furlongm / openvpn-monitor

openvpn-monitor is a web based OpenVPN monitor, that shows current connection information, such as users, location and data transferred.
http://openvpn-monitor.openbytes.ie
GNU General Public License v3.0
967 stars 293 forks source link

[Centos][SELinux] Connection to 5555 port #136

Open metalrise opened 4 years ago

metalrise commented 4 years ago

First of all, thank you for the lightweight solution for monitoring OpenVPN

After I've installed the monitor, there were same issues caused by SELinux on CentOS 7:

a) OpenVPN not starting after adding management 127.0.0.1 5555 to server.conf

This has solved by the fix recommended in issue https://github.com/furlongm/openvpn-monitor/issues/101

In CentOS 7 minimal, semanage is installed by policycoreutils-python

yum install policycoreutils-python sudo semanage port -a -t openvpn_port_t -p tcp 5555

b) The python script cannot connect to the management interface WARNING: socket error: [Errno 13] Permission denied from apache error_log

setsebool -P httpd_can_network_connect=1

httpd_can_network_connect (HTTPD Service):: Allow HTTPD scripts and modules to connect to the network

Can you update the README? and save some hours for future users from searching the web

The solutions from above were tested on CentOS 7

Another hardcore fix, can be .......... disabling SELinux

b3hroo2 commented 4 years ago

b worked for me thanks

PtrckM commented 4 years ago

I think @metalrise was right it should be added to README, I already disabled SeLinux on my Centos 7 before I even see the real solution here.

furlongm commented 4 years ago

Happy to take a PR to add this to the README. Maybe against develop branch?