I have an openvpn server on stretch (with some backports stuff) in
combination with sslh so that I can multiplex https and openvpn on port
443. This is needed so clients can get through a firewall.
Simplistic setup of sslh&openvpn means that openvpn and apache see all
connects as coming from localhost, so I wanted to enable tcp-wrappers
with geoip, but I can not get it to work.
When I enable hosts.{allow,deny} I have, Starting with the symptoms and
working down to my config:
- firefox showing connection failed to httpps://
- log showing:
Sep 10 15:38:10 garbo sslh[10550]: sslh-fork 1.18-1 started
Sep 10 15:38:30 garbo geofilter: [10555] Mon, 10 Sep 2018 15:38:30 +0200
uid:115 /usr/local/sbin/https-geofilter 192.168.2.201
Sep 10 15:38:30 garbo geofilter: [10555] allow: ALLOW connection from
192.168.2.201 (IP Address not found)Sep 10 16:14:17 garbo geofilter:
[16004] Mon, 10 Sep 2018 16:14:17 +0200 uid:115
/usr/local/sbin/https-geofilter 192.168.2.201
Sep 10 16:14:17 garbo geofilter: [16004] allow: ALLOW connection from
192.168.2.201 (IP Address not found)
Sep 10 16:14:17 garbo sslh[10550]: warning: /etc/hosts.allow, line 5:
process 16003 exited with signal 126
Sep 10 16:14:17 garbo sslh[10550]: aclexec returned 1
Sep 10 16:14:17 garbo sslh[10550]: connection from
gt.alstadheim.priv.no.2.168.192.in-addr.arpa(192.168.2.201): access denied
