Please show the full certbot
command request.
This is not good. Certbot via PPA and the commercial OpenVPN thingy?
There are easier ways to make a VPN: Wireguard, for example.
based on the instruction I am using following command
certbot certonly --standalone --preferred-challenges http -d vpn.sammzinc.com
problem with wireguard, i am not able to access some of the subnet on my lan
example: my main lan subnet is 192.168.100.0/24
but there are some subnet on my network 192.168.15.0/24. when i connect to my wireguard, i can't access anything on 192.168.15.0/24 subnet
I just ran this command on my server.. i think this explain the issue?
admin@OpenVpn:~$ sudo ufw status verbose
Status: inactive
admin@OpenVpn:~$ sudo ufw status
Status: inactive
admin@OpenVpn:~$
i did made same changes to fw.
sudo ufw verbose
Status: active
To Action From
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere # accept HTTP connections
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6) # accept HTTP connections
still no luck getting same error 404
Please show the output of:
curl -4 ifconfig.co
173.15.75.81
173.15.75.81
173.15.75.81
OK, so that's the expected IP.
Is there any NAT going on?
Just in SonicWall firewall to point to internal ip adress
Aha!
Please check the NAT in the firewall.
I did check and also had SonicWall support to look at NAT policy found nothing wrong.
Right now I see nginx using port 80. Don't you get an error from certbot --standalone saying port 80 is already in use?
curl -I vpn.sammzinc.com/.well-known/acme-challenge/ForumTest
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 16 Apr 2022 20:09:37 GMT
Content-Type: text/html
( ... )
admin@OpenVpn:~$ curl -I vpn.sammzinc.com/.well-known/acme-challenge/ForumTest
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 16 Apr 2022 21:26:43 GMT
Content-Type: text/html
Content-Length: 3212
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
ETag: "608a73aa-c8c"
admin@OpenVpn:~$ curl -I vpn.sammzinc.com/.well-known/acme-challenge/ForumTest
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 16 Apr 2022 21:26:43 GMT
Content-Type: text/html
Content-Length: 3212
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Accept-Encoding
ETag: "608a73aa-c8c"
I don't know if you want the commercial offering of openvpn.
If you can work with the community version (which also makes pointless the use of a Let's Encrypt certificate), check these projects:
- GitHub - Nyr/openvpn-install: OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
- GitHub - angristan/openvpn-install: Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
(There are similar projects for wireguard, but wireguard is easy enough to setup without)
Hi All,
Thank you for all your help, I finally found and issue, I made a small mistake in firewall NAT rules. It's now fixed and it's working great.
Thanks
Sam
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.