Tutorial: Set the Interface and Ports for the Web Services
Access Server's web service and OpenVPN daemons listen on all interfaces. You can change this if needed.
Overview
When installing Access Server, the web services and OpenVPN daemons listen on all interfaces by default. You can change this in the Admin Web UI or the command-line interface (CLI), which are covered here.
There are three web services in total in Access Server:
Admin Web UI: The administrative web interface on port TCP 943/443.
Client Web UI: The end-user interface for the client program on port TCP 943/443.
Cluster web API: The inter-cluster API communication on port TCP 945.
Note
The cluster web API is only used when Access Server is in cluster mode, where multiple nodes work together to create a high-availability and load-balancing solution.
The Client and Admin Web UIs are on the same port, with the Client Web UI at the root / URL and the Admin Web UI at the /admin URL.
By default, the OpenVPN TCP daemons are on port TCP 443, the standard HTTPS port for web services. We chose this port for the OpenVPN TCP daemons because it is likely that simpler firewalls allow this through, whereas UDP 1194 where the UDP daemons live, might be blocked. To allow an easier user experience, the OpenVPN TCP daemons can recognize web browser requests and internally forward these to where the Client and Admin Web UI services reside. We call this service forwarding. This allows accessing the web services through a URL like https://vpn.example.com/ without specifying the exact port.
If you turn off or change the service forwarding settings or alter the OpenVPN TCP daemon port, this automatic internal redirection of browser requests on port TCP 443 won’t work. If you stop the OpenVPN daemons, you won’t be able to access the web services on the default HTTPS port. In such a case, you must connect to the web services directly at their default port, TCP 943, in the web browser: https://your.vpnserver.com:943/.
An installed Access Server.
Access to the Admin Web UI or the console and get root privileges.
Sign in to the Admin Web UI.
Click Configuration > Network Settings.
Scroll down to Admin Web Server and Client Web Server.
If desired, change the interface and port number for the Admin Web UI under Admin Web Server.
Select the interface with a toggle and enter the port number manually into the Port number field.
If you wish to change the interface and port number for the Client Web UI, select Use a different IP address or port under Client Web Server.
The interface and port settings now display for the client web server.
Change the interface and port number as desired.
Connect to the console and get root privileges.
Switch to the scripts directory:
cd /usr/local/openvpn_as/scripts/
Run the desired command for the settings you want to change:
Set the interface and port for the Admin Web UI:
./sacli --key "admin_ui.https.ip_address" --value <INTERFACE> ConfigPut ./sacli --key "admin_ui.https.port" --value <PORT_NUMBER> ConfigPut ./sacli start
Set the interface and port for the Client Web UI:
./sacli --key "cs.https.ip_address" --value <INTERFACE> ConfigPut ./sacli --key "cs.https.port" --value <PORT_NUMBER> ConfigPut ./sacli start
Set the interface and port for the cluster web API:
./sacli --key "ssl_api.local_addr" --value <INTERFACE> ConfigPut ./sacli --key "ssl_api.local_port" --value <PORT_NUMBER> ConfigPut ./sacli start
Restore the default settings:
./sacli --key "admin_ui.https.ip_address" --value "all" ConfigPut ./sacli --key "admin_ui.https.port" --value "943" ConfigPut ./sacli --key "cs.https.ip_address" --value "all" ConfigPut ./sacli --key "cs.https.port" --value "943" ConfigPut ./sacli --key "ssl_api.local_addr" --value "all" ConfigPut ./sacli --key "ssl_api.local_port" --value "945" ConfigPut ./sacli start
Tip
When you set the Admin and Client Web UIs on different interfaces or ports, the Admin Web UI moves to the root URL and no longer uses /admin in the URL. Adding /admin to the URL is only used when Access Server listens on the same interface and port as the Client Web UI.