Annie SIxgun Posted June 26, 2018 Share Posted June 26, 2018 It only took me 4 days to get to this to connect. The OpenVPN log is below When I try to access the server with my browser, I am presented with my router sign in page. Port 1194 is single port forwarded in the EA-6900 Linksys router Guidance would be appreciated I figured I am burning up trial days and better ask those in the know for help. Thanks, Anne Quote Link to comment
FlorinB Posted June 26, 2018 Share Posted June 26, 2018 (edited) 3 hours ago, Annie SIxgun said: When I try to access the server with my browser, I am presented with my router sign in page. Normally the router should not be reachable in Internet. You have to map into your router the port 1194 pointing to the unRaid IP (I assume you are talking about the Docker OpenVPN-AS) Have you already watched this tutorial? Additionally, if you do not have a static ip, you will need to use a dynamic DNS service like NoIP, DynDNS, DuckDNS. Edited June 26, 2018 by FlorinB Quote Link to comment
FlorinB Posted June 26, 2018 Share Posted June 26, 2018 (edited) 3 hours ago, Annie SIxgun said: I am burning up trial days Do not worry, you can extend your trial several times. Edited June 26, 2018 by FlorinB Quote Link to comment
Annie SIxgun Posted June 26, 2018 Author Share Posted June 26, 2018 My router has port 1194 forwarded to the unraid server. Yes i have watched both of his video tutorials on the OpenVPN-AS install The OpenVPN-AS log shows the connection is made on port 1194 ( image in first message) This is why I need help. Being new to unraid I do not know where to look for those telltale traces that let you know what happened. Right now it looks to me as if the router has forwarded the connection to itself. V Quote Link to comment
FlorinB Posted June 26, 2018 Share Posted June 26, 2018 9 minutes ago, Annie SIxgun said: Right now it looks to me as if the router has forwarded the connection to itself. Please do not confuse tcp with udp. The web pages are served via TCP protocol. Did you tried to access the port 1194 in your web browser from your LAN or from an external IP address? You can start your investigation by looking into the router log files. Then check into unRaid the following: - that the OpenVPN-AS docker container is started and configured correctly. - check into unRaid that the port 1194 is open for upd protocol using the terminal from Web GUI or ssh to unRaid Quote root@Node804:~# netstat -anp|grep 1194udp 0 0 192.x.y.110:1194 0.0.0.0:* 24921/openvpn-opens - be sure that you have created the vpn user, exported the .ovpn config and imported it into your VPN client. I am using a mobile phone with 4G data enabled instead of local LAN. - try to connect using OpenVPN client with the imported profile to your pulbic Internet IP address/Hostname (take care, when the ovpn profile is generated is pointig to the hostname. If your hostname is a dynamic IP it will work only for short time) - if the connection from the OpenVPN Client to the server is successful you should be able to see something like this into the OpenVPN-AS Web UI. At which step are you @Annie SIxgun? Attention: Do not expose the unRaid Web UI or the ssh directly into Internet! Quote Link to comment
FlorinB Posted June 26, 2018 Share Posted June 26, 2018 (edited) Have you followed similar steps like this on your router? To see the OpenVPN-AS log you have to start the Docker of OpenVPN-AS terminal, type bash - this will make you life easier and search where the openvpn.log file is Quote # bash root@Tower:/openvpn# find / -type f -name "*.log" 2>/dev/null /usr/local/openvpn_as/init.log /var/log/alternatives.log /var/log/apt/history.log /var/log/apt/term.log /var/log/bootstrap.log /var/log/dpkg.log/config/log/openvpn.log <- this is your log /config/init.log After this you can do the tail -f /config/log/openvpn.log to see the log, but this will help you after you have correctly configured your router and the vpn related stuff. Edited June 26, 2018 by FlorinB Quote Link to comment
Annie SIxgun Posted June 26, 2018 Author Share Posted June 26, 2018 13 minutes ago, FlorinB said: Please do not confuse tcp with udp. The web pages are served via TCP protocol. Did you tried to access the port 1194 in your web browser from your LAN or from an external IP address? You can start your investigation by looking into the router log files. Then check into unRaid the following: - that the OpenVPN-AS docker container is started and configured correctly. - check into unRaid that the port 1194 is open for upd protocol using the terminal from Web GUI or ssh to unRaid - be sure that you have created the vpn user, exported the .ovpn config and imported it into your VPN client. I am using a mobile phone with 4G data enabled instead of local LAN. - try to connect using OpenVPN client with the imported profile to your pulbic Internet IP address/Hostname (take care, when the ovpn profile is generated is pointig to the hostname. If your hostname is a dynamic IP it will work only for short time) - if the connection from the OpenVPN Client to the server is successful you should be able to see something like this into the OpenVPN-AS Web UI. At which step are you @Annie SIxgun? Attention: Do not expose the unRaid Web UI or the ssh directly into Internet! I t accessed the udp port 1194 via the android OpenVPN ap on my cell phone and was connected. The android ap gives me my name , my private IP, it tells me I connected with xxx,duck.dns.org,,, it tells me the server public IP,, the port 1194 and the protocal udpv6 it tells me that I am logged in as [email protected] BUT, I can not see anything on the server Then I tried using my cell phone browser and use my dns service to access the unraid server, and got my router login page ( .ovpn set to use xxxx.duckdns,org) Then I tried using my cell phone browser to access the IP of the server,,, and got my router login page ( .ovpn set up to use IP) I tried to access the unraid server from my local laptop browser using xxx.duckdns.org, and got my router login page I tried to access the unraid server from my local laptop browser using my WEB IP and port# , xxx.xx.xx.xxx:1194, and got "unable to connect" I tried to access the unraid server from my local laptop browser,,using the unraid local IP and port#, and got unable to connect Here is the info you spoke about # netstat -anp|grep 1194 udp 0 0 192.168.1.102:1194 0.0.0.0:* 297/openvpn-openssl unix 2 [ ] STREAM CONNECTED 1115311 - /tmp/pty515711947/pty.sock root@Tower:/# tail -f /config/log/openvpn.log 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 MANAGEMENT: CMD 'client-auth 3 0'" 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: 'Tue Jun 26 18:50:10 2018 172.58.xx.xxx:37478 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA' 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: 'Tue Jun 26 18:50:10 2018 172.58.xx.xxx:37478 [anne_AUTOLOGIN] Peer Connection Initiated with [AF_INET]172.58.xx.xxx:37478' 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: 'Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 OPTIONSIMPORT: compression parms modified' 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: 'Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 MULTI: Learn: 172.27.xxx.x -> anne_AUTOLOGIN/172.58.xx.xxx:37478' 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: 'Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xx:37478 MULTI: primary virtual IP for anne_AUTOLOGIN/172.58.xx.xxx:37478: 172.27.xxx.x' 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 SENT CONTROL [anne_AUTOLOGIN]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.xxx.x,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DNS 192.168.1.102,register-dns,block-ipv6,ifconfig 172.27.xxx.x 255.255.240.0,peer-id 0,cipher AES-256-GCM' (status=1)" 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 Data Channel: using negotiated cipher 'AES-256-GCM'" 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key" 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key" Quote Link to comment
Zonediver Posted June 26, 2018 Share Posted June 26, 2018 (edited) Normaly your Router should also be the OpenVPN-Server (if the router supports this). Then you can reach your server without forwarding a port to the inet > higher security. In my case, i use an IPFire-Router and OpenVPN is installed on it as server. Whenever i want to do something on unraid, i establish the VPN-Connection to the router and can access my whole Network including unraid. Edited June 26, 2018 by Zonediver Quote Link to comment
FlorinB Posted June 27, 2018 Share Posted June 27, 2018 8 hours ago, Annie SIxgun said: I tried to access the unraid server from my local laptop browser using xxx.duckdns.org, and got my router login page This might be right in some situations from your internal network. 8 hours ago, Annie SIxgun said: I tried to access the unraid server from my local laptop browser using my WEB IP and port# , xxx.xx.xx.xxx:1194, and got "unable to connect" This will not work. I've told you earlier: do not confuse UDP with TCP protocol. To access your unRaid server over VPN, you have to simply type in the ip address of your unRaid server, as you normally doing it from home without VPN. 8 hours ago, Annie SIxgun said: I tried to access the unraid server from my local laptop browser,,using the unraid local IP and port#, and got unable to connect Same like above: do not confuse UDP with TCP protocol. The UDP port 1194 is used only for VPN client to make the connection to the VPN server, nothing else. As soon the VPN connection is established you should be able to see all your computers from the home network. 8 hours ago, Annie SIxgun said: 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 Data Channel: using negotiated cipher 'AES-256-GCM'" 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key" 2018-06-26 18:50:10-0400 [-] OVPN 0 OUT: "Tue Jun 26 18:50:10 2018 anne_AUTOLOGIN/172.58.xx.xxx:37478 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key" Congratulations Annie! This means that your VPN connection was successfully established. Now enjoy browsing/accessing your home network. Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 This is the problem I have been trying to describe.. As far as I could determine, I had a VPN connection... I checked all the stuff you talked about to be sure what I was seeing was a VPN connection........ .. HOWEVER... I can NOT see ANYTHING on the server.. can not browse anyplace The ONLY thing I get to see after the vpn connection is established is my router login page.. I provided you the things I had tried in a "just in case it might work scenario", because not only do I not know much about VPN, I know almost nothing about linux... so I try everything "jut in case" it might work Quote Link to comment
JonathanM Posted June 27, 2018 Share Posted June 27, 2018 Can you ping the server's local IP? Quote Link to comment
FlorinB Posted June 27, 2018 Share Posted June 27, 2018 21 minutes ago, Annie SIxgun said: HOWEVER... I can NOT see ANYTHING on the server.. can not browse anyplace The ONLY thing I get to see after the vpn connection is established is my router login page Then something is wrong or not completely configured into OpenVPN-AS. These are my OpenVPN-AS settings, please compare the configuration with yours. The red-highlighted is the most important, then the yellow highlights Quote Link to comment
FlorinB Posted June 27, 2018 Share Posted June 27, 2018 8 minutes ago, jonathanm said: Can you ping the server's local IP Normally you do this, but on a mobile phone it is a little bit more difficult. Annie, you can do as well a traceroute from your client to the uRaid ip and see what you get. It should stop where your issue is. Quote Link to comment
JonathanM Posted June 27, 2018 Share Posted June 27, 2018 43 minutes ago, FlorinB said: Normally you do this, but on a mobile phone it is a little bit more difficult. Sorry, missed the bit about being on a phone. Fing would be a good tool in this instance. Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 1 hour ago, FlorinB said: Then something is wrong or not completely configured into OpenVPN-AS. These are my OpenVPN-AS settings, please compare the configuration with yours. The red-highlighted is the most important, then the yellow highlights here is mine Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 (edited) 49 minutes ago, jonathanm said: Sorry, missed the bit about being on a phone. Fing would be a good tool in this instance. If I use fing does that not circumvent the reason for using the cell phone to test as it requires me to turn on my wifi , and then just connects to the local network. However, I did try it and after displaying 15+ hops it said unreachable, yet it had all the correct information "about" the server Edited June 27, 2018 by Annie SIxgun Quote Link to comment
FlorinB Posted June 27, 2018 Share Posted June 27, 2018 1 minute ago, Annie SIxgun said: here is mine and 172.16.x.y is your private subnet and your unRaid server have an IP within that range. Same for your router. - make a ping from your VPN client towards your unRaid IP, as Johnathan recommended. - do a traceroute from your VPN client towards your unRaid IP and post the results here. Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 1 minute ago, FlorinB said: and 172.16.x.y is your private subnet and your unRaid server have an IP within that range. Same for your router. - make a ping from your VPN client towards your unRaid IP, as Johnathan recommended. - do a traceroute from your VPN client towards your unRaid IP and post the results here. I have no idea. about address 172.16.x.y it was inserted by the software my tracerout said unreachable my unraid server is on 192.168.x.y Quote Link to comment
FlorinB Posted June 27, 2018 Share Posted June 27, 2018 (edited) 7 minutes ago, Annie SIxgun said: I have no idea. about address 172.16.x.y it was inserted by the software my tracerout said unreachable my unraid server is on 192.168.x.y I have no idea either how your network and unRaid is configured, however please leave that 172.16.0.0/16 there and add your 192.168.0.0/24 (or /16 depending of your network settings). if the netmask of your internal network is 255.255.255.0 that means /24 if the netmask of your internal network is 255.255.0.0 that means /16 Save and update the configuration on your OpenVPN-AS docker, test again and let us know the result. If is not working please post here the full output of your traceroute towards unRaid server. Edited June 27, 2018 by FlorinB Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 Just now, FlorinB said: I have no idea either how your network and unRaid is configured, however please leave that 172.16.0.0/16 there and add your 192.168.0.0/24 (or /16 depending of your network settings). if the netmask of your internal network is 255.255.255.0 that means /24 if the netmash of your internal network is 255.255.0.0 that means /16 Save and update the configuration on your OpenVPN-AS docker, test again and let us know the result. If is not working please post here the full output of your traceroute towards unRaid server. I will do that right now.. HOWEVER>> doing a trace rout from my phone (never done it befor) says I have to turn on wifi.. ok BUT if I turn on wifi does not the phone now search my local network for the unraid server instead of using the internet to do the trace route? be back in a minute after making your suggested changes Quote Link to comment
FlorinB Posted June 27, 2018 Share Posted June 27, 2018 1 minute ago, Annie SIxgun said: I will do that right now.. HOWEVER>> doing a trace rout from my phone (never done it befor) says I have to turn on wifi.. ok That is why I said it is more difficult from a cell phone. Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 (edited) 1 hour ago, FlorinB said: I have no idea either how your network and unRaid is configured, however please leave that 172.16.0.0/16 there and add your 192.168.0.0/24 (or /16 depending of your network settings). if the netmask of your internal network is 255.255.255.0 that means /24 if the netmask of your internal network is 255.255.0.0 that means /16 Save and update the configuration on your OpenVPN-AS docker, test again and let us know the result. If is not working please post here the full output of your traceroute towards unRaid server. ok changes made and retest Using FING the trace route just displays a bunch of hops and then says unreachble then I did a ping and it said unreachable because it displays the correct IP.... BTW the server and all my shares, is accessible from anything on the local network Edited June 27, 2018 by Annie SIxgun Quote Link to comment
JonathanM Posted June 27, 2018 Share Posted June 27, 2018 1 hour ago, Annie SIxgun said: If I use fing does that not circumvent the reason for using the cell phone to test as it requires me to turn on my wifi , and then just connects to the local network. Yeah, sorry about that, brain dead tool. It should allow you to specify the VPN tunnel, but it doesn't. Try using Netty Network Analyzer by nivin regi, I just tested it and it works. It won't scan without wifi, but it will ping my server just fine using 4G when connected to my VPN. Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 (edited) 4 minutes ago, jonathanm said: Yeah, sorry about that, brain dead tool. It should allow you to specify the VPN tunnel, but it doesn't. Try using Netty Network Analyzer by nivin regi, I just tested it and it works. It won't scan without wifi, but it will ping my server just fine using 4G when connected to my VPN. ok.. be back as soon as I install and run that program can not find that application..android? Edited June 27, 2018 by Annie SIxgun Quote Link to comment
Annie SIxgun Posted June 27, 2018 Author Share Posted June 27, 2018 can not find that app Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.