evocraigst Posted July 19, 2017 Share Posted July 19, 2017 Just now, CHBMB said: NP, yeah Linux is case sensitive so Bond0 and bond0 aren't the same. yea just notice , whats default user and password while ur here Quote Link to comment
CHBMB Posted July 19, 2017 Share Posted July 19, 2017 (edited) 1 minute ago, evocraigst said: yea just notice , whats default user and password while ur here In the readme https://github.com/linuxserver/docker-openvpnas#setting-up-the-application Edited July 19, 2017 by CHBMB Quote Link to comment
evocraigst Posted July 19, 2017 Share Posted July 19, 2017 1 minute ago, CHBMB said: In the readme https://github.com/linuxserver/docker-openvpnas#setting-up-the-application opps missed that thanks Quote Link to comment
nexusmaniac Posted July 19, 2017 Share Posted July 19, 2017 On 7/12/2017 at 5:40 AM, aptalca said: You're right. I realized I'm on an older version as well. We'll look into it. Thanks Cheers for looking into it Any luck so far? Quote Link to comment
FlexGunship Posted July 19, 2017 Share Posted July 19, 2017 1 hour ago, CHBMB said: Name = Whatever you want - irrelevant Key = INTERFACE Value = Bond0 or bond0 Perfect solution. Thanks. Quote Link to comment
aptalca Posted July 20, 2017 Share Posted July 20, 2017 Cheers for looking into it [emoji4] Any luck so far? [emoji3]Not an easy fix. There are a few options but none are really ideal. Currently discussing internally the best recourse 1 Quote Link to comment
nexusmaniac Posted July 20, 2017 Share Posted July 20, 2017 3 hours ago, aptalca said: Not an easy fix. There are a few options but none are really ideal. Currently discussing internally the best recourse Aha I see, fair enough - I'll trust that the right solution is in the works Thanks for the update Quote Link to comment
Darkguy Posted July 28, 2017 Share Posted July 28, 2017 Two short questions: Any idea how to set up access the Web GUI (on port 943) through a reverse proxy using nginx (in the letsencrypt docker)? Also, any idea on how to set up OpenVPN to use a dockerized pi-hole as the DNS (Docker by diginc; running on a host in its own Docker network as described below) - that would be neat to achieve ad-free surfing on the go ) Quote Link to comment
napalmyourmom Posted July 31, 2017 Share Posted July 31, 2017 linuxserver.io - thanks so much for your dockers. They are fantastic. TL;DR - I am trying to setup a static return route on my LAN gateway to to the VPN subnet so my LAN devices can access devices on the VPN subnet... which I am fairly certain is my problem. Question - if the OpenVPN-AS docker is on bond0 and shares the IP of the UnRaid server, how do I ensure my static route makes it to the docker? Does my docker need its own unique IP? I previously had OpenVPN-AS virtual appliance running in Hyper-V and moved over to this docker. The install and configuration was fairly straight forward, I just mimicked my prior config and now my clients can connect. It seems I only have unidirectional traffic VPN Subnet --> LAN Subnet: Lan: 10.0.0.0/24 OpenVPN: 10.0.1.0/24 Unraid IP: 10.0.0.31 Docker interface is set to bond0 Server is up and running fine, all proper ports are exposed on my firewall and forwarded to my unraid IP (10.0.0.31) Config in AS Admin should allow all clients (vpn and local) access bidirectionally to all resources on both subnets VPN Clients connect no problem and are assigned VPN IP (10.0.1.x) I am able to access network resources such as file shares, ping LAN IP addresses and hostnames with FQDN, even RDP into LAN boxes LAN devices cannot ping anything on the VPN subnet (connected clients or the VPN default gateway (5310.0.1.161)) I suspect I need to setup a static return route on the LAN default gateway (10.0.0.1) which is running a linux distro. eth0: WAN IP eth1: LAN IP (10.0.0.0/24) I have tried adding the following line to the ip table of 10.0.0.1: route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.0.31 dev eth1 but it doesn't seem to work even after restarting the firewall service and reboot the device. Thanks in advance for any help! Quote Link to comment
MowMdown Posted August 15, 2017 Share Posted August 15, 2017 (edited) Edit: SOLVED Solution: Seems when your in the OpenVPN webGUI, you need to enable the "Auto Login" feature for the user account that will be using the OpenVPN client. I was able to successfully log into my server that way. Hello, After following the Spaceinvader One YT Video, Ive setup my OpenVPN server, a DDNS tracker, and have the proper ports forwarded. For some strange reason, after getting the user account setup (cmdline and on the webGUI) the client download will not connect to the VPN server but when the "userlocked" profile is downloaded to my iPhone it works using the iOS app. I have full access to my server via my mobile network. Any idea why the client download doesn't connect? Edited August 15, 2017 by MowMdown Quote Link to comment
gizmer Posted August 17, 2017 Share Posted August 17, 2017 (edited) Hi experts, I have an OpenVPN Docker from linuxserver on my UNRAID machine running. Everything works fine and I can connect from outside to my local network until I update the docker container. After each update I can’t connect to and login into the OpenVPN server anymore – the client says that the password is wrong. That’s why every time the docker gets updated, I need to set the password of the admin account to its old value. So the problem is that after each OpenVPN docker update the password of the admin account gets somehow resetted. Authentication settings in the Docker settings are as follow: under “Authenticate users using” I tried Local and PAM. In both cases the same result. Has anyone noticed this behavior? How can I fix it? Edited August 17, 2017 by gizmer Quote Link to comment
wgstarks Posted August 17, 2017 Share Posted August 17, 2017 Yes. After an update the admin password is reset to the default. You can change the password using the command shown in the GitHub Readme under "Setting up the application". Quote Link to comment
gizmer Posted August 17, 2017 Share Posted August 17, 2017 2 hours ago, wgstarks said: Yes. After an update the admin password is reset to the default. You can change the password using the command shown in the GitHub Readme under "Setting up the application". OK, thanks. Is there any chance to prevent the password resetting? Quote Link to comment
wgstarks Posted August 17, 2017 Share Posted August 17, 2017 (edited) 25 minutes ago, gizmer said: OK, thanks. Is there any chance to prevent the password resetting? Don't run the update except when you also plan to reset the password. If I understand correctly, LSIO updates all their dockers weekly but there isn't necessarily any change. Maybe one of the LSIO members can expand on this? You can use the CA User Scripts plugin to simplify the password reset process probably. Edited August 17, 2017 by wgstarks Quote Link to comment
aptalca Posted August 18, 2017 Share Posted August 18, 2017 OK, thanks. Is there any chance to prevent the password resetting?There is a pr that will provide instructions on how to fix the password resetting issue. It is currently under review and should be merged soon Quote Link to comment
wgstarks Posted August 18, 2017 Share Posted August 18, 2017 (edited) 17 hours ago, aptalca said: On 8/17/2017 at 2:14 PM, gizmer said: OK, thanks. Is there any chance to prevent the password resetting? There is a pr that will provide instructions on how to fix the password resetting issue. It is currently under review and should be merged soon I'm probably jumping the gun with this question, but what will I need to do to add this to my existing docker when it's merged? I see it's already been approved. Edit: I see the readme changes. That looks simple enough, just not sure how to get the modifications to /root/etc/cont-init.d/40-openvpn-init or if I even need to? Edited August 18, 2017 by wgstarks Quote Link to comment
wgstarks Posted August 19, 2017 Share Posted August 19, 2017 6 hours ago, wgstarks said: just not sure how to get the modifications to /root/etc/cont-init.d/40-openvpn-init or if I even need to? Never mind. I see an update ready for the docker. Guessing I just need to run the update? The rest was very simple. @aptalca BIG THANKS. Quote Link to comment
CHBMB Posted August 19, 2017 Share Posted August 19, 2017 You don't, that file will be updatedSent from my LG-H815 using Tapatalk Quote Link to comment
aptalca Posted August 19, 2017 Share Posted August 19, 2017 I'm probably jumping the gun with this question, but what will I need to do to add this to my existing docker when it's merged? I see it's already been approved. Edit: I see the readme changes. That looks simple enough, just not sure how to get the modifications to /root/etc/cont-init.d/40-openvpn-init or if I even need to?The instructions in the readme will apply to existing users. The most important thing is to make sure that authentication is set to local before the other users are created. In a nutshell, pam users don't survive container updates or reinstalls, and the admin user (a pam user) gets reset. Local users survive updates and the admin user access (a pam user) can be deactivated in the config file once another local user is given admin privileges Quote Link to comment
wgstarks Posted August 19, 2017 Share Posted August 19, 2017 Yeah. Already had authentication set to local so that wasn't any problem. The only issue I had at all was deleting the user "admin" after I configured a new user with admin privileges. Did you know that if you log in as user "admin" you can't delete that user in the GUI. Once I figured out that I needed to login as the new user the rest was a piece of cake. Ran the docker update last night and then tested logging in as default admin user, which failed (as desired). Looks good. Quote Link to comment
wgstarks Posted August 19, 2017 Share Posted August 19, 2017 Would like opinions. Should I set my new admin user as an account separate from the one I normally use to connect from WAN? Was thinking that it might be more secure if the admin user can only connect from the local network. Not really sure about any problems this might create though. Or maybe I should just throw away my tinfoil hat and not worry about it at all. Quote Link to comment
JonathanM Posted August 19, 2017 Share Posted August 19, 2017 5 minutes ago, wgstarks said: Should I set my new admin user as an account separate from the one I normally use to connect from WAN? Was thinking that it might be more secure if the admin user can only connect from the local network. Yes. You shouldn't be able to admin the vpn server without authenticating into the network first. Quote Link to comment
wgstarks Posted August 19, 2017 Share Posted August 19, 2017 58 minutes ago, jonathanm said: Yes. You shouldn't be able to admin the vpn server without authenticating into the network first. That's true. My normal user is using a certificate to authenticate. That's why I thought there may not really be a problem with letting that account have admin privileges, and setting up a "local only" account for admin might really just be over kill. Quote Link to comment
aptalca Posted August 19, 2017 Share Posted August 19, 2017 Yeah. Already had authentication set to local so that wasn't any problem. The only issue I had at all was deleting the user "admin" after I configured a new user with admin privileges. Did you know that if you log in as user "admin" you can't delete that user in the GUI.[emoji5] Once I figured out that I needed to login as the new user the rest was a piece of cake. Ran the docker update last night and then tested logging in as default admin user, which failed (as desired). Looks good.No need to delete the admin user. It will come back when you update the container anyway. Just follow the steps in the readme to disallow the admin user logging in. The admin user is required for the first time login, that's why the container always creates it. But once the user sets up another account with admin privileges and disables admin user login in the config, admin will just be a useless account that doesn't do anything (and doesn't hurt anything).If you want to tighten up security, you can create two user accounts, one an admin, specifically for management purposes, and another for users to login with. Only share the certificate for the second user account with your users. Or, you can create many user accounts, one for each real life user (or per device) so you can disable access for a specific individual if needed. I'm the only vpn user for my server so I use the same certificate on all of my devices. The downside is, if a device is lost or stolen, I would have to generate a new cert and update it on all the other devices. Quote Link to comment
wgstarks Posted August 19, 2017 Share Posted August 19, 2017 I only have one mobile device that I use to connect from WAN. I think I'll probably disable admin privileges for that one and just set up another user/password for an admin user that is only on my local network. Hadn't even thought about being able to delete the user if the phone gets lost/stolen. That's a good point. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.