jfrancais Posted July 3, 2018 Share Posted July 3, 2018 (edited) 16 hours ago, ken-ji said: There are at least two ways around this depending on your server hardware. (fully supported) Best solution: at least 2 network interfaces. Do not bond the interfaces. Do not assign an IP to the 2nd interface (eth1/br1) Delete the docker custom network on eth0/br0 Setup the docker custom network on eth1/br1 Move all containers there. Done - you've side stepped the security feature/limitation ov mcvlan networks Alternate solution: have VLAN support on your network Create a VLAN subinterface (eth0.1/br0.1) Do not assign an IP to the VLAN subinterface Create a docker custom network on it Move containers there Done - you've side stepped the security feature/limitation ov mcvlan networks Alternate solution (not sure if supported by the GUI) in the go file, add code to create a macvlan subinterface (mac0) remove unRAID IP from eth0/br0 assign unRAID IP to macvlan subinterface (reset network gateway) Done - unRAID should be able to use the macvlan subinterface to work as if nothing has changed. conainters on docker custom networks should be able to talk to unRAID via the macvlan subinterface which does no trigger the security feature limitation. The bolded looks interesting. my router's VLAN support isnt reliable and I don't have a second NIC in my server. This method looks like it would be a good alternative to usign a full VM for my OpenVPN server. Could you provide some specifics on this? Edited July 3, 2018 by jfrancais Quote Link to comment
ken-ji Posted July 3, 2018 Share Posted July 3, 2018 I haven't tested this setup my self since I'm mostly remoting my server and it is running headless, so its such a pain to hook up a monitor when I need it. but the docker application itself notes this workaround for host to container communication on a single NIC. @bonienl also suggested it at some point, but I don't know how it would interact with the GUI. Commands to issue from the actual console and not an ssh terminal (probably put this in the go file so that it works on reboot) assuming bridging is enabled and bonding is not, the the interface device is br0; unraid ip is 192.168.1.5; gateway is 192.168.1.254 ip address flush dev br0 ip link add link br0 mac0 type macvlan mode bridge ip addr addr add 192.168.1.5/24 dev mac0 ip route add default via 192.168.1.1 dev mac0 To the best of my knowledge nobody has tried this (or at least reported back if it works or not) Quote Link to comment
ken-ji Posted July 3, 2018 Share Posted July 3, 2018 8 hours ago, Lo Key said: @ken-ji it worked! Thank you so much! With everything moved over, I'm now able to get to any docker with an assigned static IP over OpenVPN. I had not managed anything with docker from the command line before this. So, in case anyone else was like me and wants to do this, here were the commands I used in the console for the steps "Delete the docker custom network on eth0/br0" and "Setup the docker custom network on eth1/br1" after I had broken the bond on the interfaces in network settings: docker network ls (this will list out what docker networks are available) NETWORK ID NAME DRIVER SCOPE c152fe231096 br0 macvlan local 2077b50fac9e bridge bridge local c73f55312022 host host local e219d9bf945e none null local docker network rm br0 (this will delete the br0 network used by docker when static ips are applied - be sure you're ready to do this) docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth1 docker (creates the new network and names it "docker". Name it what you want. Make sure the network settings match your own local network if you're keeping them all on the same subnet.) Then, go into Docker and move each container onto the new network. You should not have needed to do any of this on the command line anymore. All of it is GUI supported. Quote Link to comment
jfrancais Posted July 5, 2018 Share Posted July 5, 2018 On 7/3/2018 at 5:06 PM, ken-ji said: You should not have needed to do any of this on the command line anymore. All of it is GUI supported. On 7/3/2018 at 5:06 PM, ken-ji said: You should not have needed to do any of this on the command line anymore. All of it is GUI supported. Ok I added a second NIC. It is unplugged from lan. Has no ip. In unraid gui i disables bridging on eth0 and enabled on eth1. Docker containers can’t select br1 as an option. Network settings show link as down (because it is unplugged). What am I missing? Quote Link to comment
JonathanM Posted July 5, 2018 Share Posted July 5, 2018 29 minutes ago, jfrancais said: Network settings show link as down (because it is unplugged). What am I missing? Plug it in? Quote Link to comment
ken-ji Posted July 5, 2018 Share Posted July 5, 2018 39 minutes ago, jfrancais said: Ok I added a second NIC. It is unplugged from lan. Has no ip. In unraid gui i disables bridging on eth0 and enabled on eth1. Docker containers can’t select br1 as an option. Network settings show link as down (because it is unplugged). What am I missing? Besides plugging it in, you need to go to the docker settings, delete the docker network on eth0 and enable it on br1 (AFAIK bridging is not a factor and can be left on for VMs to use if needed). Quote Link to comment
jfrancais Posted July 5, 2018 Share Posted July 5, 2018 1 hour ago, ken-ji said: Besides plugging it in, you need to go to the docker settings, delete the docker network on eth0 and enable it on br1 (AFAIK bridging is not a factor and can be left on for VMs to use if needed). OK, I got my br1 up and running. I have moved my docker containers to br1 with static IPs. The Docker containers can talk to each other as well as the unraid host, containers that are on host/bridge network and the internet. Still having issues with the OpenVPN-AS config. When I leave the OpenVPN-AS docker container on host network and set my router to direct VPN ports to my unraid server IP, from the outside world I can connect to VPN server, access router, unraid server ip and internet but I cant talk to docker containers on br1. When I switch the OpenVPN-AS container to br1 and give it an IP and adjust the router to push ports to this new IP, I cant connect to it from the outside world. OpenVPN client sits at connecting. Quote Link to comment
jfrancais Posted July 5, 2018 Share Posted July 5, 2018 49 minutes ago, jfrancais said: OK, I got my br1 up and running. I have moved my docker containers to br1 with static IPs. The Docker containers can talk to each other as well as the unraid host, containers that are on host/bridge network and the internet. Still having issues with the OpenVPN-AS config. When I leave the OpenVPN-AS docker container on host network and set my router to direct VPN ports to my unraid server IP, from the outside world I can connect to VPN server, access router, unraid server ip and internet but I cant talk to docker containers on br1. When I switch the OpenVPN-AS container to br1 and give it an IP and adjust the router to push ports to this new IP, I cant connect to it from the outside world. OpenVPN client sits at connecting. Got a little further, when I set my OpenVPN-AS to TCP (disabled UDP) I can now connect to the OpenVPN-AS server from the outside world. I have the exact same issue as before. When I connect the OpenVPN-AS server docker container that is setup to use br1 and an assigned ip, VPN clients can talk to other docker containers on br1 but not unraid host, router or internet. Quote Link to comment
ken-ji Posted July 5, 2018 Share Posted July 5, 2018 that's really weird. Can you show your network settings? and the docker network settings? 2 hours ago, jfrancais said: OK, I got my br1 up and running. I have moved my docker containers to br1 with static IPs. The Docker containers can talk to each other as well as the unraid host, containers that are on host/bridge network and the internet. Still having issues with the OpenVPN-AS config. When I leave the OpenVPN-AS docker container on host network and set my router to direct VPN ports to my unraid server IP, from the outside world I can connect to VPN server, access router, unraid server ip and internet but I cant talk to docker containers on br1. When I switch the OpenVPN-AS container to br1 and give it an IP and adjust the router to push ports to this new IP, I cant connect to it from the outside world. OpenVPN client sits at connecting. 1 hour ago, jfrancais said: Got a little further, when I set my OpenVPN-AS to TCP (disabled UDP) I can now connect to the OpenVPN-AS server from the outside world. I have the exact same issue as before. When I connect the OpenVPN-AS server docker container that is setup to use br1 and an assigned ip, VPN clients can talk to other docker containers on br1 but not unraid host, router or internet. There should be no difference between the OpenVPN-AS container vs other containers. are VPN clients assigned to a different subnet? please include that too... Quote Link to comment
Lo Key Posted July 5, 2018 Share Posted July 5, 2018 On 7/3/2018 at 7:06 PM, ken-ji said: You should not have needed to do any of this on the command line anymore. All of it is GUI supported. Yeah, you were right. I didn't think of clicking the Advanced settings to see everything I needed so I just assumed since it was a special setup I had to do via command line. BTW, don't anyone do what I did as it will be gone after the next start/stop of docker anyway I've now set it up properly via the GUI and it's working fine. Quote Link to comment
stlrox Posted July 11, 2018 Share Posted July 11, 2018 I recently installed this Docker container. I followed SpaceInvaderOne video and completed all the steps. I don't have a static IP address. So I used duckdns (installed Docker container) and added that server name under "Hostname or IP Address:" at "Server Network Settings" page (via openvpn-as Docker UI) I can connect to the server when I am on home wifi but I couldn't connect when I turn off WiFi on my phone and using same credentials. When I try on my phone (with WifI Off), I get OpenVPN connection timeout error. "There was an error attempting to connect to the selected server" I would like to know how to troubleshoot this issue? TIA Quote Link to comment
aptalca Posted July 11, 2018 Share Posted July 11, 2018 2 hours ago, stlrox said: I recently installed this Docker container. I followed SpaceInvaderOne video and completed all the steps. I don't have a static IP address. So I used duckdns (installed Docker container) and added that server name under "Hostname or IP Address:" at "Server Network Settings" page (via openvpn-as Docker UI) I can connect to the server when I am on home wifi but I couldn't connect when I turn off WiFi on my phone and using same credentials. When I try on my phone (with WifI Off), I get OpenVPN connection timeout error. "There was an error attempting to connect to the selected server" I would like to know how to troubleshoot this issue? TIA Most likely it's port forwarding related Quote Link to comment
stlrox Posted July 11, 2018 Share Posted July 11, 2018 I verified port forwarding set up at my router (UVerse) and that was set correctly. Here is the container log snippet. 08:31:09.505 -- ----- OpenVPN Start -----08:31:09.506 -- EVENT: CORE_THREAD_ACTIVE08:31:09.514 -- Frame=512/2048/512 mssfix-ctrl=125008:31:09.515 -- UNUSED OPTIONS4 [nobind] 12 [sndbuf] [100000] 13 [rcvbuf] [100000] 16 [verb] [3] 25 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 26 [CLI_PREF_BASIC_CLIENT] [False] 27 [CLI_PREF_ENABLE_CONNECT] [True] 28 [CLI_PREF_ENABLE_XD_PROXY] [True] 29 [WSHOST] [name.duckdns .org :943] 30 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- xxxxxxx...] 31 [IS_OPENVPN_WEB_CA] [1] 32 [ORGANIZATION] [OpenVPN, Inc.]08:31:09.516 -- EVENT: RESOLVE08:31:09.811 -- Contacting PUBLIC IP:1194 via UDP08:31:09.812 -- EVENT: WAIT08:31:09.821 -- Connecting to [name.duckdns .org ]:1194 (PUBLIC IP) via UDPv408:31:19.500 -- Server poll timeout, trying next remote entry...08:31:19.529 -- EVENT: RECONNECTING08:31:19.532 -- EVENT: RESOLVE08:31:19.533 -- Contacting PUBLIC IP:1194 via UDP08:31:19.534 -- EVENT: WAIT08:31:19.541 -- Connecting to [name.duckdns.org ]:1194 (PUBLIC IP) via UDPv408:31:29.498 -- Server poll timeout, trying next remote entry...08:31:29.519 -- EVENT: RECONNECTING08:31:29.526 -- EVENT: RESOLVE08:31:29.534 -- Contacting PUBLIC IP:1194 via UDP08:31:29.535 -- EVENT: WAIT08:31:29.546 -- Connecting to [ name.duckdns .org ]:1194 (PUBLIC IP) via UDPv408:31:39.503 -- Server poll timeout, trying next remote entry...08:31:39.518 -- EVENT: RECONNECTING08:31:39.522 -- EVENT: RESOLVE08:31:39.552 -- Contacting PUBLIC IP:1194 via UDP08:31:39.552 -- EVENT: WAIT08:31:39.578 -- Connecting to [name.duckdns .org ]:1194 (PUBLIC IP) via UDPv408:31:49.507 -- Server poll timeout, trying next remote entry...08:31:49.537 -- EVENT: RECONNECTING08:31:49.542 -- EVENT: RESOLVE08:31:49.559 -- Contacting PUBLIC IP:1194 via UDP08:31:49.560 -- EVENT: WAIT08:31:49.597 -- Connecting to [name.duckdns .org ]:1194 (PUBLIC IP) via UDPv408:31:59.512 -- Server poll timeout, trying next remote entry...08:31:59.539 -- EVENT: RECONNECTING08:31:59.545 -- EVENT: RESOLVE08:31:59.550 -- Contacting PUBLIC IP : 1194 via UDP08:31:59.550 -- EVENT: WAIT08:31:59.582 -- Connecting to [name.duckdns .org ]:1194 (PUBLIC IP) via UDPv408:32:09.511 -- EVENT: CONNECTION_TIMEOUT08:32:09.514 -- EVENT: DISCONNECTED08:32:09.524 -- EVENT: CORE_THREAD_INACTIVE08:32:09.525 -- Tunnel bytes per CPU second: 008:32:09.525 -- ----- OpenVPN Stop ----- Quote Link to comment
aptalca Posted July 11, 2018 Share Posted July 11, 2018 Make sure you're forwarding udp and not tcp And also make sure you're forwarding 1194 to 1194 Quote Link to comment
etsi Posted July 20, 2018 Share Posted July 20, 2018 After latest update openvpn server no longer works. I tried to delete it and clean the image files but still I can't connect to web admin it doesn't connect at all. Quote Link to comment
Pjrezai Posted August 3, 2018 Share Posted August 3, 2018 (edited) Hey guys! I followed Spaceinvader One's video and both Tunnelblick on Mac and the OpenVPN client software say that I am connected! I even checked my IP in safari and it is the remote static IP I am trying to get to (which my unraid server is on). However, I can't do anything else. I don't know how to connect to the server via MacOS Finder or any other way (plus I thought it would just show up as shared in the left column). I am kinda stuck. I tried to skim through some of the thread to see if anyone else has had this problem but it is so long! Also I am just a learning amateur so maybe I am missing something. PS my ultimate goal I am trying to access my array and all the shared folders in MacOS finder remotely (I live elsewhere from my unraid server) - for easier access THANKS FOR ALL YOUR HELP IN ADVANCE!~!!!! Edited August 3, 2018 by Pjrezai Quote Link to comment
abuzzbuzz Posted August 28, 2018 Share Posted August 28, 2018 Sorry for the stupid question. I have searched for a bit. I can't find anywhere what the Username and Password is to login... I'm ignorant. Thanks so much. Quote Link to comment
Hoopster Posted August 28, 2018 Share Posted August 28, 2018 (edited) 3 hours ago, abuzzbuzz said: Sorry for the stupid question. I have searched for a bit. I can't find anywhere what the Username and Password is to login... I'm ignorant. Thanks so much. In general, for dockers, you will find the information about setting up, logging in, configuring the application, etc. in the Docker Hub or Github links published in the first post of the support forum for that docker application. From the Docker Hub link in the first post of this forum or the readme in the Github (also linked in first post) link: Setting up the application The admin interface is available at https://<ip>:943/admin with a default user/password of admin/password During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation). The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons: Set another user as an admin, Delete the "admin" user in the gui, Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin (this only has to be done once and will survive container recreation) Edited August 28, 2018 by Hoopster Quote Link to comment
stlrox Posted August 29, 2018 Share Posted August 29, 2018 (edited) I still couldn't connect using OpenVPN app from my phone using 'data' connection. I followed instructions from SpaceInvaderOne video. Docker container settings: network type: host interface : bond0 host port : 1194 Router: forwarded port 1194 (UDP) OpenVPN Admin WebUI settings: created new user user authentification: local server network settings hostname : myhost.duckdns.org server network settings protocol : UDP server network settings port number : 1194 I have three sub-domains for my duckdns.org account. Each one has a different IP address. Only one has correct IP from my ISP provider and the other two were created when I used 'binhex-delugevpn' PIA (Privoxy) as proxy. Which one should I use under 'Server Network Settings' in OpenVPN WebUI? Edited August 29, 2018 by stlrox Formatting Quote Link to comment
Hoopster Posted August 29, 2018 Share Posted August 29, 2018 (edited) 2 hours ago, stlrox said: I still couldn't connect using OpenVPN app from my phone using 'data' connection. Just to verify, you did install the appropriate .ovpn file from your OpenVPN server onto your phone, correct? 2 hours ago, stlrox said: Which one should I use under 'Server Network Settings' in OpenVPN WebUI? The one which is associated with your router's public IP address in duckdns Edited August 29, 2018 by Hoopster Quote Link to comment
abuzzbuzz Posted August 30, 2018 Share Posted August 30, 2018 On 8/28/2018 at 9:33 AM, Hoopster said: In general, for dockers, you will find the information about setting up, logging in, configuring the application, etc. in the Docker Hub or Github links published in the first post of the support forum for that docker application. From the Docker Hub link in the first post of this forum or the readme in the Github (also linked in first post) link: Setting up the application The admin interface is available at https://<ip>:943/admin with a default user/password of admin/password During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation). The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons: Set another user as an admin, Delete the "admin" user in the gui, Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin (this only has to be done once and will survive container recreation) Thank you for this. I was able to login. I'm sorry I missed that somehow. I got a deal recently on NordVPN. I just need to figure out how to set that up. Thanks again, B Quote Link to comment
trurl Posted August 30, 2018 Share Posted August 30, 2018 On 8/28/2018 at 10:33 AM, Hoopster said: In general, for dockers, you will find the information about setting up, logging in, configuring the application, etc. in the Docker Hub or Github links published in the first post of the support forum for that docker application. And in general, you can always go directly to the support thread for any docker by clicking on the docker's icon and selecting Support, or by clicking the Support Page link in its listing in Community Applications. Quote Link to comment
stlrox Posted August 30, 2018 Share Posted August 30, 2018 17 hours ago, Hoopster said: Just to verify, you did install the appropriate .ovpn file from your OpenVPN server onto your phone, correct? Yes. I downloaded the profile from OpenVPN-AS WebUI and imported that to OpenVPN app. Here is snippet from the log file: 15:29:37.586 -- Connecting to [myhost.duckdns.org]:1194 (MYPUBLIC IP) via UDPv4 15:29:47.438 -- EVENT: CONNECTION_TIMEOUT 15:29:47.449 -- EVENT: DISCONNECTED 15:29:47.470 -- EVENT: CORE_THREAD_INACTIVE 15:29:47.472 -- Tunnel bytes per CPU second: 0 15:29:47.472 -- ----- OpenVPN Stop ----- But if I try same VPN profile when I am on my home Wifi network then everything works fine. Looks like the router is blocking traffic on port 1194. I don't know how to troubleshoot that. Dummy question. Assume I fix this router issue and everything works correctly. And if connect to openvpn access server using OpenVPN app (via data plan) then can I connect to any device which is on my home network? Quote Link to comment
Chrysen Posted August 30, 2018 Share Posted August 30, 2018 Hi, 🤗 One question is it possible to route all traffic through this vpn tunnel and then to another vpn tunnel. Now WAN --> AVM Fritzbox Router --> Asus Merlin Wrt Router --> Unraid Server port forwarding works to unraid openvpn server docker. But how can i route this traffic to another vpn tunnel like perfect-privacy. ( and maybe other docker container like privoxy before) I will connect to my home and perfect-privay at same time like this WAN --> AVM Fritzbox Router --> Asus Merlin Wrt Router --> Unraid Server --> openvpn server --> privoxy docker --> openvpn client. Vpn connection to Fritzbox, Asus wrt Router, openvpn docker or perfect-privacy will work, but not at same time. (Openvpn server docker and vpn client.🤔 Thanks Chrysen Quote Link to comment
aptalca Posted August 31, 2018 Share Posted August 31, 2018 3 hours ago, Chrysen said: Hi, 🤗 One question is it possible to route all traffic through this vpn tunnel and then to another vpn tunnel. Now WAN --> AVM Fritzbox Router --> Asus Merlin Wrt Router --> Unraid Server port forwarding works to unraid openvpn server docker. But how can i route this traffic to another vpn tunnel like perfect-privacy. ( and maybe other docker container like privoxy before) I will connect to my home and perfect-privay at same time like this WAN --> AVM Fritzbox Router --> Asus Merlin Wrt Router --> Unraid Server --> openvpn server --> privoxy docker --> openvpn client. Vpn connection to Fritzbox, Asus wrt Router, openvpn docker or perfect-privacy will work, but not at same time. (Openvpn server docker and vpn client.🤔 Thanks Chrysen Yes, you can do that. Make sure that your unraid host is connected through a vpn client and your openvpnas container is in host mode. I do it in a similar fashion. My pfsense router is running an openvpn client that connects to PIA. Unraid uses that for all outbound connections. I also have openvpn-as container running on unraid. So when I vpn into home remotely, not only I can access all the local computers on the home lan, but my internet connection also goes through PIA thanks to the client on pfsense. I'm double vpn'ed and it works beautifully Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.