Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN-AS

1056 posts in this topic Last Reply

Recommended Posts

10 hours ago, aptalca said:

I personally think it's a bad idea to expose the openvpn-as gui. If someone brute forces it, they can create their own vpn user and get on to your lan

Hmm, that's what I was afraid of.  I think if I ever do expose it, I'll setup fail2ban at the same time to prevent that. Thx.

Share this post


Link to post
7 hours ago, Coolsaber57 said:

Hmm, that's what I was afraid of.  I think if I ever do expose it, I'll setup fail2ban at the same time to prevent that. Thx.

Better to have an alternate access method. Free teamviewer account on a VM or some other machine on the network, a VPN on your router, any other secure method to get local network access.

Share this post


Link to post
4 hours ago, jonathanm said:

Better to have an alternate access method. Free teamviewer account on a VM or some other machine on the network, a VPN on your router, any other secure method to get local network access.

I have 2 openvpn servers set up on mine. One on the router (pfsense), which is my main connection, and another on unraid as a docker container, which is my backup. 

 

I also have chrome remote desktop enabled on a windows vm on unraid as a backup to the backup

Share this post


Link to post

After much troubleshooting, I appear to have hit a wall in my configuration.

I have 2 network interfaces (eth0 and eth1) both connected to my router with an IP of 192.168.1.1

  • Bonding is disabled
  • eth0 has the IP 192.168.1.13
  • eth1 has no IP
  • Bridging is enabled on both interfaces
  • VLAN is disabled on both interfaces\
  • Router DHCP range 192.168.1.50 -> 192.168.1.100

Docker

  • via GUI settings I have a custom interface on br1 (Subnet 192.168.1.0/24, Gateway 192.168.1.1, DHCP pool 192.168.1.128/26)
  • For testing I have 3 sample docker containers on 3 different Network types
    • Deluge on Host
    • Letsencrypt on Bridge
    • HomeAssistant on br1 (with IP 192.168.1.133 - This is set statically)

All of these docker containers and the unRaid WebUI work fine from local network. As does Internet access.

 

The Problem

  1. I can successfully have an OpenVPN-AS container running in Host mode, connect to it remotely and from there I can route internet traffic via the VPN, see other devices on the network (such as the WebUI for the router), access the Deluge and Letsencrypt containers and access the UnRaid WebUI. I cannot access the HomeAssistant container via this setup.
  2. I can successfully move the OpenVPN-AS container to the br1 network (resulting in an IP of 192.168.1.128), modify my port-forwarding settings on the router and connect to it with a client. Now I can access HomeAssistant without issue. I cannot however access the internet, the UnRaid WebUI, the Deluge or Letsencrypt dockers or any other items on the network (including the Router WebUI).
  3. When I have OpenVPN-AS in mode 2 and use the terminal within the container, I can successfully access all required endpoints (Internet Resources, Local network resources, and all 3 Docker containers).

I have tried using command-line created macvlan networks for use by docker instead of via the UnRaid WebUI with the same result.

 

Any help would be GREATLY appreciated, I am at my wit's end.

Share this post


Link to post
On 12/27/2018 at 12:42 AM, sjaak said:

 

I use this docker app and here its running on 2.6.1 :S, i use CA Auto Update Applications to do fully automatic updates. didn't pay for any licence, the free version is enough for me.

Seems it was recently updated! Thanks devs!

Share this post


Link to post

silly question as I'm trying to get this functioning.  Is setting up the openvpn as server with google 2fa required on logins supported on the android openvpn app?  If so; I must be missing this setting somewhere.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now