Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello all,
I'm kind of new here - meaning I finally found a problem that I can't solve just by reading and decided to register.
So here is the situation I have scientific Linux 6.2 server and only port 22 open for it and since I need to run quite a lot of services I'm going to use vpn to connect and do the rest from the vpn
However for some reason the Linux doesn't allow me to run the vpn server on port 22 anyone any idea how I can do that?
P.S.
I don't want to tunnel it through SSH
Hello all,
I'm kind of new here - meaning I finally found a problem that I can't solve just by reading and decided to register. So here is the situation I have scientific Linux 6.2 server and only port 22 open for it and since I need to run quite a lot of services I'm going to use vpn to connect and do the rest from the vpn However for some reason the Linux doesn't allow me to run the vpn server on port 22 anyone any idea how I can do that?
P.S. I don't want to tunnel it through SSH
You don't tell us what happens, what error(s) you get, where, or what kind of VPN server you're trying to run, so it's hard to say. First guess would be there is something else running on port 22 (like SSH), so you either need to shut it down or move it to a different port.
But if I was going to go through the trouble of setting up a real VPN solution, I'd do it on a different port, and shut OFF port 22/SSH totally. It's not needed, really, since anyone who gets in to the VPN will be another host on the network, and have access to the services on that network. The only port I'd leave open to the outside wall is the VPN port.
That`s the point - I want it to run on vpn so you have full access once you are in the vpn.
There is nothing running on 22 did check that.
Otherways - I`m using openVPN everything there is fine the error - as you can guess if failure upon start - the log file gives TCP/UDP: Socket bind failed on local address [undef]:22: Permission denied
That`s the point - I want it to run on vpn so you have full access once you are in the vpn.
There is nothing running on 22 did check that.
Ok...but your post wasn't clear on what the function of SSH/port 22 was going to be.
Quote:
Otherways - I`m using openVPN everything there is fine the error - as you can guess if failure upon start - the log file gives TCP/UDP: Socket bind failed on local address [undef]:22: Permission denied
No, we can't guess. Now that we know you're using openVPN, what else do you see in the logs??? That error typically means you're not root when you try to start it, or that there's another service configured on port 22. Do a "netstat -l | grep -i ssh", to see if you've got an ssh process running, and if so, stop it.
Ok...but your post wasn't clear on what the function of SSH/port 22 was going to be.
No, we can't guess. Now that we know you're using openVPN, what else do you see in the logs??? That error typically means you're not root when you try to start it, or that there's another service configured on port 22. Do a "netstat -l | grep -i ssh", to see if you've got an ssh process running, and if so, stop it.
Nah I what i meant about the guessing was the failure on start.
Uh don`t have access to the log (left work - will post it tomorrow).
Yeah I was kind of surprised by that as well - the problem was I am running it as root and there was nothing running on 22. But will see - thanks for the help for now I`ll post additional info tomorrow at some point.
Hmm...I'd look in to what's got that ssh process, but (given that it's not on port 22), it's probably nothing to worry about. If you don't make headway, consider killing that process and trying again.
Quote:
P.S. The whole log tells me:
Code:
Fri Jul 20 11:13:12 2012 OpenVPN 2.2.1 x86_64-redhat-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] built on Sep 12 2011
Fri Jul 20 11:13:12 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 20 11:13:12 2012 Diffie-Hellman initialized with 1024 bit key
Fri Jul 20 11:13:12 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jul 20 11:13:12 2012 Socket Buffers: R=[124928->131072] S=[124928->131072]
Fri Jul 20 11:13:12 2012 TCP/UDP: Socket bind failed on local address [undef]:22: Permission denied
Fri Jul 20 11:13:12 2012 Exiting
Ah. From what I remember, if you are using a privileged port for your openVPN (<1024, like 53 for bypassing captive portals), don't configure privilege dropping, otherwise the VPN will die with the message above.
Code:
# keep commented if using a privileged port
#user nobody
port <whatever port, usually 1194 by default>
proto <whatever protocol, usually UDP by default>
Is that in your config file?? The user/group has to be root, or things won't work for a port less than 1024. Commenting out the user/group in the config will force it to inherit the UID of the user who starts the process.
Again, I'll strongly suggest you don't use port 22, but go with port 1194, since that's the default port for openVPN. At least do it for build/testing purposes now, and make sure things work. Afterwards, you can always drop the port to another.
I don't like the idea of using 22 for the vpn - but the IT people are refusing to open any other port
Unfortunately changing the user and the group to root doesn't work. However since I don't really want the vpn to be root - I`ve solved the problem with local port forwarding from 22 to 1194
I don't like the idea of using 22 for the vpn - but the IT people are refusing to open any other port
Unfortunately changing the user and the group to root doesn't work. However since I don't really want the vpn to be root - I`ve solved the problem with local port forwarding from 22 to 1194
Well, you can always just comment OUT the user/group, as suggested above, since it will then inherit the UID of whoever calls the script to start it. Try that first. The port-forwarding trick is also a good one.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
