Taddeusz Posted September 13, 2016 Share Posted September 13, 2016 I'm sorry my question wasn't very detailed. I followed the posted instructions and now it's working. My problem now is that I am doing port forwarding from my router to unRAID. I can connect to the web login and use my Active Directory credentials to login but the profile that is generated uses the private IP address of my unRAID server. How do I set OpenVPN AS so that the auto generated client profiles are set to my public DynDNS hostname? Quote Link to comment
CHBMB Posted September 13, 2016 Share Posted September 13, 2016 You don't. You set your DDNS to forward to your WAN IP address the port forward from your router to your Unraid IP address. EDIT: Actually, just seen you're using Active Directory, so I have no idea about that. I did however specify my own SSL certs so I could use my own domain name. Quote Link to comment
Taddeusz Posted September 13, 2016 Share Posted September 13, 2016 You don't. You set your DDNS to forward to your WAN IP address the port forward from your router to your Unraid IP address. Sent from my LG-H815 using Tapatalk I have all that set up. I can get to the web interface to download a profile to my iPhone. My problem is that the generated profiles try to connect to my private IP address, not my public dyndns hostname. I tried putting "remote myhostname.dyndns.org 1194" like I have in the client profile I use to connect to my Ubuntu Server OpenVPN but that didn't work. Quote Link to comment
trurl Posted September 13, 2016 Share Posted September 13, 2016 You don't. You set your DDNS to forward to your WAN IP address the port forward from your router to your Unraid IP address. Sent from my LG-H815 using Tapatalk I have all that set up. I can get to the web interface to download a profile to my iPhone. My problem is that the generated profiles try to connect to my private IP address, not my public dyndns hostname. I tried putting "remote myhostname.dyndns.org 1194" like I have in the client profile I use to connect to my Ubuntu Server OpenVPN but that didn't work. The generated profiles will use the address or hostname you set up Server Network Settings. See 2nd screenshot here Quote Link to comment
Taddeusz Posted September 13, 2016 Share Posted September 13, 2016 You don't. You set your DDNS to forward to your WAN IP address the port forward from your router to your Unraid IP address. Sent from my LG-H815 using Tapatalk I have all that set up. I can get to the web interface to download a profile to my iPhone. My problem is that the generated profiles try to connect to my private IP address, not my public dyndns hostname. I tried putting "remote myhostname.dyndns.org 1194" like I have in the client profile I use to connect to my Ubuntu Server OpenVPN but that didn't work. The generated profiles will use the address or hostname you set up Server Network Settings. See 2nd screenshot here Thank you very much. I didn't see that setting. All is well now. Quote Link to comment
DazedAndConfused Posted September 16, 2016 Share Posted September 16, 2016 This might be a shot in the dark..... but can anyone help me get stunnel working on this docker somehow? I need to use it to get through to the VPN at work. Lead network guy told me to use stunnel to get through (just an insider tip for the networking crew!) but I am wondering how to get this setup on unraid. Ive downloaded SSLDroid on my phone and put in the information. Now, I just need to setup the tunnel on Unraid. I can already connect to the Unraid box from outside the network from my 4G connection. Quote Link to comment
Aran Posted October 1, 2016 Share Posted October 1, 2016 Ok, so i managed to log in to the webui. I also use bonding so post #45 was helpfull, thanks! Then i configured everything as described in post #9 but stumbled upon the TUN/TAP error... ['Sat Oct 1 20:06:36 2016 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)'] I'm still in a learning process and searched the web but i have no idea where to start. Quote Link to comment
greg_gorrell Posted October 3, 2016 Share Posted October 3, 2016 I have had one hell of a time getting this thing going in the past and just want to note that you must have another user besides admin added for it to work. Quote Link to comment
Aran Posted October 3, 2016 Share Posted October 3, 2016 Same here. I spend 3 weeks gathering info from github, docker.com, this forum and openvpn itself. Could not get it up and running until someone posted the link to this topic. I somehow must have over looked it. (don't get me wrong, appreciate the hard work put into this) After reading the full 18 pages i was able to solve all problems but one. The vpn-server was up and running without errors but i could not connect. Turned out that my ISP router was able to port forward only TCP, not UDP. (is this normal?) My problems: no webui: changed eth0 to bond0 in config file (i use bonding) TUN/TAP error: a simple reboot fixed it our second router is set to 'bridge mode' but nat was still enabled. Disabled nat manualy. port forwarding didn't work with UDP. Using TCP fixed it. At the end of the day, I've learned A LOT. Quote Link to comment
PixelPerfect Posted October 5, 2016 Share Posted October 5, 2016 Okay, so, I've read through a good portion of this thread and haven't found a fix for my issue. My other docker containers are running fine at this point. I DO HAVE A SECOND USER ADDED IN UNRAID'S WEBUI, BUT I DIDN'T ADD A USER VIA SSH. I notice one of the solutions was to add a second user. Didn't seem to help. I run a clean install of OpenVPN-AS from the Apps tab in unRAID 6.2, in the Trial mode, as I want to get everything running before I shell out for it. I'm on a q6600 with 4GB of RAM if that makes any difference. I also have two NICs, my main one is eth0 in unRAID. Edit: logs and configs removed I'm getting connection refused in Chrome whenever trying to open the WebUI, either via tower:943 or local-ip:943 Normally, I'd try toggling port mappings and try switching to bridge mode or something like that, but this time, I'm just going to leave it alone. I might stop the array and reboot, but that's it. Quote Link to comment
danioj Posted October 5, 2016 Share Posted October 5, 2016 Okay, so, I've read through a good portion of this thread and haven't found a fix for my issue. My other docker containers are running fine at this point. I DO HAVE A SECOND USER ADDED IN UNRAID'S WEBUI, BUT I DIDN'T ADD A USER VIA SSH. I notice one of the solutions was to add a second user. Didn't seem to help. I run a clean install of OpenVPN-AS from the Apps tab in unRAID 6.2, in the Trial mode, as I want to get everything running before I shell out for it. I'm on a q6600 with 4GB of RAM if that makes any difference. I also have two NICs, my main one is eth0 in unRAID. YouTube video of my install: Logs init.log http://hastebin.com/nodefowehe.sql webui log: http://hastebin.com/anofayotuw.sql openvpn.log http://hastebin.com/uruvubumeb.py Configs as.conf http://hastebin.com/rifupivuda.php config.json http://hastebin.com/omeluvalav.json iptables http://hastebin.com/sedubavoca.hs I'm getting connection refused in Chrome whenever trying to open the WebUI, either via tower:943 or local-ip:943 Normally, I'd try toggling port mappings and try switching to bridge mode or something like that, but this time, I'm just going to leave it alone. I might stop the array and reboot, but that's it. Hi mate and welcome to unRAID. I think you have the wrong end of the stick. The user system in unRAID has no relationship with the user system within the OpenVPN-AS Container. I am not sure how familiar you are with Docker Containers, but (as I don't have a heap of time) you can think of them as mini sandboxed linux installations. In that the Container has its own little filesystem, user control etc etc and does not communicate with unRAID OS (well thats technically wrong, but it gets my point across). This is why you map paths / network ports between unRAID and each Container. unRAID users are for user shares etc IF you enable security in unRAID. The root user is still required to log into the console or the webGUI (if you set a password). Therefore, you NEED to change the admin password and add a user [glow=red,2,300]in the container[/glow] via the command line as follows: command: docker exec -it openvpn-as passwd admin sample output: root@main:~# docker exec -it openvpn-as passwd admin Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@main:~# command: docker exec -it openvpn-as adduser newuser sample output: root@main:~# docker exec -it openvpn-as adduser newuser Adding user `newuser' ... Adding new group `newuser' (1004) ... Adding new user `newuser' (1004) with group `newuser' ... Creating home directory `/home/newuser' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for newuser Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y root@main:~# Then you can access the OpenVPN-AS GUI's (as specified in your setup) using admin to begin with (and then as I do, specify the user you've just added as an admin user) and configure as required. Remember, it is because of the above that each time the Container is updated / re installed etc that this will have to be re-done. EDIT: if you accidentally add a user called "newuser" (rather than specifying a username of your choice) via a copy and paste of the above, use this to remove it: sample command: docker exec -it openvpn-as deluser newuser sample output: root@main:~# docker exec -it openvpn-as deluser newuser Removing user `newuser' ... Warning: group `newuser' has no more members. Done. root@main:~# Quote Link to comment
PixelPerfect Posted October 5, 2016 Share Posted October 5, 2016 Wall of text making me look like a noob Thanks! I have been using linux for years, but never really played with Docker. I was under the impression that it was connecting to the LDAP server in unRAID (unRAID is using LDAP, right???) Edit: wait no that didn't help root@Tower:~# docker exec -it OpenVPN-Server-Test passwd admin Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully root@Tower:~# docker exec -it OpenVPN-Server-Test adduser pixel Adding user `pixel' ... Adding new group `pixel' (1000) ... Adding new user `pixel' (1003) with group `pixel' ... Creating home directory `/home/pixel' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for pixel Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Restarted container and still have Refused Connection Quote Link to comment
danioj Posted October 5, 2016 Share Posted October 5, 2016 Wall of text making me look like a noob Thanks! I have been using linux for years, but never really played with Docker. I was under the impression that it was connecting to the LDAP server in unRAID (unRAID is using LDAP, right???) Wow - what a nice quote I made I just noticed that you couldn't connect to the interfaces of the Container either. Im watching the video. Quote Link to comment
danioj Posted October 5, 2016 Share Posted October 5, 2016 Wall of text making me look like a noob Thanks! I have been using linux for years, but never really played with Docker. I was under the impression that it was connecting to the LDAP server in unRAID (unRAID is using LDAP, right???) Wow - what a nice quote I made I just noticed that you couldn't connect to the interfaces of the Container either. Im watching the video. Inspired by your video my friend, I am producing a small video myself which walks you through how to set this up! Standby! Quote Link to comment
PixelPerfect Posted October 5, 2016 Share Posted October 5, 2016 Inspired by your video my friend, I am producing a small video myself which walks you through how to set this up! Standby! I feel like I'm missing something REALLY simple Quote Link to comment
danioj Posted October 5, 2016 Share Posted October 5, 2016 Inspired by your video my friend, I am producing a small video myself which walks you through how to set this up! Standby! I feel like I'm missing something REALLY simple You're not. I know what the issue is. Sent a PM but you haven't seen it so Ill just post it here. Switch the Container to Bridge Mode in the Docker Tab. Add an additional port (e.g. 1194 UDP), call it whatever you want. Then hit save. Then it will work. The connectivity issue has to do with the Container running in Host Mode. I am going to co-ordinate some changes to the guidance centrally. Its a bit of pain as it was originally setup to run in Bridge Mode but was changed (due to issues experienced by users) to run as Host. Now it appears it has to go back again. Quote Link to comment
PixelPerfect Posted October 5, 2016 Share Posted October 5, 2016 Inspired by your video my friend, I am producing a small video myself which walks you through how to set this up! Standby! I feel like I'm missing something REALLY simple You're not. I know what the issue is. Sent a PM but you haven't seen it so Ill just post it here. Switch the Container to Bridge Mode in the Docker Tab. Add an additional port (e.g. 1194 UDP), call it whatever you want. Then hit save. Then it will work. The connectivity issue has to do with the Container running in Host Mode. I am going to co-ordinate some changes to the guidance centrally. Its a bit of pain as it was originally setup to run in Bridge Mode but was changed (due to issues experienced by users) to run as Host. Now it appears it has to go back again. Yet...post 3 or so says things NEED to be HOST and PRIVILEGED Quote Link to comment
danioj Posted October 5, 2016 Share Posted October 5, 2016 Inspired by your video my friend, I am producing a small video myself which walks you through how to set this up! Standby! I feel like I'm missing something REALLY simple You're not. I know what the issue is. Sent a PM but you haven't seen it so Ill just post it here. Switch the Container to Bridge Mode in the Docker Tab. Add an additional port (e.g. 1194 UDP), call it whatever you want. Then hit save. Then it will work. The connectivity issue has to do with the Container running in Host Mode. I am going to co-ordinate some changes to the guidance centrally. Its a bit of pain as it was originally setup to run in Bridge Mode but was changed (due to issues experienced by users) to run as Host. Now it appears it has to go back again. Yet...post 3 or so says things NEED to be HOST and PRIVILEGED I understand, we shall clear the guidance up as required. Just trust me, give it a go. I'm 99.9% sure this is the issue .... Quote Link to comment
danioj Posted October 5, 2016 Share Posted October 5, 2016 Inspired by your video my friend, I am producing a small video myself which walks you through how to set this up! Standby! I feel like I'm missing something REALLY simple You're not. I know what the issue is. Sent a PM but you haven't seen it so Ill just post it here. Switch the Container to Bridge Mode in the Docker Tab. Add an additional port (e.g. 1194 UDP), call it whatever you want. Then hit save. Then it will work. The connectivity issue has to do with the Container running in Host Mode. I am going to co-ordinate some changes to the guidance centrally. Its a bit of pain as it was originally setup to run in Bridge Mode but was changed (due to issues experienced by users) to run as Host. Now it appears it has to go back again. Yet...post 3 or so says things NEED to be HOST and PRIVILEGED I understand, we shall clear the guidance up as required. Just trust me, give it a go. I'm 99.9% sure this is the issue .... Confirmed via IRC that move to Bridge mode worked. Quote Link to comment
CHBMB Posted October 5, 2016 Share Posted October 5, 2016 Just to chime in on this, we're looking at this bridge/host thing, however I'm not sure I entirely agree with danioj at the moment. I can use host without issue, and seem to be able to on a fresh install. If someone can post DETAILED instructions on how to reproduce the issue they're having I'll happily test some more, as we'd like to get to the bottom of any issues. In the meantime, if you're using host networking and it's working, probably best to stick to the old adage "If it ain't broke, don't fix it..." I'll chat some more with danioj when I get the chance, but living on opposite sides of the world/work/family does make it a little more difficult. Quote Link to comment
CHBMB Posted October 5, 2016 Share Posted October 5, 2016 Also iirc this doesn't work properly if you specify /mnt/user/appdata/openvpn-as rather it requires /mnt/cache/appdata/openvpn-as/ or /mnt/disk[b]X[/b]/appdata/openvpn-as/ Where X = Disk no. Quote Link to comment
CHBMB Posted October 5, 2016 Share Posted October 5, 2016 Hi CHBMB, Thanks for taking a look. Here's how I configured the docker. Try deleting your appdata and use /mnt/cache/.... rather than /mnt/user/.... Sent from my LG-H815 using Tapatalk Hi CHBMB, That did the trick—thank you! I also had to add a variable for INTERFACE=br0 to get the admin page to load in host mode. Thanks again for your help. Quote Link to comment
Squid Posted October 6, 2016 Share Posted October 6, 2016 Also iirc this doesn't work properly if you specify /mnt/user/appdata/openvpn-as rather it requires /mnt/cache/appdata/openvpn-as/ or /mnt/disk[b]X[/b]/appdata/openvpn-as/ Where X = Disk no. If this is still the case under 6.2+, you need to report it to Tom Quote Link to comment
xthursdayx Posted October 7, 2016 Share Posted October 7, 2016 Hey everyone. I've been using this docker to manage my server remotely (when I am at work or out of town) for the last 9 months with no problems. As has been noted with the most recent update to unRAID I had to reset my admin password and re-add my secondary 'guest' user. But for some reason now a problem has arisen. After updating the passwords and re-adding the second user I tried to connect using my previous .ovpn client configs. This didn't work, so I logged in through the web interface and downloaded new .ovpn files for both users. Using them from my phone or computer I can now connect to my server through OpenVPN, and can load web pages etc, BUT for some reason I can no longer access my server unRAID GUI page (from 192.168.1.x)... THis has never happened before and I'm not sure what would have changed to cause this. All of my permissions etc seem to be the same as they were previously. Any ideas? Thanks! Quote Link to comment
rcampbell Posted October 9, 2016 Share Posted October 9, 2016 I recently upgraded to 6.2 and now the OpenVPN container won't start. Below is the error log, and the permissions for the folder/files. Are these permissions correct? If not what should they be? ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... [cont-init.d] 20-time: exited 0. [cont-init.d] 30-config: executing... [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... /var/run/s6/etc/cont-init.d/50-interface: line 9: /config/scripts/confdba: Permission denied /var/run/s6/etc/cont-init.d/50-interface: line 10: /config/scripts/confdba: Permission denied /var/run/s6/etc/cont-init.d/50-interface: line 11: /config/scripts/confdba: Permission denied /var/run/s6/etc/cont-init.d/50-interface: line 12: /config/scripts/confdba: Permission denied [cont-init.d] 50-interface: exited 126. [cont-init.d] done. [services.d] starting services [services.d] done. ./run: line 3: /config/scripts/openvpnas: Permission denied ./run: line 3: /config/scripts/openvpnas: Permission denied ./run: line 3: /config/scripts/openvpnas: Permission denied ./run: line 3: /config/scripts/openvpnas: Permission denied ./run: line 3: /config/scripts/openvpnas: Permission denied ./run: line 3: /config/scripts/openvpnas: Permission denied ./run: line 3: /config/scripts/openvpnas: Permission denied root@shr-unraid1:/mnt/user/Config/OpenVPN# ls -l total 72 drwxrwxrwx 1 nobody users 64 Aug 5 15:44 bin/ drwxrwxrwx 1 nobody users 166 Aug 5 15:44 doc/ drwxrwxrwx 1 nobody users 208 Aug 10 07:46 etc/ -rw-rw-rw- 1 nobody users 447 Jul 6 16:07 exports drwxrwxrwx 1 nobody users 18 Aug 5 15:44 include/ -rw-rw-rw- 1 nobody users 11513 Aug 5 15:44 init.log drwxrwxrwx 1 nobody users 1334 Aug 5 15:44 lib/ -rw-rw-rw- 1 nobody users 54308 Aug 7 22:37 license.txt drwxrwxrwx 1 nobody users 26 Sep 23 03:38 log/ drwxrwxrwx 1 nobody users 82 Aug 5 15:44 sbin/ drwxrwxrwx 1 nobody users 678 Aug 5 15:44 scripts/ root@shr-unraid1:/mnt/user/Config/OpenVPN/scripts# ls -l total 136 -rw-rw-rw- 1 nobody users 406 Aug 5 15:44 authcli -rw-rw-rw- 1 nobody users 403 Aug 5 15:44 bridge -rw-rw-rw- 1 nobody users 406 Aug 5 15:44 certool -rw-rw-rw- 1 nobody users 406 Aug 5 15:44 confdba -rw-rw-rw- 1 nobody users 2737 Aug 5 15:44 db-update-1.8 -rw-rw-rw- 1 nobody users 400 Aug 5 15:44 dbcvt -rw-rw-rw- 1 nobody users 403 Aug 5 15:44 dnscli -rw-rw-rw- 1 nobody users 421 Aug 5 15:44 dnsfo_active -rw-rw-rw- 1 nobody users 424 Aug 5 15:44 dnsfo_standby -rw-rw-rw- 1 nobody users 403 Aug 5 15:44 iosvod -rw-rw-rw- 1 nobody users 400 Aug 5 15:44 liman -rw-rw-rw- 1 nobody users 403 Aug 5 15:44 logdba -rw-rw-rw- 1 nobody users 403 Aug 5 15:44 mandep -rw-rw-rw- 1 nobody users 406 Aug 5 15:44 netinfo -rw-rw-rw- 1 nobody users 412 Aug 5 15:44 openvpnas -rw-rw-rw- 1 nobody users 454 Aug 5 15:44 openvpnas_deferred_init -rw-rw-rw- 1 nobody users 439 Aug 5 15:44 openvpnas_gen_init -rw-rw-rw- 1 nobody users 466 Aug 5 15:44 openvpnas_gen_init_deferred -rw-rw-rw- 1 nobody users 436 Aug 5 15:44 openvpnas_gen_pam -rw-rw-rw- 1 nobody users 415 Aug 5 15:44 openvpncc -rw-rw-rw- 1 nobody users 421 Aug 5 15:44 openvpncdisp -rw-rw-rw- 1 nobody users 427 Aug 5 15:44 openvpncnode -rw-rw-rw- 1 nobody users 415 Aug 5 15:44 ovpnpasswd -rw-rw-rw- 1 nobody users 391 Aug 5 15:44 sa -rw-rw-rw- 1 nobody users 400 Aug 5 15:44 sacli -rw-rw-rw- 1 nobody users 409 Aug 5 15:44 signtool -rw-rw-rw- 1 nobody users 281 Aug 5 15:44 sqlite3 -rw-rw-rw- 1 nobody users 421 Aug 5 15:44 sshrpc_agent -rw-rw-rw- 1 nobody users 421 Aug 5 15:44 ucarp_active -rw-rw-rw- 1 nobody users 424 Aug 5 15:44 ucarp_standby -rw-rw-rw- 1 nobody users 427 Aug 5 15:44 update_as_conf -rw-rw-rw- 1 nobody users 424 Aug 5 15:44 update_va_ver -rw-rw-rw- 1 nobody users 406 Aug 5 15:44 userdba -rw-rw-rw- 1 nobody users 394 Aug 5 15:44 web Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.