mikefallen Posted September 9, 2015 Share Posted September 9, 2015 Here are the settings I use, For a fully working vpn server that can reach recources on your home LAN it´s pretty simple. Configuration section: Server Network Settings (tab) Hostname or IP Address: (external ip or dnas name ex, myunraid.dyndns.org). VPN Settings (tab) Routing - "Specify the private subnets to which all clients should be given access": (add your home LAN ex, 192.168.1.0/24 bellow the line 172.17.0.0/16) DNS Settings - Have clients use these DNS servers: (primary dns 8.8.8.8 secondary dns 8.8.4.4) User Management section: User Permissions (tab) Add two vpn users with passwords) Then on your client surf to https://myunraid.dyndns.org:943 and login with the vpnuser details. A side note is that in the .ovpn file for your client you might want to remove the line that says myunraid.dyndns.org:9443 and just keep the lines with myunraid.dyndns.org:1194 for a big speed improvment. Or disable tcp/9443 connections in the webui (no need to forward port tcp/9443 in your router) //mace thank you so much m8 i appreciate you taking the time to do that for me Quote Link to comment
rajsri Posted September 15, 2015 Share Posted September 15, 2015 Hello, I have been using unRaid for few years and just upgrade to 6.1; I am trying to understand docker concept and various new added features of unRaid. So, please treat me as beginner. I am trying to setup OpenVPN docker and have few questions, some of the questions might be related to unRaid itself rather than the docker's. Kindly help me understand. 1. Doesn't the latest unRaid 6.x version have the capability to use more than Ethernet interface(s)? I have two NICs and I was wondering if each NIC can get it's own IP. If OpenVPN docker can use one dedicated IP. (I read lot of forum topics about mutiple NICs and they were referring to older version of unRaid) 2. Since I need to forward Ports 1194/udp 9443/tcp to my unRaid, is it safe? particularly when the same IP is used to access my unRaid tower within the LAN. Would it be possible for this docker to accept incoming VPN connections on eth1 and once authenticated, connect to my LAN using eth0? (i.e., using eth0 for LAN and eth1 for WAN by the OpenVPN docker) 3. What is "bridge" connection in unRaid (ignore docker/VM etc.,)? Thanks! Quote Link to comment
macester Posted September 16, 2015 Author Share Posted September 16, 2015 Hello, I have been using unRaid for few years and just upgrade to 6.1; I am trying to understand docker concept and various new added features of unRaid. So, please treat me as beginner. I am trying to setup OpenVPN docker and have few questions, some of the questions might be related to unRaid itself rather than the docker's. Kindly help me understand. 1. Doesn't the latest unRaid 6.x version have the capability to use more than Ethernet interface(s)? I have two NICs and I was wondering if each NIC can get it's own IP. If OpenVPN docker can use one dedicated IP. (I read lot of forum topics about mutiple NICs and they were referring to older version of unRaid) 2. Since I need to forward Ports 1194/udp 9443/tcp to my unRaid, is it safe? particularly when the same IP is used to access my unRaid tower within the LAN. Would it be possible for this docker to accept incoming VPN connections on eth1 and once authenticated, connect to my LAN using eth0? (i.e., using eth0 for LAN and eth1 for WAN by the OpenVPN docker) 3. What is "bridge" connection in unRaid (ignore docker/VM etc.,)? Thanks! 1, My server is in a box ATM due to moveing so i can not check but, think in the web gui there is only option for one ip. You could use multipe nics aka "bonding". 2, It´s as safe as "openvpn-as" is it uses it´s own ssl "engine" and I try to always use the latest version, so i guess it´s pretty safe since alot of big companies use openvpn-as. (the ports are only used my openvpn since they own the proccess so wont be anything else getting "through on thoose ports"). Yes it is possible to bind eth1 for lets say "wan or incoming openvpn"(it´s a variable in the advanced docker setup) and then route traffic to eth0(lan) in the openvpn-as webGui. (however I dont see the point for this). 3, Think of "bridge" as a normal desktop switch where unRAID uses a port with the server ip and the rest of the ports are used by vm´s etc... //mace Quote Link to comment
thraxis Posted September 17, 2015 Share Posted September 17, 2015 I've just spent a very unfruitful 2+ hours attempting to get the OpenVPN-AS docker to work. In a nutshell it didn't. I tended to get one of two outcomes. The admin account just didn't exist and you could not log in at all using openvpn as the password. The admin account was created but when you logged in you get. "You do not have Administrative permission" For the second case a check of the logfile will show that "Admin UI access is denied to user admin (not a superuser)" Quote Link to comment
macester Posted September 17, 2015 Author Share Posted September 17, 2015 I've just spent a very unfruitful 2+ hours attempting to get the OpenVPN-AS docker to work. In a nutshell it didn't. I tended to get one of two outcomes. The admin account just didn't exist and you could not log in at all using openvpn as the password. The admin account was created but when you logged in you get. "You do not have Administrative permission" For the second case a check of the logfile will show that "Admin UI access is denied to user admin (not a superuser)" Could you post the log files, there are two of them one in the appdata folder and one when you right click the docker. Mind takeing a screenshot of your docker settings. //mace Quote Link to comment
rajsri Posted September 17, 2015 Share Posted September 17, 2015 1, My server is in a box ATM due to moveing so i can not check but, think in the web gui there is only option for one ip. You could use multipe nics aka "bonding". 2, It´s as safe as "openvpn-as" is it uses it´s own ssl "engine" and I try to always use the latest version, so i guess it´s pretty safe since alot of big companies use openvpn-as. (the ports are only used my openvpn since they own the proccess so wont be anything else getting "through on thoose ports"). Yes it is possible to bind eth1 for lets say "wan or incoming openvpn"(it´s a variable in the advanced docker setup) and then route traffic to eth0(lan) in the openvpn-as webGui. (however I dont see the point for this). 3, Think of "bridge" as a normal desktop switch where unRAID uses a port with the server ip and the rest of the ports are used by vm´s etc... //mace I configured as per your instructions from docker install screen. Very easily done. Thank you Where can I find documentation if I want to try to route the traffic thru different interfaces? (WAN on eth0 and LAN on eth1 etc.,)... even though its not needed here, it will help me learn a new thing Quote Link to comment
macester Posted September 17, 2015 Author Share Posted September 17, 2015 1, My server is in a box ATM due to moveing so i can not check but, think in the web gui there is only option for one ip. You could use multipe nics aka "bonding". 2, It´s as safe as "openvpn-as" is it uses it´s own ssl "engine" and I try to always use the latest version, so i guess it´s pretty safe since alot of big companies use openvpn-as. (the ports are only used my openvpn since they own the proccess so wont be anything else getting "through on thoose ports"). Yes it is possible to bind eth1 for lets say "wan or incoming openvpn"(it´s a variable in the advanced docker setup) and then route traffic to eth0(lan) in the openvpn-as webGui. (however I dont see the point for this). 3, Think of "bridge" as a normal desktop switch where unRAID uses a port with the server ip and the rest of the ports are used by vm´s etc... //mace I configured as per your instructions from docker install screen. Very easily done. Thank you Where can I find documentation if I want to try to route the traffic thru different interfaces? (WAN on eth0 and LAN on eth1 etc.,)... even though its not needed here, it will help me learn a new thing The only way on top of my head would be to set the listen interface with the variable(can be changed it the webGui also) to the WAN interface, then in the route section in the webGui only add the network that is configured on the LAN interface. https://openvpn.net/images/pdf/OpenVPN_Access_Server_Sysadmin_Guide_Rev.pdf //mace Quote Link to comment
thraxis Posted September 18, 2015 Share Posted September 18, 2015 I've just spent a very unfruitful 2+ hours attempting to get the OpenVPN-AS docker to work. In a nutshell it didn't. I tended to get one of two outcomes. The admin account just didn't exist and you could not log in at all using openvpn as the password. The admin account was created but when you logged in you get. "You do not have Administrative permission" For the second case a check of the logfile will show that "Admin UI access is denied to user admin (not a superuser)" Could you post the log files, there are two of them one in the appdata folder and one when you right click the docker. Mind takeing a screenshot of your docker settings. //mace I had to go into the userprop.db and add in the prop_superuser value by hand. I've got it up and going now. Quote Link to comment
macester Posted September 18, 2015 Author Share Posted September 18, 2015 I've just spent a very unfruitful 2+ hours attempting to get the OpenVPN-AS docker to work. In a nutshell it didn't. I tended to get one of two outcomes. The admin account just didn't exist and you could not log in at all using openvpn as the password. The admin account was created but when you logged in you get. "You do not have Administrative permission" For the second case a check of the logfile will show that "Admin UI access is denied to user admin (not a superuser)" Could you post the log files, there are two of them one in the appdata folder and one when you right click the docker. Mind takeing a screenshot of your docker settings. //mace I had to go into the userprop.db and add in the prop_superuser value by hand. I've got it up and going now. This is normally done at the start of the container by the startup script, have any old log so i can check what happend for future reference? //mace Quote Link to comment
Dimtar Posted September 29, 2015 Share Posted September 29, 2015 Hey all. Trying to get OpenVPN-AS working, its not. The web interface never loads. Config exists, importing previous configuration! Checking configuration, Defaults are already set! Setting listening Interface to Interface, br0!! MOD Default {u'admin_ui.https.ip_address': u'eth0'} {u'admin_ui.https.ip_address': 'br0'} MOD Default {u'cs.https.ip_address': u'eth0'} {u'cs.https.ip_address': 'br0'} MOD Default {u'vpn.daemon.0.listen.ip_address': u'eth0'} {u'vpn.daemon.0.listen.ip_address': 'br0'} MOD Default {u'vpn.daemon.0.server.ip_address': u'eth0'} {u'vpn.daemon.0.server.ip_address': 'br0'} * Starting openvpnas openvpnas ...done. Setting Admin default username and password: admin/openvpn * Restarting openvpnas openvpnas ...done. Sep 29 11:24:21 DAMONSTER syslog-ng[60]: syslog-ng starting up; version='3.5.3' http://puu.sh/krSAt/0de44657de.png http://puu.sh/krSCX/acfb82ed8d.png Any help would be much appreciated thanks! Quote Link to comment
macester Posted September 29, 2015 Author Share Posted September 29, 2015 Hey all. Trying to get OpenVPN-AS working, its not. The web interface never loads. Config exists, importing previous configuration! Checking configuration, Defaults are already set! Setting listening Interface to Interface, br0!! MOD Default {u'admin_ui.https.ip_address': u'eth0'} {u'admin_ui.https.ip_address': 'br0'} MOD Default {u'cs.https.ip_address': u'eth0'} {u'cs.https.ip_address': 'br0'} MOD Default {u'vpn.daemon.0.listen.ip_address': u'eth0'} {u'vpn.daemon.0.listen.ip_address': 'br0'} MOD Default {u'vpn.daemon.0.server.ip_address': u'eth0'} {u'vpn.daemon.0.server.ip_address': 'br0'} * Starting openvpnas openvpnas ...done. Setting Admin default username and password: admin/openvpn * Restarting openvpnas openvpnas ...done. Sep 29 11:24:21 DAMONSTER syslog-ng[60]: syslog-ng starting up; version='3.5.3' http://puu.sh/krSAt/0de44657de.png http://puu.sh/krSCX/acfb82ed8d.png Any help would be much appreciated thanks! "http://puu.sh/krSCX/acfb82ed8d.png" Try changing "/mnt/user/appdata/openvpn-as/" to "/mnt/cache/appdata/openvpn-as/" Or use the disk you store appdata on example, "/mnt/disk1/appdata/openvpn-as/" //mace Quote Link to comment
Dimtar Posted September 29, 2015 Share Posted September 29, 2015 Hey all. Trying to get OpenVPN-AS working, its not. The web interface never loads. Config exists, importing previous configuration! Checking configuration, Defaults are already set! Setting listening Interface to Interface, br0!! MOD Default {u'admin_ui.https.ip_address': u'eth0'} {u'admin_ui.https.ip_address': 'br0'} MOD Default {u'cs.https.ip_address': u'eth0'} {u'cs.https.ip_address': 'br0'} MOD Default {u'vpn.daemon.0.listen.ip_address': u'eth0'} {u'vpn.daemon.0.listen.ip_address': 'br0'} MOD Default {u'vpn.daemon.0.server.ip_address': u'eth0'} {u'vpn.daemon.0.server.ip_address': 'br0'} * Starting openvpnas openvpnas ...done. Setting Admin default username and password: admin/openvpn * Restarting openvpnas openvpnas ...done. Sep 29 11:24:21 DAMONSTER syslog-ng[60]: syslog-ng starting up; version='3.5.3' http://puu.sh/krSAt/0de44657de.png http://puu.sh/krSCX/acfb82ed8d.png Any help would be much appreciated thanks! "http://puu.sh/krSCX/acfb82ed8d.png" Try changing "/mnt/user/appdata/openvpn-as/" to "/mnt/cache/appdata/openvpn-as/" Or use the disk you store appdata on example, "/mnt/disk1/appdata/openvpn-as/" //mace And it worked. What the hell? How does that even matter... It is refusing admin/openvpn now though, so I arguably only got a metre closer to working. EDIT: Given it struggled with things in the first place, removed everything and tried again. I can now login to the web interfacer. Thank you. Quote Link to comment
CHBMB Posted October 5, 2015 Share Posted October 5, 2015 Think I'm the first person to ask a question about the cloudflare DNS container. Is there anyway to update several subdomains with this? For instance @, www, owncloud, music, photos? Tried just about every permutation I can think of with no success. Contacting the Cloudflare API to determine DNS zone DNS zone server.com found Trying to determine DNS record ID No DNS A record for server.com,www.server.com,requests.server.com,music.server.com,owncloud.server.com,photos.server.com found on 1878709 It's not desparate as I have found another solution, but would prefer to use your container as it's a fair bit more lightweight. Thanks Quote Link to comment
macester Posted October 6, 2015 Author Share Posted October 6, 2015 Think I'm the first person to ask a question about the cloudflare DNS container. Is there anyway to update several subdomains with this? For instance @, www, owncloud, music, photos? Tried just about every permutation I can think of with no success. Contacting the Cloudflare API to determine DNS zone DNS zone server.com found Trying to determine DNS record ID No DNS A record for server.com,www.server.com,requests.server.com,music.server.com,owncloud.server.com,photos.server.com found on 1878709 It's not desparate as I have found another solution, but would prefer to use your container as it's a fair bit more lightweight. Thanks No it´s not havent found a good sulution for it, (other then makeing all the other sybdomains a "cname" of the one updated). //mace Quote Link to comment
CHBMB Posted October 6, 2015 Share Posted October 6, 2015 Think I'm the first person to ask a question about the cloudflare DNS container. Is there anyway to update several subdomains with this? For instance @, www, owncloud, music, photos? Tried just about every permutation I can think of with no success. Contacting the Cloudflare API to determine DNS zone DNS zone server.com found Trying to determine DNS record ID No DNS A record for server.com,www.server.com,requests.server.com,music.server.com,owncloud.server.com,photos.server.com found on 1878709 It's not desparate as I have found another solution, but would prefer to use your container as it's a fair bit more lightweight. Thanks No it´s not havent found a good sulution for it, (other then makeing all the other sybdomains a "cname" of the one updated). //mace I found a container that works. Uses https://hub.docker.com/r/tsaikd/cloudflare/ I've created an .xml to it in my private repo. https://github.com/CHBMB/docker-templates Quote Link to comment
macester Posted October 7, 2015 Author Share Posted October 7, 2015 Openvpn-AS 2015.10.07 - Fix error that "/mnt/user/(appdata) coulden´t be used. Quote Link to comment
aptalca Posted October 7, 2015 Share Posted October 7, 2015 Openvpn-AS 2015.10.07 - Fix error that "/mnt/user/(appdata) coulden´t be used. Can you elaborate on that? A few of my dockers have the same problem and I'd love to know how to fix it. Thanks Quote Link to comment
macester Posted October 7, 2015 Author Share Posted October 7, 2015 Openvpn-AS 2015.10.07 - Fix error that "/mnt/user/(appdata) coulden´t be used. Can you elaborate on that? A few of my dockers have the same problem and I'd love to know how to fix it. Thanks I´m not 100% sure but it´s only on unRAID this issue exist tried on ubuntu, debian(omv) and centos with a volume on an nfs share. The issue was for me that i had a directory "/config/etc/socks" (that is symlinked inside the docker) and when openvpn starts it creates some files in the folder and when ever I used /mnt/user/ it couldent write to it (I could however create files manually on host and inside the docker). If I used /mnt/disk/ it would work, so I then noticed that while doing this if I exexuted a simple "ls -la" on the share /mnt/user/appdata/openvpn/socks and it would just output that the files dident exists and question marks on the user permissions. So i did the simple thing since the files in question here dident need permanent storage and I moved them to a /tmp folder inside the container. But the only thing I can think of that is causing this is that the /mnt/user share runs through samba? and has an issue with traversing symlinks. Quote Link to comment
aptalca Posted October 7, 2015 Share Posted October 7, 2015 Openvpn-AS 2015.10.07 - Fix error that "/mnt/user/(appdata) coulden´t be used. Can you elaborate on that? A few of my dockers have the same problem and I'd love to know how to fix it. Thanks I´m not 100% sure but it´s only on unRAID this issue exist tried on ubuntu, debian(omv) and centos with a volume on an nfs share. The issue was for me that i had a directory "/config/etc/socks" (that is symlinked inside the docker) and when openvpn starts it creates some files in the folder and when ever I used /mnt/user/ it couldent write to it (I could however create files manually on host and inside the docker). If I used /mnt/disk/ it would work, so I then noticed that while doing this if I exexuted a simple "ls -la" on the share /mnt/user/appdata/openvpn/socks and it would just output that the files dident exists and question marks on the user permissions. So i did the simple thing since the files in question here dident need permanent storage and I moved them to a /tmp folder inside the container. But the only thing I can think of that is causing this is that the /mnt/user share runs through samba? and has an issue with traversing symlinks. Hmm that makes sense. Quite a few of my dockers use symlinks inside the config folder. I'll test that with my dockers too. Thanks so much for the report Quote Link to comment
ikosa Posted October 9, 2015 Share Posted October 9, 2015 i cant access my apps (transmission,cocuhpotato,sickrage etc) webgui's when i am connected with openvpn. But i can connect them when i am connected with pptp or softether. can anyone help me with this? Quote Link to comment
ikosa Posted October 12, 2015 Share Posted October 12, 2015 i cant access my apps (transmission,cocuhpotato,sickrage etc) webgui's when i am connected with openvpn. But i can connect them when i am connected with pptp or softether. can anyone help me with this? I solve my issue by adding 172.17.0.0/24 to vpn settings/routing. Quote Link to comment
tr0910 Posted October 16, 2015 Share Posted October 16, 2015 What is the difference between the plugin OpenVPN and this Docker? I want to access my entire network remotely. My unRaid doesn't download torrents or newsgroups. Is one method better suited to this than the other? Presently I am using my DD-WRT router to create a VPN, but with Google Fiber, my router 1. Isn't fast enough 2. Isn't supported (Bridging the Google Fiber Network Box with your own router is for the network pros) So I am looking for a better way to VPN into my network without hacking the Google Fiber Network Box. Quote Link to comment
macester Posted October 17, 2015 Author Share Posted October 17, 2015 Well, I guess docker is better in the case of beeing more portable with the settings "configuration" could easily be moved. As for unRAID you will not "clutter" up the system with installing a docker and depencencies wont break things as other plugins. As for the differnece I cant say havent tried the plugin but guess its an install of "openvpn" the open source kind... This is the "enterprise" kind with two free license that comes with openvpns webui, the main thing I use it for is that it´s very easy to get working with different clients. Has an client webui, that works with android, ios(ipad works like a charm), and all sorts of clients... However only comes with two licences or rather two user can be connected at the same time, as for reaching your lan and recources i made i quick guide in the first post is a mather of 2-3 clicks.. //mace Quote Link to comment
macester Posted October 17, 2015 Author Share Posted October 17, 2015 Openvpn-AS 2015.10.17 - Openvpn-as, updated to version openvpn-as-2.0.21. Quote Link to comment
Johnson Posted October 17, 2015 Share Posted October 17, 2015 I have just installed this and its working great. The instructions were perfect for technical numpty like me! Many thanks Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.