Cannot access openVPN Server Web GUI on my Hestia CP server

Hi there.

I’ve got a problem setting up an openVPN Access Server on the same root server as my Hestia CP.

My configuration:

  • Debian 10.7
  • Hestia CP v1.3.2 with Apache/nginx
  • Firewall managed via UFW (outside Hestia CP)
  • Default openVPN Ports 943/tcp and 1194/udp are open
  • 2 IPv4 Adresses (IP-1 on eth0:0 assigned to Hestia, IP-2 on eth0:1 assigned to openVPN)
  • Both IPv4 Adresses are reachable via ping
    (of course IP-1 and IP-2 stand for two regular IPv4 Adresses)

My Issue:

I am not able to open the openVPN Admin Panel in my Web Browser. http://IP-2:943/admin leads to a browser output, that the server is unreachable.

A port scan on IP-2 shows port 1194 open but not port 943.

openVPN is not able to listen on Port 943 - assumed due to a Hestia CP caused configuration which I am unable to locate. openVPN log, Apache Log ans syslog do not show anything abnormal. I assume that it may be somehow caused by Hestia because it works perfectly in other environments (see below).

I tried

  • to disable the firewall entirely: same issue
  • to route both Hestia CP and openVPN to IP-1 with and without adding “Listen 943” to apache’s ports.conf: it shows Hestias Success Page
  • to disable nginx reverse proxy: same issue
  • to use a different custom port for openVPN (e.g. 9443, 9999, 11111 etc): same issue

Running openVPN on a fresh installed server without Hestia but the same firewall and network configuration works perfectly right - even on a Server with Plesk installed and running both apache and nginx as well (…I normally prefer Hestia a thousand times because it gives me more possibilites to control my system).

What can I do to get the openVPN Server running?
Which additional info / logs etc. do you need to be able to help me?

I think there is nothing about it in here yet.

I already spent two days and nights on it and neeeed new inspiration :wink: Thanks girls and guys, hope to hear from you.

M.

Some quick thoughts that come to mind:

  1. Is OpenVPN configured to bind on IP-2 only?
  2. Is the OVPN admin panel served by the OVPN daemon itself or another process? Is that process running? Is it maybe a web server software?
  3. Is there any other process using the 943 port ( netstat -nla | grep 943 )
  4. What about telnet localhost 943 , or telnet IP-2 943 when run on the server?
  5. Could it be that the port scan lead to any block?

Hi Felix.

  1. Yes.
  2. It is served by the daemon itself. No additional webserver.
  3. No. The port is unused.
  4. “Connection refused” - other ports are accessible
  5. I did the scan from a white-listed server. Double checked, there are no bans. And there are no restrictions by the provider.