[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

On 11/14/2018 at 1:32 PM, aptalca said:

If a docker container has its own ip, the connection between that and the host will be blocked. That's a security feature of macvlan

If you install OpenVPN-as as Host without its own IP can you still connect to other dockers with their own IP? I have most of my dockers with their own IP for ease. 

Link to comment
29 minutes ago, witalit said:

I can't seem to connect to the OpenVPN web portal I get connection refused. I don't have any bonded interfaces just using eth0 in the VARIABLE field of docker config.. any ideas? imageproxy.php?img=&key=00b562fcac28e727

 

 

Openvpn-config.pngI think you need to specify an interface on network type, even if it's obvious your going to be using unraid's ip.

 

Link to comment

Sometimes the openvpn-as docker is fragile on upgrading. I upgraded to the most recent docker this morning and the OPENVPN server stopped working. From the openvpn.log it looks like it is missing a config item 'config_db_local':

2019-03-15 05:05:19-0400 [-] Server Shut Down.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] twist
d 17.9.0 (/config/bin/python 2.7.11) starting up.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] react
or class: twisted.internet.epollreactor.EPollReactor.
2019-03-15T05:05:41-0400 [stdout#info] *** Insecure settings found. Permissions 
for /config/etc/as.conf were set to 0666. Resetting Permissions to 0600 ***
2019-03-15T05:05:42-0400 [-] Unhandled Error
        Traceback (most recent call last):
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 396, in startReactor
            self.config, oldstdout, oldstderr, self.profiler, reactor)
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 311, in runReactorWithLogging
            reactor.run()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run
            self.mainLoop()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop
            self.runUntilCurrent()
        --- <exception caught here> ---
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 878, in runUntilCurrent
            call.func(*call.args, **call.kw)
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 203, in server_agent_init
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 58, in get_active_config_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/confdb.py", line 811, in get_active_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/dbwrap.py", line 87, in db
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 56, in <lambda>
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 260, in get_req
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 303, in get_type
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 478, in log
            
        pyovpn.util.error.SimpleError: "ConfigDict: required config-key 'config_db_local' is not defined": util/cdict:285,util/cdict:257,util/cdict:521,util/cdict:550 (exceptions.KeyError)

Anyone have an idea of what it should be and in what config file?

Link to comment
4 hours ago, witalit said:

If you install OpenVPN-as as Host without its own IP can you still connect to other dockers with their own IP? I have most of my dockers with their own IP for ease. 

There are 3 types, host, bridge, and macvlan. Macvlan is the only one with that restriction.

Link to comment
22 minutes ago, shaunsund said:

Sometimes the openvpn-as docker is fragile on upgrading. I upgraded to the most recent docker this morning and the OPENVPN server stopped working. From the openvpn.log it looks like it is missing a config item 'config_db_local':


2019-03-15 05:05:19-0400 [-] Server Shut Down.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] twist
d 17.9.0 (/config/bin/python 2.7.11) starting up.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] react
or class: twisted.internet.epollreactor.EPollReactor.
2019-03-15T05:05:41-0400 [stdout#info] *** Insecure settings found. Permissions 
for /config/etc/as.conf were set to 0666. Resetting Permissions to 0600 ***
2019-03-15T05:05:42-0400 [-] Unhandled Error
        Traceback (most recent call last):
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 396, in startReactor
            self.config, oldstdout, oldstderr, self.profiler, reactor)
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 311, in runReactorWithLogging
            reactor.run()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run
            self.mainLoop()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop
            self.runUntilCurrent()
        --- <exception caught here> ---
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 878, in runUntilCurrent
            call.func(*call.args, **call.kw)
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 203, in server_agent_init
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 58, in get_active_config_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/confdb.py", line 811, in get_active_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/dbwrap.py", line 87, in db
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 56, in <lambda>
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 260, in get_req
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 303, in get_type
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 478, in log
            
        pyovpn.util.error.SimpleError: "ConfigDict: required config-key 'config_db_local' is not defined": util/cdict:285,util/cdict:257,util/cdict:521,util/cdict:550 (exceptions.KeyError)

Anyone have an idea of what it should be and in what config file?

Openvpn-as devops is a bit of a mess, really.

 

They like to make significant (breaking) changes to their db and data through their package updates, but not during service start.

 

With this docker image, we don't do in place package updates, we replace the package along with the docker image. So the changes within their package updater need to be made manually. That happened about a year ago as well.

 

Essentially, you're seeing a version mismatch between the app and its data and unfortunately it's not something we can easily prevent in the future

Link to comment

Dear All.

firstly sorry for my english. I've succed create the VPN server on my unraid, and it's run perfectly, but i want to connect from my other Home network to unraid. because i use the Camera IP with USB 4g, connect directly to Buffalo router- running DD-WRT,

1. Can i connect from buffalo router to unraid server?

2. how can i setup using file client.opvn?

3. if not. are there anyway to do that. ?

i search for two day to do that. i use the client files. download from my unraid. and use the info do fill in the openVPN client on router. but can not connect.

please help me.

thanks you all.

Link to comment
4 hours ago, aptalca said:

There are 3 types, host, bridge, and macvlan. Macvlan is the only one with that restriction.

What about if I run OpenVPN on Host and the other dockers on macvlan can I connect to them? I setup OpenVPN earlier and was only able to connect to unRAID Gui but not other docker IP's.

Link to comment
6 hours ago, aptalca said:

Openvpn-as devops is a bit of a mess, really.

 

They like to make significant (breaking) changes to their db and data through their package updates, but not during service start.

 

With this docker image, we don't do in place package updates, we replace the package along with the docker image. So the changes within their package updater need to be made manually. That happened about a year ago as well.

 

Essentially, you're seeing a version mismatch between the app and its data and unfortunately it's not something we can easily prevent in the future

Spent about an hour digging through their scripts and their post install of their package to see what could be missing. Wasted time. Openvpn pulled the 2.7.2 release. We pushed an update to set latest back to 2.6.1. If you updated to 2.7.2 today, update again to go back to 2.6.1 and things should go back to normal.

  • Like 1
  • Upvote 1
Link to comment
2 hours ago, witalit said:

What about if I run OpenVPN on Host and the other dockers on macvlan can I connect to them? I setup OpenVPN earlier and was only able to connect to unRAID Gui but not other docker IP's.

No. Nothing on the host ip can connect to macvlan.

 

One user here tried putting openvpn on macvlan as well, in order to be able to connect to other containers on macvlan but he had other issues I believe. Don't recall the details, it was beyond my networking knowledge.

Link to comment
3 hours ago, xman111 said:

hey guys is there any way to use this instead of pfsense on one side so i can do a site to site openvpn?  i want to be able to connect two houses and see shares on both sides of the tunnel.

You need a client on one side and a server on the other.  This is a server and you can configure pfsense as a client.

Link to comment

with 2 pfsense boxes, you can to server/client or peer to peer.  I am looking to do peer to peer.  That way everything on my network is available to everything on the other network.  Right now i can access the server admin page and the shares but none of the other computers on the other side of the tunnel.  Also, when i am connected to the tunnel, i can no longer see my own unraid on my side of the tunnel.  I think i am just going to buy another pfsense router and do it that way.

Link to comment
with 2 pfsense boxes, you can to server/client or peer to peer.  I am looking to do peer to peer.  That way everything on my network is available to everything on the other network.  Right now i can access the server admin page and the shares but none of the other computers on the other side of the tunnel.  Also, when i am connected to the tunnel, i can no longer see my own unraid on my side of the tunnel.  I think i am just going to buy another pfsense router and do it that way.
Makes more sense, I use my pfsense box for OpenVPN as then I can restart my server via IPMI without too much trouble.

Sent from my Mi A1 using Tapatalk

Link to comment

Just started having issues with openvpn-as. I noticed first that I was unable to connect and when I returned home, the web ui was not comming up. I have had issues in the past after an update so I deleted the container and the appdata config folder, then recreated the container. This did not help. As you will see in the logs. The container starts but the web ui fails to come up.

 

Logs: https://pastebin.com/6tFC05r5

Config:

image.thumb.png.d9e533fa5ba9d811433f82ed7838201e.png

 

Any ideas on what the issue is?

Link to comment
6 hours ago, cheesemarathon said:

Just started having issues with openvpn-as. I noticed first that I was unable to connect and when I returned home, the web ui was not comming up. I have had issues in the past after an update so I deleted the container and the appdata config folder, then recreated the container. This did not help. As you will see in the logs. The container starts but the web ui fails to come up.

 

Logs: https://pastebin.com/6tFC05r5

Config:

image.thumb.png.d9e533fa5ba9d811433f82ed7838201e.png

 

Any ideas on what the issue is?

Is it using host networking or bridge?

 

Nothing wrong in the docker log

Link to comment

Sorry this Post will not be a lot of help @cheesemarathon but I expierienced also problems after the last update and wanted to notify persons here over my expierience.

I noticed it just today because the WebGUI didn't came up but i didn't change anything on the Container for weeks.
I got a "Connection Refused" on the GUI and I got curious. After that i had done a "netstat -tulpn" on the unraid server itself and nothing showed up. Bot no Errors in the Docker log.


But a deletion from GUI (with active "also remove image"), a "rm -rf openvpn-as" from the Appdata over the console and reinstall of the Template from the WebGUI worked. I just had no internal config of the Container anymore.

@aptalca
On my Side it works with the Setup "eth0" on INTERFACE and also HOST Networking as Containerconfig

Edit:
But this didn't happend with my 2nd Server where the exact same configuration is running... Strange...

Edited by Stroker
Info 2nd Server
Link to comment

I'm not sure I'm asking this in the right place so apologies if it belongs elsewhere..

 

I have opnevpn docker setup and working perfectly, I have the open vpn client on my android phone setup and conecting as it should. What I would like to do if possible is have the openvpn server connect to either my privoxy or to my private internet access socks5 proxy. I'm trying to achieve the situation where I can connect the android openvpn client to my home server, browse and use the local network as it works at present, but also then forward any other web pages/searches to the provoxy or private internet access. This is to avoid having to disconnect and reconect my openvpn connection.

 

I don't know how to go about this, or if it is even possible. Any advice is much appreciated

Link to comment

so i got the server setup  and i downloaded the locked user client.ovpn file

 

and i copied to my 2nd unraid box

and using  Peter_MS OpenVPN Client for Unraid

when for now i need to type in user name and password...   and it cannot connect to dns name says it cant be found

yet on host side i have pfsense port forward udp port   as i wanna do  unraid to unraid for rsync transfer

 

i get the cant resolve host namebut it should be able too   system error i get 

 

Fri Mar 22 10:36:06 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Fri Mar 22 10:36:06 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 22 10:36:06 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 22 10:36:06 2019 RESOLVE: Cannot resolve host address: <dnsaddress>:1200 (System error)
Fri Mar 22 10:36:06 2019 RESOLVE: Cannot resolve host address: <dnsaddress>:1200 (System error)
Fri Mar 22 10:36:06 2019 Could not determine IPv4/IPv6 protocol
Fri Mar 22 10:36:06 2019 SIGUSR1[soft,init_instance] received, process restarting
Fri Mar 22 10:36:06 2019 Restart pause, 10 second(s)

 

Edited by comet424
Link to comment

ok i found 2 bugs in this software

when you first install OpenServer AS

and you get the intitial settings   it has 1194  port i set it to 1200

and then when i logged into the server admin  it still kept the port  1194...so i re changed it to 1200 udp

 

but i just noticed the docker still points 1194 not 1200... so i guess there is a bug its not saving 

 

as you can see 2 out of 3  images show Port 1200  yet docker keeps it at 1194  no matter what you do

reboots  stop start does nothing..  its like Webgui..  the Docker  and the Docker Setting Of Openvpn -as  save 3 different locations for the Port  and not loading the same location

 

unraid1.JPG

unraid2.JPG

Edited by comet424
Link to comment
15 minutes ago, comet424 said:

i edited config.json  and changed 1194 to 1200   but didnt help

in next 2 photos...

i first did a reboot...  then did a FORCE UPDATE  then a screen shot after it

and no change still forced 1194 not 1200 like its supposed to be

 

unraid3.JPG

unraid4.JPG

 

your screen shots shows that UDP port 1200 is opened on your unraid box,

However the configuration in the openvpn application is a different thing.

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.