-
Cannot provision CA-signed certificate (fixed briefly, currently BROKEN AGAIN [multiple weeks])
thanks yep worked again. hopefully its sorted in a couple months when renewal comes again
-
Cannot provision CA-signed certificate (fixed briefly, currently BROKEN AGAIN [multiple weeks])
mark me up as another with "Server was unable to provision SSL certificate" Assume its been happening a while as my certificate was expired which drew my attention. couldn't get it to renew so tried deleting and provision from scartch but still no go.
-
-
[Support] Linuxserver.io - OpenVPN AS
In case anyone comes up with this in search I wanted to follow up with what I ended up doing. I added a new user with a google authenticator as an admin. Once signed in with that account you can delete the default account named "admin". At that point you're left with an admin account that requires an authenticator to get in. Also there is an option under "Server Network Settings" for Service Forwarding When TCP or Multi-daemon mode is chosen for the VPN Server protocol, the VPN Server can optionally provide access to these services through its IP address and port: and then two options Admin Web Server and Client Web Server. I've unchecked the admin option which I think may cover what I actually wanted but I don't have access to an external connection currently to verify that. Either way I'm happy with admin needing 2 factor at least.
-
[Support] Linuxserver.io - OpenVPN AS
just diving into this docker and I must send a big thanks! This thing is great. After a bit of stumbling I managed to get it up and running and even configured it to take a google authenticator. I'm quite amazed at how quickly I was able to configure it. One thing I would like to lock down and haven't figured out is better securing the admin web interface. Is there anyway to prevent that from being accessible from the outside network? Or force google authenticator for it as well? I'm a huge fan of two factor authentication, but it is rather pointless if the admin interface where you can disable it is accessible with just a name and password. For now I've settled for a ridiculously complex admin password. Ideally you could block the admin interface entirely from outside the network and if you wanted to play with it remotely you could VPN first. But I'm guessing that is going off the same ports/webserver as the interface which lets you download the clients? Am I guessing correctly. On an unrelated note, but in reference to HKR's questions I get the same thing on my self test even now, but actually trying from outside my network I can connect in just fine so you may not want to rely entirely on that for verifying you have things configured correctly.
dasgoot
Members
-
Joined
-
Last visited