SRX Services Gateway
Reply
Contributor
shinn
Posts: 14
Registered: ‎06-09-2010
0

Redirect to dynamic-vpn page[issue]

Hi all,

 

I m new to SRX series. Recently i configuring dynamic-vpn on srx240 but failed. When i trying to remote access the SRX240 from internet by http://x.x.x.x , i dont knw why it redirect me to https://x.x.x.x/dynamic-vpn page. Previously it was fine and i can remote login but now seem it keep redirecting me to dynamic-vpn page.

 

I tried to find the root of this issue, and change to previous config, but still hvn't solve. Anyone can help me on this..thanks

pkc
Contributor
pkc
Posts: 111
Registered: ‎09-24-2008
0

Re: Redirect to dynamic-vpn page[issue]

Can you please indicate which version you're using, and

what happens if you deactivate dynamic vpn in the config ?

Contributor
gosi
Posts: 82
Registered: ‎12-11-2009
0

Re: Redirect to dynamic-vpn page[issue]

[ Edited ]

Hi shinn,

 

welcome to the forum. Did i understand you correct that when you enter the IP address from your srx to access the gui, you will be directly redirected to the dynamic-vpn login page?

 

Did you use this pdf to configure dynamic-vpn?

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamic-vpn-appnote-v12.pdf

Super Contributor
AdamLin
Posts: 167
Registered: ‎08-02-2010
0

Re: Redirect to dynamic-VPN page[issue]

[ Edited ]

I take it you're using 10.2 or 10.3, page 54 in release notes shows a change:

 

"URL separation for J-Web and dynamic VPN— This feature prevents the dynamic VPN users from accessing J-Web accidentally or intentionally. Unique URLs for J-Web and dynamic VPN add support to the webserver for parsing all the HTTP requests it receives. The webserver also provides access permission based on the interfaces enabled for J-Web and dynamic VPN."

 

the command you want to use seems to be:

 

 

set system services web-management management-url

 

 

examples far down on this page:

http://www.juniper.net/techpubs/en_US/junos10.2/information-products/topic-collections/release-notes...

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Contributor
shinn
Posts: 14
Registered: ‎06-09-2010
0

Re: Redirect to dynamic-VPN page[issue]

[ Edited ]

Hi pkc,

Yes , i just upgraded to 10.3r1.9 for both JUNOS software and Web Management

 

 

Hi Sebastian,

 Yes, It keep redirecting me to the dynamic-vpn page.  I use that pdf guide to configure dynamic-vpn but failed. I m using freeradius as radius server. Any idea on configure radius server?

 

 

Hi Adam,

yes i m using 10.3. Thanks for your info.

But it seem the only solution is to separate the interface for both? Am i right?

Current senario is i am sharing both(jweb enabled&dynamicvpn configured) with a same interface. It will Navigates to the dynamic VPN login page.

 

Is not working after i tried it. Anything i configured wrong?

 

root@test# show system services web-management
management-url my-jweb;
http {
    interface [ ge-0/0/0.0 ge-0/0/2.0 ge-0/0/3.0 vlan.200 vlan.100 ge-0/0/4.0 ];
}
https {
    system-generated-certificate;
    interface [ ge-0/0/0.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/4.0 vlan.100 vlan.200 ];
}

[edit]
root@test#

 

So i should type http://x.x.x.x/my-jweb to login, am i right? But i getting "http 404 Not Found"

 

 

Super Contributor
AdamLin
Posts: 167
Registered: ‎08-02-2010
0

Re: Redirect to dynamic-VPN page[issue]

[ Edited ]

Hi,

 

Yes, http://yourip/my-jweb/ should work

attached a config of the test I did of this, with freeradius.

Might want to do some traces.

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Contributor
shinn
Posts: 14
Registered: ‎06-09-2010
0

Re: Redirect to dynamic-VPN page[issue]

Hi Adam,

 

Thanks for replying.

I m not able access with http://x.x.x.x/my-jweb/, getting access error :404--Not Found.

I have configured almost the same with your config for dynamic vpn

 

Is it need to configure routing for the vpn client?

May i know how you configure your freeradius???

 

Super Contributor
AdamLin
Posts: 167
Registered: ‎08-02-2010
0

Re: Redirect to dynamic-VPN page[issue]

[ Edited ]
Hi,
This should not have anything to do with the radius, as you haven't authenticated at that time, and there's not a whole lot that can go wrong with a simple freeradius test configuration, if you still want to see the freeradius configuration however, here's that, added this into users:
test-user       Cleartext-Password := "testpass"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.0.10,
Framed-IP-Netmask = 255.255.255.0,
and this in clients.conf
client 10.10.10.1/24 {
secret = testsecret
shortname = SRX
}
Some thoughts;
Make sure you're using the correct case in the management url, if your management-url is my-jweb, you can't use say http://ip.address/My-Jweb
Can you reach the J-Web on any interface?
How does your host-inbound-traffic look on the zone which holds the interface you're trying to reach J-Web on?
Try a restart web-management in operational mode
Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Contributor
shinn
Posts: 14
Registered: ‎06-09-2010
0

Re: Redirect to dynamic-VPN page[issue]

Hi,

 

You are great. Yes, i able to access using http://ipaddress/login. It's work.

But not http://ipaddress/my-jweb. Wonder why ..^^

 

Actually nothing different the config of your and mines. Just worry something goes wrong for my freeradius config that actually deny assigning ip address. My freeradius is window based, not linux.

 

Dynamic vpn not working. The srx that implemented actually is behind one load balancer linkproof. However, i dont think have anything to do with it, and may be for NATing it does tho..

 

This is the zones setting:

 

root@test# show security zones

security-zone untrust {

    screen untrust;

    host-inbound-traffic {

        system-services {

            all;

        }

        protocols {

            all;

        }

    }

    interfaces {

        ge-0/0/4.0;

    }

}

 

basically, everything is all. Restarted the web-management too. Still failed.

Super Contributor
AdamLin
Posts: 167
Registered: ‎08-02-2010
0

Re: Redirect to dynamic-VPN page[issue]

I might be wrong, but to me it seems like it didn't manage to parse "management-url", try a "commit full". Else you could try and remove the management-url, commit, and then adding it again, see if it makes any difference to the outcome. If it still doesn't work after that I really don't know. :smileyhappy: Someone else might be able to answer you then.

 

When it comes to dynamic-vpn, what part doesn't work ? Do you get successful authentications in your radius.log ?

in freeradiusd.conf you can enable auth logging with "auth = yes"

I've noticed different versions of freeradius got different syntax in users configuration, which will cause a correct password to still fail. See the example configuration in your "users" and note exactly how it's written.

 

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.