PM »
Please forgive a Windows refugee asking stupid.

I followed Oliver Beeckmans' HOWTO as far as completing 4.5. I have not attempted 4.6 or later. I have an unexpected problem or two. I am running SME 8.2 because it works for me, and I have no truck with the "constant upgrade" business model of Microsoft and others. SME Server appears to be running most services OK

Problem 1: I now cannot use any web access to SME. Using verious browsers it seems that SoftEther has either a) interefered with the certificate used by Apache*, or b) has stopped Apache and is answering https calls itself. Either way no connection to the control pages, webmail etc. Using Putty for an admin connection and attempting to use ELinks gives a similar response: nothing here for you! Any thoughts on how I should rescue would be very welcome, please.
* And substituted one for vpn??????.softether.net

Problem 2: From the above, I wish to stop the Dynamic DNS function. I press the button and it tells me to get my hands dirty and edit the conf file. No problem in theory, but where is it? I am unfamiliar with the operation of switches for the LS command, could someone give me a nudge in the right direction, please? [DIR on the other hand ...]

Many thanks.
« Last Edit: March 01, 2017, 01:16:13 AM by Did I Really Try That? »

guest22

Re: SoftEther VPN Installed but ...
« Reply #1 on: February 26, 2017, 09:08:34 PM »

Hi and welcome!

I am running SME 8.2 because it works for me, and I have no truck with the "constant upgrade" business model of Microsoft and others. SME Server appears to be running most services OK


SME Sever 8.2 is virtually EOL and will no longer supported. Please upgrade or start you journey with SME Server 9.x which will be supported for the next decade.


Quote
Problem 1: I now cannot use any web access to SME. Using verious browsers it seems that SoftEther has either a) interefered with the certificate used by Apache*, or b) has stopped Apache and is answering https calls itself. Either way no connection to the control pages, webmail etc. Using Putty for an admin connection and attempting to use ELinks gives a similar response: nothing here for you! Any thoughts on how I should rescue would be very welcome, please.
* And substituted one for vpn??????.softether.net


What do the log files tell you? Is apache running?

Quote
Problem 2: From the above, I wish to stop the Dynamic DNS function. I press the button and it tells me to get my hands dirty and edit the conf file. No problem in theory, but where is it? I am unfamiliar with the operation of switches for the LS command, could someone give me a nudge in the right direction, please? [DIR on the other hand ...]


Which button? What is telling you this?


Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #2 on: February 26, 2017, 10:09:07 PM »

What do the log files tell you? Is apache running?

I can only get to the log files with Nano or similar. Which ones should I be looking for, and where are they? Please give me the directory structure to reach them. From the responses that I get, I doubt that Apache is running.


Which button? What is telling you this?


The button on the Dynamic DNS screen of the SoftEther Connection Control page. The bold title is Manage VPN Server "myserver.domain"



guest22

Re: SoftEther VPN Installed but ...
« Reply #3 on: February 26, 2017, 10:11:19 PM »
I can only get to the log files with Nano or similar. Which ones should I be looking for, and where are they? Please give me the directory structure to reach them. From the responses that I get, I doubt that Apache is running.


service httpd-e-smith status


log files:
/var/log/httpd/error_log
/var/log/messages

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #4 on: February 26, 2017, 11:08:58 PM »
service httpd-e-smith status
# service httpd-e-smith status
down: /service/httpd-e-smith: 1s, want up

I have re-booted the machine a couple of times in the forlorn hope that it would restart.

log files:
/var/log/httpd/error_log
/var/log/messages

/var/log/httpd/error_log is quite repetitive! All the lines below have identical date and time, down to the second. Below is one iteration.
[notice] Graceful restart requested, doing restart
[notice] Digest: generating secret for digest authentication ...
[notice] Digest: done
[notice] SSL FIPS mode disabled
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[warn] RSA server certificate CommonName (CN) `server4.equalfirst.local' does NOT match server n$          [#this and previous line repeated twice]
[warn] Init: SSL server IP/port conflict: dotco:443 (/etc/httpd/conf/httpd.conf:729) vs. equalfi$
[warn] Init: SSL server IP/port conflict: equalfirst.local:443 (/etc/httpd/conf/httpd.conf:597) $
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
[notice] Apache configured -- resuming normal operations
[error] [client 192.168.1.102] (20014)Internal error: proxy: error reading status line from remo$
[error] [client 192.168.1.102] proxy: Error reading from remote server returned by /server-manag$

/var/log/messages has a lot that is OK so all the references to FTP access have been removed.
Towards the end of the log of a reboot there is:
...  ...
Feb 26 13:59:22 server4 kernel: tun: Universal TUN/TAP device driver, 1.6
Feb 26 13:59:22 server4 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Feb 26 13:59:23 server4 smbd[3183]: [2017/02/26 13:59:23.889186,  0] smbd/server.c:1128(main)
Feb 26 13:59:23 server4 smbd[3183]:   standard input is not a socket, assuming -D option
Feb 26 13:59:26 server4 esmith::event[3332]: Processing event: local
Feb 26 13:59:26 server4 esmith::event[3332]: Running event handler: /etc/e-smith/events/actions/generic_template_expand
Feb 26 13:59:26 server4 esmith::event[3332]: expanding /boot/grub/grub.conf
Feb 26 13:59:26 server4 proftpd[3254]: 192.168.1.4 (192.168.1.12[192.168.1.12]) - Preparing to chroot to directory '/home/e$
Feb 26 13:59:27 server4 esmith::event[3332]: expanding /etc/sysconfig/kernel
Feb 26 13:59:28 server4 esmith::event[3332]: generic_template_expand=action|Event|local|Action|generic_template_expand|Star$
Feb 26 13:59:28 server4 esmith::event[3332]: Running event handler: /etc/e-smith/events/local/S50clear-pptp-interfaces
Feb 26 13:59:28 server4 /sbin/e-smith/db[3340]: /home/e-smith/db/configuration: OLD pptpd=service|Interfaces||TCPPort|1723|$
Feb 26 13:59:28 server4 /sbin/e-smith/db[3340]: /home/e-smith/db/configuration: NEW pptpd=service|TCPPort|1723|access|publi$
Feb 26 13:59:28 server4 esmith::event[3332]: S50clear-pptp-interfaces=action|Event|local|Action|S50clear-pptp-interfaces|St$
Feb 26 13:59:28 server4 esmith::event[3332]: Running event handler: /etc/e-smith/events/actions/adjust-services
Feb 26 13:59:29 server4 esmith::event[3332]: adjusting supervised yum (once)
Feb 26 13:59:29 server4 esmith::event[3332]: adjust-services=action|Event|local|Action|adjust-services|Start|1488117568 823$

I hope that is sufficient for starters.

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #5 on: February 26, 2017, 11:15:28 PM »
SME Sever 8.2 is virtually EOL and will no longer supported. Please upgrade or start you journey with SME Server 9.x which will be supported for the next decade.

When I can find a spare hard drive to do the necessary save/back up for the fresh (destructive) install that is required for the "upgrade". With a 6 disk hardware raid system I am not at significant risk of data loss in normal operation.

guest22

Re: SoftEther VPN Installed but ...
« Reply #6 on: February 26, 2017, 11:23:02 PM »
what does 'apchectl -t' tell you?

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #7 on: February 26, 2017, 11:41:18 PM »
what does 'apchectl -t' tell you?

-bash: apchectl: command not found

(That's it for today I'm afraid. Must get my head down for a busy day tomorrow. Thanks for your help so far.)

guest22

Re: SoftEther VPN Installed but ...
« Reply #8 on: February 26, 2017, 11:42:24 PM »
sorry: apachectl -t

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #9 on: February 26, 2017, 11:48:39 PM »

guest22

Re: SoftEther VPN Installed but ...
« Reply #10 on: February 26, 2017, 11:49:15 PM »
So apache should be up and running....

Offline janet

  • ****
  • 4,812
  • +0/-0
Re: SoftEther VPN Installed but ...
« Reply #11 on: February 27, 2017, 12:47:08 AM »
Did I ...

Quote
service httpd-e-smith status
down: /service/httpd-e-smith: 1s, want up
I have re-booted the machine a couple of times in the forlorn hope that it would restart.

what does this show
config show httpd-e-smith


to answer an earlier question
man ls
or google
linux ls command


You appear to be using sme8.2 but the Wiki article refers to installing SoftEther VPN on sme 9, so I wonder if there are some issues/incompatibilities.
Perhaps you should try it on a clean sme9 install, maybe a virtual server.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #12 on: February 27, 2017, 09:51:46 AM »
So apache should be up and running....
Well, to the extent that with various browsers I get a bit more than just time-outs, yes.

Lightning on Android (where with tiny fingers I previously could log on):
net::ERR_EMPTY_RESPONSE

Opera 12:
Argues about the certificate being for ????????.softether.net and not valid. When told to accept the certificate it gives a 404: The requested URL /server-manager/ was not found on this server.

Firefox 10 (which until yesterday was very happy connecting):
(Error code: sec_error_inadequate_cert_type)

Firefox 51 tells me my connection is not secure. When pressed, it tells me that the certificate for ??????.softether.net is self signed. Did I want to make an exception? Then like the Opera 12 I get 404: The requested URL /server-manager/ was not found on this server.

So Apache has become misconfigured.

I am short of spare disk space at present, so the obvious turn it off and re-install is not possible. Any other ways of tackling it?

Offline Did I Really Try That?

  • 13
  • +0/-0
  • Refugee from Windows
Re: SoftEther VPN Installed but ...
« Reply #13 on: February 27, 2017, 10:06:40 AM »
what does this show
config show httpd-e-smith
# config show httpd-e-smith
httpd-e-smith=service
    SSLv2=disabled
    SSLv3=disabled
    TCPPort=80
    access=public
    status=enabled

You appear to be using sme8.2 but the Wiki article refers to installing SoftEther VPN on sme 9, so I wonder if there are some issues/incompatibilities.
Perhaps you should try it on a clean sme9 install, maybe a virtual server.
Yes, I stated that I am using SME8.2, and as previously stated I have insufficient spare disk space for the mandatory back up before the destructive installation of SME9.

Reading the forum posts that led up to the HOWTO it is clear that he had SoftEther working happily on SME8.0. Possibly a false assumption, but as the HOWTO contained no points of difference between 8 and 9, I assumed that it should all drop into place.

Unless SME9 will run on a Celeron 733MHz box with 512 MB RAM (maximum possible supported by motherboard) I have no spare hardware, and I certainly have nothing that will support any type of VM.

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: SoftEther VPN Installed but ...
« Reply #14 on: February 27, 2017, 10:22:44 AM »
Code: [Select]
[warn] RSA server certificate CommonName (CN) `server4.equalfirst.local' does NOT match server n$          [#this and previous line repeated twice]
[warn] Init: SSL server IP/port conflict: dotco:443 (/etc/httpd/conf/httpd.conf:729) vs. equalfi$
[warn] Init: SSL server IP/port conflict: equalfirst.local:443 (/etc/httpd/conf/httpd.conf:597) $
[warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

please, post the result of
Code: [Select]
netstat -napt | grep 443

it seems that another service is using TCP 443 and so apache can't run.
if it is the case, stop etherVPN and restart apache
other that start planning migration to SME9, you'd tell us why you need etherVPN.. maybe we'd find another way to achieve your aims..