Web Access to external IP

chussi · May 6, 2019, 1:10pm

Hey, I changed the listing port to my external ip of the server.

But my browsers won´t allow access due to invalid certifcate. Tried to import the certficate to the root store. But chrome is not providing a “add execption” button, IE / Edge either.

What can I do to get access to the webinterface ? Locally on the server everything works fine

Listen on external interface
/lib/systemd/system/

sed -e ‘s/127.0.0.1/0.0.0.0/g’ greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
sed -e ‘s/127.0.0.1/0.0.0.0/g’ greenbone-security-assistant.service openvas-manager.service openvas-scanner.service -i

systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service

update
Installed Firefox - I could set an excpetion here, but afterwards:

The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.

I am not using a hostname or domain.
I tried
gsad --allow-header-host

but no change

OK- got it - at least in Firefox browser

edited /lib/systemd/system/greenbone-security-assistant.service

[Unit]
Description=Greenbone Security Assistant
Documentation=man:gsad(8) http://www.openvas.org/
Wants=openvas-manager.service

[Service]
Type=simple
PIDFile=/var/run/gsad.pid
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --allow-header-host my_external_ip

root@KALI:~# systemctl daemon-reload
root@KALI:~# systemctl restart greenbone-security-assistant.service

Lukas · May 7, 2019, 9:53am

Keep in mind you are using a uncoordinated installation “Kali” this is not the Community Edition.
I moved the topic to the appropriated forum.

hildeb · May 8, 2019, 9:26am

Personally, I use apache2 in a reverse proxy setup. That way gsad can stay bound to localhost (with http only, even) and apache2 does all the SSL stuff.

  SSLProxyEngine on
  # Map to /
  ProxyPass        "/"              "http://127.0.0.1/"
  ProxyPassReverse "/"              "http://127.0.0.1/"

khurst · May 12, 2019, 6:57pm

I am having a similar issue on an Ubuntu installation that I’ve inherited. The server is running on 192.168.100.244 and per /etc/default/openvas-gsa, the PORT_NUMBER=4000 is the only variable not commented out, i… #MANAGER_PORT_NUMBER=9390 - commented out

If I connect from any host on the 192.168.100.x/24 subnet, I can pull this up in the browser using https://192.168.100.244:4000

I am trying to access it from a second subnet, one I can remote in via our VPN, and it does not respond. I’m not sure if I should be changing either LISTEN_ADDRESS or MANAGER_ADDRESS and if so, change one of them to 192.168.100.244? I don’t want or need to get to this via a public address, just from my VPN subnet that I use to remotely access this office. I can ping/traceroute to this 192.168.100.244 from the VPN subnet so I don’t think there are any routing issues

bricks · May 13, 2019, 6:08am

You are very likely using the packages from https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

Please ask the package maintainer for this PPA for howto adjusting the settings. I don’t think he is available at this forum.

cfi · December 31, 2019, 2:14pm

To avoid that multiple topics about the same questions are open i would also close this topic as a duplicate of the following one below which contains quite a lot information and various solutions. Please follow-up there if you have further questions around this topic.