PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : HTTPS Verbindungsproblem



cane
09.01.04, 11:42
Hallo!
Ich habe einen IPCop als VPN Gateway installiert auf dessen AdminFrontend man über xxx.xxx.xxx.xxx:445 zugreifen kann.
Ich habe jedoch öfters Probleme mich auf diesen Port zu verbinden und weiß nicht woran dass liegen könnte. Hier mal ein paar Log-Auszüge von heute morgen als es nach dem Start des Rechners wieder nicht ging:

/var/log/httpd/access_log weist keinen Eintrag für heute auf. Ein normaler Eintrag sieht so aus:


xxx.xxx.xxx.xxx - admin [08/Jan/2004:15:46:37 +0100] "GET /cgi-bin/proxy.cgi HTTP/1.1" 200 11527

Der ssl_request_log ist auch leer (logisch:kein accesss -> kein request möglich).
Da kein Eintrag vorhanden ist muß die Anfrage nach der Seite schon irgendwo früher geblockt worden sein.

Die error_log enthält nur:


[Fri Jan 9 10:43:05 2004] [notice] Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b configured -- resuming normal operations
[Fri Jan 9 10:43:05 2004] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jan 9 10:43:05 2004] [notice] Accept mutex: sysvsem (Default: sysvsem)

Nicht ungewöhnlich denke ich.

Die sslengine_log ist da schon interessanter:
[/quote]
[09/Jan/2004 10:43:00 00381] [info] Server: Apache/1.3.27, Interface: mod_ssl/2.8.12, Library: OpenSSL/0.9.6b
[09/Jan/2004 10:43:00 00381] [info] Init: 1st startup round (still not detached)
[09/Jan/2004 10:43:00 00381] [info] Init: Initializing OpenSSL library
[09/Jan/2004 10:43:00 00381] [info] Init: Loading certificate & private key of SSL-aware server ipcop:445
[09/Jan/2004 10:43:00 00381] [info] Init: Seeding PRNG with 136 bytes of entropy
[09/Jan/2004 10:43:00 00381] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[09/Jan/2004 10:43:05 00381] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[09/Jan/2004 10:43:05 00382] [info] Init: 2nd startup round (already detached)
[09/Jan/2004 10:43:05 00382] [info] Init: Reinitializing OpenSSL library
[09/Jan/2004 10:43:05 00382] [info] Init: Seeding PRNG with 136 bytes of entropy
[09/Jan/2004 10:43:05 00382] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[09/Jan/2004 10:43:05 00382] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[09/Jan/2004 10:43:05 00382] [info] Init: Initializing (virtual) servers for SSL
[09/Jan/2004 10:43:05 00382] [info] Init: Configuring server ipcop:445 for SSL protocol
[09/Jan/2004 10:43:58 00386] [info] Connection to child 0 established (server ipcop:445, client xxx.xxx.xxx.xxx)
[09/Jan/2004 10:43:58 00386] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 10:43:59 00386] [info] Connection: Client IP: xxx.xxx.xxx.xxx, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 10:43:59 00386] [info] Connection to child 0 closed with standard shutdown (server ipcop:445, client xxx.xxx.xxx.xxx)[/quote]

Das ist die Verbindung bei der im IE nur die Frage ob ich das Zertifikat der Seite akzeptieren will (siehe Anhang) auftaucht und nach einer Bestätigung nichts passiert...


Jetzt der ssl_engine_log nachdem eine Connection aufgebaut wurde (ab 10:43:58:


[09/Jan/2004 10:43:58 00386] [info] Connection to child 0 established (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 10:43:58 00386] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 10:43:59 00386] [info] Connection: Client IP: 141.88.172.74, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 10:43:59 00386] [info] Connection to child 0 closed with standard shutdown (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:05:58 00388] [info] Connection to child 2 established (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:05:58 00388] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 11:05:59 00388] [info] Connection: Client IP: 141.88.172.74, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 11:05:59 00388] [info] Connection to child 2 closed with standard shutdown (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:06:30 00387] [info] Connection to child 1 established (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:06:30 00387] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 11:06:30 00387] [info] Connection: Client IP: 141.88.172.74, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 11:06:30 00387] [info] Initial (No.1) HTTPS request received for child 1 (server ipcop:445)
[09/Jan/2004 11:06:31 00387] [info] Connection to child 1 closed with unclean shutdown (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:06:49 00389] [info] Connection to child 3 established (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:06:49 00389] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 11:06:49 00389] [info] Connection: Client IP: 141.88.172.74, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 11:06:49 00389] [info] Connection to child 3 closed with standard shutdown (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:06:51 00386] [info] Connection to child 0 established (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:06:51 00386] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 11:06:51 00386] [info] Connection: Client IP: 141.88.172.74, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 11:06:51 00386] [info] Initial (No.1) HTTPS request received for child 0 (server ipcop:445)
[09/Jan/2004 11:06:52 00386] [info] Connection to child 0 closed with unclean shutdown (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:16:07 00388] [info] Connection to child 2 established (server ipcop:445, client 141.88.172.74)
[09/Jan/2004 11:16:07 00388] [info] Seeding PRNG with 1160 bytes of entropy
[09/Jan/2004 11:16:08 00388] [info] Connection: Client IP: 141.88.172.74, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[09/Jan/2004 11:16:08 00388] [info] Connection to child 2 closed with standard shutdown (server ipcop:445, client 141.88.172.74)


Was hat beim ersten Verbindungsversuch nicht funktioniert?
Nach einigem Warten (ich habe nichts geändert oder restartet) geht es dann auf einmal???

Mal sehen was die Apache Gurus sagen...
Mehr logs kann ich auf Anfrage gerne nachreichen ;)

mfg
cane