[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

I'm having an issue connecting when I'm outside of my network.  I can connect successfully when I'm at home though.  When I put my iPhone on to the cell network I'm not able to connect.

 

I have set the Docker Config with Network Type to Bridge, forwarded ports 943, 9443 (TCP) and 1194 (UDP) and removed the INTERFACE variable.

 

This was working fine in the past, so I'm not too sure why this isn't working anymore.  I checked the OpenVPN.log file and I can see that a connection is trying to be established, but is failing for some reason.

Quote

2019-03-02 14:20:49-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:49 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:49-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:49 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:50-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:50 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:50-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:50 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:51-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:51 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:51-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:51 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:52-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:52 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:52-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:52 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:53-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:53 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:53-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:53 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:54-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:54 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:54-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:54 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:55-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:55 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:55-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:55 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

2019-03-02 14:20:56-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:56 2019 xx.xx.xx.xx:61030 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1551554509) Sat Mar  2 14:21:49 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings'

2019-03-02 14:20:56-0500 [-] OVPN 0 OUT: 'Sat Mar  2 14:20:56 2019 xx.xx.xx.xx:61030 TLS Error: incoming packet authentication failed from [AF_INET]xx.xx.xx.xx:61030'

 

Looking at the log from the OpenVPN app on my iPhone, it looks like it's trying to connect via UDPv6 when external instead of UDPv4 when connecting internal and I'm not sure if that's what the issue is.

 

Link to comment

Hi All, 

 

I've been getting the following error:

 

service failed to start due to unresolved dependencies: set(['user'])

service failed to start due to unresolved dependencies: set(['iptables_openvpn'])

Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 151', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/mycprof:11,<string>:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/epollreactor:194,python/log:85,python/log:70,python/context:59,python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44

service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])

service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn']). 

 

This occurs every time I try to start the server, however, the container starts without a hitch.

 

I've tried to restore the container, delete the config files, install a different version, ect. Not sure what to do at this point.

I'm also new to OPENVPN and linux so please be specific if you have any suggestions.

 

Thanks!

Link to comment
10 hours ago, [email protected] said:

Hi All, 

 

I've been getting the following error:

 

service failed to start due to unresolved dependencies: set(['user'])

service failed to start due to unresolved dependencies: set(['iptables_openvpn'])

Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 151', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/mycprof:11,<string>:1,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/epollreactor:194,python/log:85,python/log:70,python/context:59,python/context:37,internet/epollreactor:223,internet/posixbase:191,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,sagent/ipts:122,sagent/ipts:49,util/error:61,util/error:44

service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])

service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn']). 

 

This occurs every time I try to start the server, however, the container starts without a hitch.

 

I've tried to restore the container, delete the config files, install a different version, ect. Not sure what to do at this point.

I'm also new to OPENVPN and linux so please be specific if you have any suggestions.

 

Thanks!

Same problem here, been working fine for months, I have the same issue.

Link to comment
On 2/2/2019 at 1:20 PM, aptalca said:

For anyone who's having issues with openvpn on unraid 6.7 rc, switch it to run in bridge networking, remove the INTERFACE variable setting or set it to eth0 (default) and map the ports 943 and 9443 for tcp and 1194 for udp

I should have clicked back a few pages. Working fine now. Thank you 

Link to comment

Hi! 

 

I am trying to get the openVPN docker to work, I have followed the guide that Spaceinvader One have made. 

I am using the openvpn app on mye iPhone. I used the client.ovpn file for setup.  The app says that i am connected and i can also se my phone listed under devices in the webUI. But I can not reach the internet or my server. 

I have port-forwarded the port to the IP address of the VPN server.

 

What can be the problem? 

Screenshot 1.png

Network setup.png

Screenshot 3.png

Link to comment
2 hours ago, Martinoaa said:

Hi! 

 

I am trying to get the openVPN docker to work, I have followed the guide that Spaceinvader One have made. 

I am using the openvpn app on mye iPhone. I used the client.ovpn file for setup.  The app says that i am connected and i can also se my phone listed under devices in the webUI. But I can not reach the internet or my server. 

I have port-forwarded the port to the IP address of the VPN server.

 

What can be the problem? 

Screenshot 1.png

Network setup.png

Screenshot 3.png

Think in your docker config you need to change the INTERFACE to br0 to match network type, also in openvpn gui, check what interface is showing there...It's one of those things that is wrong.

Link to comment
19 hours ago, ppunraid said:

Think in your docker config you need to change the INTERFACE to br0 to match network type, also in openvpn gui, check what interface is showing there...It's one of those things that is wrong.

I tried to change it to br0 in the docker settings. But then i cannot open the webGI and my phone cant connect. System Information says that i use eth0 network. Does this have anything to say?

 

Screenshot 4.png

Link to comment
On 3/6/2019 at 12:35 AM, Lebowski said:

I should have clicked back a few pages. Working fine now. Thank you 

This gave me issues not being able to reach other devices on my LAN when on the VPN since the container is in bridge. Is this the case? 

Edited by cagemaster
Link to comment
2 hours ago, cagemaster said:

This gave me issues not being able to reach other devices on my LAN when on the VPN since the container is in bridge. Is this the case? 

No issues from my side, I can access as if I am local. However in saying that wifi apps like my AC and Sonos wont work.

Link to comment
On 3/6/2019 at 8:50 PM, thrroow said:

Installed this docker successfully and went to the login page, tried to login with admin/password and it says "Login failed".  Not sure if somehow the user/pass are wrong, or something else?  Any ideas?

I have the same issue. Does anyone have any thoughts on how to correct this error? I have reinstalled the docker numerous times and the same error message every time.

Link to comment
On 3/7/2019 at 7:55 AM, Martinoaa said:

I tried to change it to br0 in the docker settings. But then i cannot open the webGI and my phone cant connect. System Information says that i use eth0 network. Does this have anything to say?

 

Screenshot 4.png

@Martinoaa, sorry I didn't see this until now. Reading your original post again, got me thinking...In the docker global settings (unraid menu > settings > system settings > docker) do you have a gateway address set here? You may have to turn on advanced settings to see that. After that I would try doing a tcpdump in from the unraid CLI (sudo tcpdump host 192.168.1.12) and do a ping from the vpn client to try and reach the gateway, internet, unraid.

 

Also in the openvpn docker console, do an ifconfig. For some reason, in my current vpn implementation, even though i specified a different physical interface in the docker config, I still had to specify eth0 in the INTERFACE configuration portion for it to work. 

 

I was going to try and look at an old appdata backup, but not clear on where to get that information...but hope that will get you started.

Link to comment

how you get this server to work..

OpenVPN-AS  never works gui mode 99 Percent of the time Page Cant Be found...

as I wanna do site to site OpenVPN  connect rysnc  OpenVPN Disconnec

 

I have tried the PeterPM OpenVPN Cient Server  never works

I tried using Unraid Client to connect to Pfsense OpenVPN Server  and it locks out Unraid totally

so I could use help

Link to comment
7 hours ago, comet424 said:

is it a 6.6.7 unraid version that the OpenVPn-AS  wont work..  and is the MACE version the same as the Linux version as they both OpenVPN-AS    

 

so im unable to use this at all... 

Define not working. Post your config. It works fine here. Read the last few pages here for more info.

Link to comment

@aptalca  got it up  i tried a fix you said  a couple ages ago  set it to bridge and delete the interface variable..  now was able to access openvpn -as

 

does the as mean server?  and whats the difference between this one and maces  

so i got looged in had to google the user name and password...  it has connect app..  but nothing for unraid...

as i want to openvpn  unraid to unraid  in script so i can  rysnc then disconnect...

 

and the openvpn-as here  can i use  PeterMs  OpenVPN Client to connect to OpenVPN-AS  as i didnt see client for Unraid..

 

and is there a way as PeterMs OpenVPN Client  locks out Unraid when connecting to PFSENSE...  as i wouldnt mind just connecting to the remote PFSENSE router  OpenVPN  instead but i dont want Unraid being locked out...

so i can run rsync

Link to comment
7 hours ago, comet424 said:

@aptalca  got it up  i tried a fix you said  a couple ages ago  set it to bridge and delete the interface variable..  now was able to access openvpn -as

 

does the as mean server?  and whats the difference between this one and maces  

so i got looged in had to google the user name and password...  it has connect app..  but nothing for unraid...

as i want to openvpn  unraid to unraid  in script so i can  rysnc then disconnect...

 

and the openvpn-as here  can i use  PeterMs  OpenVPN Client to connect to OpenVPN-AS  as i didnt see client for Unraid..

 

and is there a way as PeterMs OpenVPN Client  locks out Unraid when connecting to PFSENSE...  as i wouldnt mind just connecting to the remote PFSENSE router  OpenVPN  instead but i dont want Unraid being locked out...

so i can run rsync

"as" stands for "access server", and is the gui version by openvpn. You need an openvpn client to connect to an access server. Linuxserver.io doesn't provide a client image. No idea about the other docker images

Link to comment

oh i have no idea about anything...  i did try copying my .ovpn file to unraid  and ran command line  openvpn --config file.ovpn  it tries to connect to pfsense but gets error   is the openvpn command line i was using from openvpn-as..  or is it built in..

 

and does that mean  openvpn-as isnt what i need

 

what i want is 

script file

connect openvpn either A Unraid (Remote Site) or B  Pfsense Router (Remote Site)

run rysnc from host to Remote Site Unraid  all new Data

disconnect OpenVPN from either A or B   when rysnc is complete..

 

now my question is that what OpenVPN-As can do  or am i in the wrong forum and  i need somethong else

as i truly not sure.. so i figure i ask before i get in trouble being in wrong area 

Link to comment
49 minutes ago, comet424 said:

oh i have no idea about anything...  i did try copying my .ovpn file to unraid  and ran command line  openvpn --config file.ovpn  it tries to connect to pfsense but gets error   is the openvpn command line i was using from openvpn-as..  or is it built in..

 

and does that mean  openvpn-as isnt what i need

 

what i want is 

script file

connect openvpn either A Unraid (Remote Site) or B  Pfsense Router (Remote Site)

run rysnc from host to Remote Site Unraid  all new Data

disconnect OpenVPN from either A or B   when rysnc is complete..

 

now my question is that what OpenVPN-As can do  or am i in the wrong forum and  i need somethong else

as i truly not sure.. so i figure i ask before i get in trouble being in wrong area 

openvpn-as is just a server waiting for people to connect to it. For what you want to do, you'll need a client app. I think there are other opvenvpn versions out there for unraid that may do what you want, or you could do the opposite, have pfsense connect to unrai. From my limited knowledge of pfsense, it's pretty robust, so there shouldn't be an issue doing it that way. Infact, I may be deploying those to my inlaws place

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.