Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - OpenVPN AS

Featured Replies

8 minutes ago, griff1984 said:

Thanks for your reply... The only thing im running on my router is a DDNS tracker with a host name that openvpn is using on Unraid and a single port forwarding option for openvpn on my unraid machine... My router doesnt have an openvpn option on the router, only the new routers seem to have it.  I guess i need to buy a new router!!  

 

So i'm a bit unsure of which way to proceed really.... My set up seems to work in regards of being to connect to openvpn using my phones network, giving me access to dockers via their various ports but not the actual Web GUI.  Now i'm unsure whether or not i've got the whole thing configured correctly in the first place, i want it to be as secure as possible!

The OpenVPN forum might be the best place to get answers if it's not a configuration issue. Maybe even if it is, who knows? I think I would at least give that a shot as well.

  • Replies 2k
  • Views 462.7k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • SpaceInvaderOne
    SpaceInvaderOne

    I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

  • PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

  • Stupifier
    Stupifier

    Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

okay, i try there now.  Thanks for your help!

@griff1984 try unraidip:80 does that work? If not, go to the openvpn admin webui vpn settings->Routing make sure "yes, using NAT is enabled, then add your unraidip in the box there,save,update,restart docker and try again.

Strike!! Awesome! Thats worked! So i can now go on my WebGUI by just typing in my ip address, just like if i was at home on the network...  ONLY PROBLEM... All my dockers ip addresses has just stopped working... whereas before; ip:8282 would have opened Sonarr, now nothing happens! Any ideas?! So close!

You're using the unraidip:"dockerport" right? What happens if you open the docker webui from the unraid webui?

Yep. So i always used my unraidip:8383 (the port its been assigned in the docker settings) and its always worked.  I just changed my VPN settings on my openvpn settings to what you said;

 

Should VPN clients have access to private subnets (non-public networks on the server side)?

Yes, using NAT

 

Specify the private subnets to which all clients should be given access (as 'network/netmask_bits', one per line):

Myunraidip

 

So internally, on the network itself, the ports all still work and all the dockers and plex still loads with these new settings.  But when i use Openvpn connect on my android (ie connecting externally), the Webgui is now working (Finally!!!) but all my docker ports have stopped working.  I tried using my new found ability of using the WebGui to open up the dockers but it still doesnt work....

 

Any thoughts?

 

Hmm, weird.. Been a while since I used the openvpn docker. I don't know if it makes a difference but try instead of your unraidip add the whole subnet, if your unraidip is 192.168.1.xxx add 192.168.1.0/24 in that box,update and restart the docker and try again. And when you try again try to open the webui from the unraid webui first before you try the direct ip:port

 

Edit: And yeah, clear your browser cache on your phone or whatever you're using to browse with.

Edited by strike

Okay so I've done what you've suggested, put exactly 192.168.1.0/24 into the box and nothing seemed to change, the web gui still worked but no Dockers... Until... I tried my plex media server and it worked! Looked at the settings of that compared to the others and the difference to that docker is it has network type as host and privilege as on. Others are on network type bridge and privilege off! Tried changing the Dockers that didn't work to network type host and it works!! So my question is now, why? And should those settings actually be on host and privilege on (changing the privilege didn't do anything by the way)? As much as I'm pleased it's now working and I want it to work I don't want to sacrifice any security issues further on down the line.Can you shed any light on this? 

thanks so much for helping! 

I don't understand why it works when you changed the network type, it shouldn't matter to openvpn, but hey as long as it works! If the Bridge type is selected, the docker's network access will be restricted to only communicating on the ports specified in the docker settings  If the Host type is selected, the docker will be given access to communicate using any port on the host that isn’t already mapped to another in-use docker. I personally like to use bridge on all my dockers so I can map the ports myself. 

 

There shouldn't be any security issues "down the line" openvpn is a secure way to connect to your home network. The only thing I would suggest is changing the ip in the routing section back to the unraid ip, and if you wish to have access to other devices in your home network just add those when you need it. As you added the whole subnet in your last change you can now have access to every device in your home network. But you should restrict access only to the devices you need for security purposes in case your certificates gets in the wrong hands somehow..  

4 hours ago, In0cenT said:

 


root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="openvpn-as" --net="bridge" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "PGID"="100" -e "PUID"="99" -e "INTERFACE"="bond0" -p 943:943/tcp -v "/mnt/cache/appdata/openvpn-as":"/config":rw linuxserver/openvpn-as
8f850d6227c96c18ae8b76c193380870c7cbfcb6b294cc58447458ef1c14fa6e

The command finished successfully!

Logs:



Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...
dpkg-query: package 'tzdata' is not installed and no information is available
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
/usr/sbin/dpkg-reconfigure: tzdata is not installed
[cont-init.d] 20-time: exited 1.
[cont-init.d] 30-config: executing...
[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-openvpn-init: executing...
[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
MOD Default {} {}
MOD Default {} {}
MOD Default {} {}
MOD Default {} {}
[cont-init.d] 50-interface: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

Thanks for your help!

 

Change networking back to host, delete /mnt/cache/appdata/openvpn-as and remove docker image and container.  Then try again.

  • 3 weeks later...

Hello. My question is around having OpenVPN retain/save user credentials and passwords if upgraded or re-image the config folder please? As every time I upgrade the OpenVPN docker, I need to SSH into tower and re-type in all the user credentials as OpenVPN doesn't retain the info - Any guidance appreciated.

From  the readme

 

For user accounts to be persistent, switch the "Authentication" in the webui from "PAM" to "Local" and then set up the user accounts with their passwords.

 

Don't remember if it works on the admin user but it works on normal users.

 

Don't remember if it works on the admin user but it works on normal users.

 

 

Not for the admin user, but works on the vpn client users

 

 

 

 

 

 

 

I try to get into the WEB UI and i get this error

This site can’t be reached

Try:

ERR_CONNECTION_REFUSED

 

2017-05-06 16:34:57-0400 [-] Log opened.
2017-05-06 16:34:57-0400 [-] twistd 9.0.0 (/config/bin/python 2.7.11) starting up.
2017-05-06 16:34:57-0400 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2017-05-06 16:34:57-0400 [-] rmdir /config/etc/db_push
2017-05-06 16:34:58-0400 [-] ACCESS SERVER starting, version=2.1.4b
2017-05-06 16:34:58-0400 [-] Max open files set to (4096, 4096)
2017-05-06 16:34:59-0400 [-] /etc/resolv.conf changed, reparsing
2017-05-06 16:34:59-0400 [-] Resolver added ('192.168.1.1', 53) to server list
2017-05-06 16:35:01-0400 [-] twisted.web.server.Site starting on "u'/openvpn/sock/sagent'"
2017-05-06 16:35:01-0400 [-] twisted.web.server.Site starting on "u'/openvpn/sock/sagent.localroot'"
2017-05-06 16:35:01-0400 [-] twisted.web.server.Site starting on "u'/openvpn/sock/sagent.api'"
2017-05-06 16:35:01-0400 [-] LOCAL_ADDR eth0 : bad local address name or interface is not up; must be 'all', 'localhost', a local IP address, or an interface name: util/cdict:298,net/net:449,net/net:527,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1175,internet/base:779,util/defer:195,svc/svc:484,svc/svc:345,svc/svc:318,svc/svc:801,sagent/vpnsvc:47,sagent/vpnconfig:130,sagent/vpnconfig:138,sagent/vpnconfig:122,util/cdict:330,util/cdict:322,util/cdict:282,util/cdict:191,sagent/vpnconfig:23,util/cdict:330,util/cdict:322,util/cdict:298,net/net:449,net/net:527,util/error:61,util/error:44 (vpn.daemon.0.listen.ip_address) (vpn.daemon.0.listen)
2017-05-06 16:35:01-0400 [-] LOCAL_ADDR eth0 : bad local address name or interface is not up; must be 'all', 'localhost', a local IP address, or an interface name: util/cdict:298,net/net:449,net/net:527,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1175,internet/base:779,util/defer:195,svc/svc:484,svc/svc:378,svc/svc:448,svc/svc:457,svc/svc:318,svc/svc:801,sagent/vpnsvc:47,sagent/vpnconfig:130,sagent/vpnconfig:138,sagent/vpnconfig:122,util/cdict:330,util/cdict:322,util/cdict:282,util/cdict:191,sagent/vpnconfig:23,util/cdict:330,util/cdict:322,util/cdict:298,net/net:449,net/net:527,util/error:61,util/error:44 (vpn.daemon.0.listen.ip_address) (vpn.daemon.0.listen)
2017-05-06 16:35:01-0400 [-] OpenVPNDataDir: using shared dir: '/run/openvpn_as/tmp'
2017-05-06 16:35:01-0400 [-] OpenVPNDataDir: using shared dir: '/run/openvpn_as/dev'
2017-05-06 16:35:01-0400 [-] /bin/mknod -m 0666 /run/openvpn_as/dev/null c 1 3
2017-05-06 16:35:01-0400 [-] /bin/mknod -m 0666 /run/openvpn_as/dev/random c 1 8
2017-05-06 16:35:01-0400 [-] /bin/mknod -m 0444 /run/openvpn_as/dev/urandom c 1 9
2017-05-06 16:35:03-0400 [-] *** MyError.report ***
2017-05-06 16:35:03-0400 [-] Stack Traceback
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/svc/svc.py', 631, '_walk', None)
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/cqsvc.py', 185, 'start', None)
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 138, 'daemon_dict', None)
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 123, 'server_daemon_parms', None)
2017-05-06 16:35:03-0400 [-] 'ip_address': svc/svc:631,sagent/cqsvc:185,sagent/vpnconfig:138,sagent/vpnconfig:123 (exceptions.KeyError)
2017-05-06 16:35:03-0400 [-] *** MyError.report ***
2017-05-06 16:35:03-0400 [-] Stack Traceback
2017-05-06 16:35:03-0400 [-] ('/config/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-x86_64.egg/twisted/internet/defer.py', 323, '_runCallbacks', 'self.result = callback(self.result, *args, **kw)')
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/ipts.py', 145, 'parse_validate', None)
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/iptvpn.py', 139, 'parse_validate', None)
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 248, 'daemon_dict_port_forward', None)
2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 123, 'server_daemon_parms', None)
2017-05-06 16:35:03-0400 [-] Service deferred error: 'ip_address': internet/defer:323,sagent/ipts:145,sagent/iptvpn:139,sagent/vpnconfig:248,sagent/vpnconfig:123 (exceptions.KeyError)
2017-05-06 16:35:03-0400 [-] Server agent initialization failed (1/6 attempts) because the following network resources are unavailable: set(['eth0'])

 

Edited by thegeneral

2 hours ago, CHBMB said:

docker run command and what address you trying to access?

 

i have tried

https://192.168.1.5:943/

https://tower:943/

 

and what do you mean by docker run command? kind of new to this.

1 minute ago, thegeneral said:

 

i have tried

https://192.168.1.5:943/

https://tower:943/

 

and what do you mean by docker run command? kind of new to this.

 

First of all, read the readme.  Tells you which address to go to.

Docker run command from the link in my signature.

1 minute ago, CHBMB said:

 

First of all, read the readme.  Tells you which address to go to.

Docker run command from the link in my signature.

 

i went to the correct address it just tells me 

This site can’t be reached

192.168.1.5 refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

docker run command

 

Command:
root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="openvpn-as" --net="host" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "TCP_PORT_943"="943" -e "TCP_PORT_9443"="9443" -e "UDP_PORT_1194"="1194" -e "PGID"="100" -e "PUID"="99" -v "/mnt/user/appdata/openvpn-as":"/config":rw linuxserver/openvpn-as
b61c2daba6ddc74c9a509c27616a9513e56af0ad80c62639f7fa1a15f9494316

The command finished successfully!

 

Sure you went to the right address?  

Quote

The admin interface is available at https://<ip>:943/admin

 

You didn't specify admin to start with.

2 minutes ago, CHBMB said:

Sure you went to the right address?  

 

You didn't specify admin to start with.

 

true but i tried here is a screenshot

 

FKpOEk1.png

3 minutes ago, CHBMB said:

Ok, post me a copy of your screen as shown in settings => network settings

qOtf5Mz.png

Hey guys, i'm having the same issue thegeneral was having.  I've setup a variable named INTERFACE and set it to bond0, I even tried br0.  Any help would be super appreciated.

 

590f61162a236_2017-05-0714_01_15-unRAID_NetworkSettings.thumb.png.87ba19a529f58f0964abe096197ed8b7.png590f6129ae147_2017-05-0714_00_53-unRAID_UpdateContainer.thumb.png.1234ec5dac1ee264e0f5c7a12f9841df.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.