Arndroid Posted August 21, 2017 Share Posted August 21, 2017 I have followed the Video guide here: This also do double check steps. Creating an Admin password and logging in and chaging settings works fine. However, I have, as shown in the video, also created a new user. (around 7:10) But I cannot login with it afterwards as shown in the video. (around 8:55) I set the dropdownmenu to Login instead of Connect aswell, as shown in the video. Is there something that has changed since this video was created, that requires my attention in order to log in with the newly created user(s)? Quote Link to comment
wgstarks Posted August 21, 2017 Share Posted August 21, 2017 It would probably be better if you followed the installation directions in the github readme linked in the OP. Quote Link to comment
Arndroid Posted August 21, 2017 Share Posted August 21, 2017 I believe you are refering to these steps, to be exact: https://github.com/linuxserver/docker-openvpnas#setting-up-the-application What I did/try to do: Under Authentication > General change from Local to PAM, and back from PAM to Local again. (It was already on Local for some reason) Then deleted user(s) in de webgui. (And SSH, userdel) Then continued to add users under SSH and then add then in the webgui. I am un able to remove the admin user in the webgui. (As the steps on GitHub mention) So I deleted the admin user via SSH, userdel. (not webgui...) Modified the "as.conf" under "/appdata/openvpn-as/etc" and commeted the "boot_pam_users.0=admin" line by putting a hashtag in front of it. But, as you probably guessed by now, I am still unable to log in with my newly created user(s). (Login failed, both Login and Connect) I am using Linuxserver's OpenVPN-as, but there seem to be differences, even in the GitHub guide, or is it just me? Any more info I can provide to help solve this issue? 1 Quote Link to comment
wgstarks Posted August 21, 2017 Share Posted August 21, 2017 With the most recent version you shouldn't need to use PAM at all. Just login the first time with the default admi/password. Create a new user with admin privileges in the webgui. Logout of the default admin account. Log back in with the new user credentials you just created just to test it. Make the change to as.conf. I believe you shouldn't need SSH at all. If this doesn't work you can attach your logs to your next post. Be sure to redact users and passwords. I'm sure one of the gurus here will be able to figure it out. Quote Link to comment
Arndroid Posted August 21, 2017 Share Posted August 21, 2017 Indeed, I clean installed OpenVPN-as and followed the GitHub instructions. All problems were solved instantly. Thank you. Quote Link to comment
wgstarks Posted August 21, 2017 Share Posted August 21, 2017 3 minutes ago, Arndroid said: Indeed, I clean installed OpenVPN-as and followed the GitHub instructions. All problems were solved instantly. Thank you. The docker was just modified last week. Perhaps @gridrunner might update his video since the installation now has some significant changes. Much easier setup IMHO. Quote Link to comment
Arndroid Posted August 21, 2017 Share Posted August 21, 2017 2 hours ago, wgstarks said: The docker was just modified last week. Perhaps @gridrunner might update his video since the installation now has some significant changes. Much easier setup IMHO. Indeed seems to be much easier, not that I had any problems the way I had to set it up according to the video. (... Well, you know what I mean) Gridrunner's video still holds value regarding to the SSL setup, the basics of it were a big help in applying it for myself under my own environment. Quote Link to comment
JonathanM Posted August 21, 2017 Share Posted August 21, 2017 3 hours ago, wgstarks said: The docker was just modified last week. Perhaps @gridrunner might update his video since the installation now has some significant changes. Much easier setup IMHO. Probably doesn't even need to be redone, just add a couple notations. Quote Link to comment
aptalca Posted August 22, 2017 Share Posted August 22, 2017 I believe you are refering to these steps, to be exact:https://github.com/linuxserver/docker-openvpnas#setting-up-the-application What I did/try to do: Under Authentication > General change from Local to PAM, and back from PAM to Local again. (It was already on Local for some reason) Then deleted user(s) in de webgui. (And SSH, userdel) Then continued to add users under SSH and then add then in the webgui. I am un able to remove the admin user in the webgui. (As the steps on GitHub mention) So I deleted the admin user via SSH, userdel. (not webgui...) Modified the "as.conf" under "/appdata/openvpn-as/etc" and commeted the "boot_pam_users.0=admin" line by putting a hashtag in front of it. But, as you probably guessed by now, I am still unable to log in with my newly created user(s). (Login failed, both Login and Connect) I am using Linuxserver's OpenVPN-as, but there seem to be differences, even in the GitHub guide, or is it just me? Any more info I can provide to help solve this issue? [emoji4]Please read my message three messages above yours. No need to add users through ssh. No need to delete the admin user. No need to do anything through ssh anymore. Follow the directions on docker hub or github. It really is super simple to set up. You guys are way over-complicating it. With regards to switching authentication to pam and back to local, you don't need to do that either. With the latest update, new installs default to local authentication. If you update an older install, it may have been set to pam, in that case, change it to local. If it's already local, you're good to go. Quote Link to comment
Arndroid Posted August 22, 2017 Share Posted August 22, 2017 (edited) Sorry aptalca, I could indeed have looked through the thread a little more before posting about the issue I had. I didn't expect it to be in the most recent posts, nor could I think of the right search terminology at that time. However, wgstarks already pointed out the GitHub guide and how this docker was updated just last week, making some changes in the initial setup. I did a clean installation of the docker and followed the guide from the GitHub page, everything went smoothly from there on. Very happy with the docker! Edited August 22, 2017 by Arndroid Quote Link to comment
daniel329 Posted August 22, 2017 Share Posted August 22, 2017 On 7/19/2017 at 8:33 AM, CHBMB said: Name = Whatever you want - irrelevant Key = INTERFACE Value = Bond0 or bond0 I have been unable to access the WebUI. I've tried bond0 and Bond0. Am I missing something? Quote Link to comment
CHBMB Posted August 22, 2017 Share Posted August 22, 2017 Are you using a bonded nic?Sent from my LG-H815 using Tapatalk Quote Link to comment
daniel329 Posted August 23, 2017 Share Posted August 23, 2017 10 minutes ago, CHBMB said: Are you using a bonded nic? Sent from my LG-H815 using Tapatalk I didn't think I was but I checked and it was on. It must come enabled by default now? Sorry to waste your time! To clarify to n00bs like myself. Go to settings and network settings and switch off bonded if you're not using bonded (which is seems most people aren't) Quote Link to comment
daniel329 Posted August 23, 2017 Share Posted August 23, 2017 Since it isn't addressed in the ReadMe - Can someone clarify if additional SSL setup is necessary for security per SpaceInvader's video? I don't have a good understanding of SSL but I want to be sure traffic is encrypted as I will be accessing financial documents via OpenVPN Quote Link to comment
MowMdown Posted August 25, 2017 Share Posted August 25, 2017 On 8/22/2017 at 8:14 PM, daniel329 said: Since it isn't addressed in the ReadMe - Can someone clarify if additional SSL setup is necessary for security per SpaceInvader's video? I don't have a good understanding of SSL but I want to be sure traffic is encrypted as I will be accessing financial documents via OpenVPN I believe the additional steps in the video are merely cosmetic so that you don't get the warning about a bad/missing certificate. Its just so you know its a "trusted" site/connection. I don't believe it affects the actual encrypted connection in any way. Quote Link to comment
CHBMB Posted August 25, 2017 Share Posted August 25, 2017 CorrectSent from my LG-H815 using Tapatalk Quote Link to comment
daniel329 Posted August 25, 2017 Share Posted August 25, 2017 3 hours ago, MowMdown said: I believe the additional steps in the video are merely cosmetic so that you don't get the warning about a bad/missing certificate. Its just so you know its a "trusted" site/connection. I don't believe it affects the actual encrypted connection in any way. Thank-you both for the clarification! Quote Link to comment
mattkhan Posted August 27, 2017 Share Posted August 27, 2017 I've added this to my setup recently, v easy to get going so thanks for providing it. I'm using a 2.4.3 openvpn client and I notice it complains about WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).' This seems to be https://community.openvpn.net/openvpn/wiki/SWEET32 The container logs indicate this is a 2.3.17 server 2017-08-04 17:14:46+0100 [-] OVPN 0 OUT: 'Fri Aug 4 17:14:46 2017 OpenVPN 2.3.17 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 27 2017' https://openvpn.net/index.php/open-source/downloads.html indicates this is the old stable version, 2.4.3 is the current stable and this seems to be the fix (e.g. picking some other random docker openvpn container - https://github.com/kylemanna/docker-openvpn/issues/267) . I notice that your dependency is on https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html for ubuntu 16 and it's not immediately obvious how this relates to the openvpn version. Do you have a plan to close this gap? Quote Link to comment
CHBMB Posted August 27, 2017 Share Posted August 27, 2017 We pull the Ubuntu version directly from the OpenVPN-AS site, as you've seen for Ubuntu 16 as the container is based on Xenial. Unfortunately OpenVPN haven't yet themselves updated this binary to the latest stable version, so it may be worth posting on their github as this is an upstream issue, rather than with us. https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu Quote Link to comment
mattkhan Posted August 27, 2017 Share Posted August 27, 2017 I can't find a public repo for openvpn-as & it seems they use a trac instance on their site instead of github for issues so I logged a support ticket. Quote Link to comment
aptalca Posted August 27, 2017 Share Posted August 27, 2017 I can't find a public repo for openvpn-as & it seems they use a trac instance on their site instead of github for issues so I logged a support ticket.Openvpn and openvpn-as are separate products. The first is the actual platform and the backend, and is open source. The second is a frontend server based on the first, but is not open source and is a commercial product. Quote Link to comment
jumperalex Posted August 27, 2017 Share Posted August 27, 2017 On 8/21/2017 at 1:37 PM, Arndroid said: Modified the "as.conf" under "/appdata/openvpn-as/etc" and commeted the "boot_pam_users.0=admin" line by putting a hashtag in front of it. Thank you for this. I brain locked on where to find as.conf LSIO, it might be worth updating the github instructions to add the "appdata/" bit Quote Link to comment
mattkhan Posted August 27, 2017 Share Posted August 27, 2017 (edited) No comment from them on when they will upgrade openvpn-as to openvpn 2.4 but it seems it is not necessary anyway as the config options to avoid this are available now. They are described in https://sweet32.info/ as either a client side only option reneg-bytes 64000000 Alternatively, if you control the server and client, then you can set on both the server and client config directives (via the Advanced VPN page) cipher AES-256-CBC It doesn't seem there is a way to set this via the cli or in config so I don't suppose there is anything you can do to set this in the container. I suppose you could add something to the setup docs though. FWIW further reading suggests to use a few other directives, namely to set server and client as follows for a reasonably hardened config cipher AES-256-CBC auth SHA512 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 This seems to work fine for me. The support guy also commented on the possibility of an attack via the embedded twisted web server which I'll just post here for reference Quote And if you are referring to sweet32 vulnerable cipher being used on the web services, then you can adjust the web services to disable any ciphers you don't want to use. Usually this means adding !3DES to the cipher suite string or such. This issue has nothing to do with version of OpenVPN at all.The OpenVPN Access Server program has a built-in web server that is based on Twisted (Python) web server, but modified for enhanced security. Because the security on web servers in regards to SSL/TLS encryption is an area of encryption that constantly changes due to ongoing research into how to improve security and how to break older, less secure, encryption methods, we have made it possible to change the encryption scheme used into a custom set of ciphers.In the Admin UI, under SSL Settings, there are 3 sections. The first is to select OpenSSL or PolarSSL, and we recommend the default; OpenSSL. Another is for the TLS level used by the OpenVPN daemons, by which the default is usually TLS 1.0 (default). We generally recommend that this is not changed unless you have a specific need to. This particular OpenVPN daemons setting does not affect the web services but it affects the VPN tunnels themselves. But the other setting, for the OpenVPN web services, does affect the web services. We recommend that this setting is TLS 1.0 or higher. Please choose your preferred setting here. What you prefer in general hinges on current recommendations on security and compatibility for web browsers. This changes with time. For example, there was a time when Internet Explorer 6 was widely used, and TLS 1.2 simply would not work on this, making it impossible for IE6 users to connect. As time passes, these older browsers are no longer used and more secure methods can be used. We advise that you look up recommendations online for the current state of security and compatibility for web browsers. Our recommendation is TLS 1.0 to be compatible and reasonably safe.The web server also uses a cipher string. This cipher string is in OpenSSL standard format and defines which encryption methods for the web browser sessions are allowed or specifically disallowed. We do have a recommendation ourselves, but, again, as time passes, this will likely change. For example at some point 3DES was an acceptable cipher string, but now it is no longer, because a vulnerability has been found it that makes it possible to crack it. Not very easily so, but still possible, and thus the recommendation now is to disable this. Again we refer to resources online to look up recommendations on the current state of security and compatibility for web browsers. And if you are using a security program that scans for vulnerabilities and reports a specific cipher as undesirable, please look up in the OpenSSL documentation how to disable this in the cipher string, and then implement this change in the cipher string used by the Access Server.Below links are for the OpenSSL cipher string documentation and our documentation on how to change the cipher string in the OpenVPN Access Server. The commands mentioned in our documentation are meant to be run on the OpenVPN Access Server operating system itself, as root user, in the /usr/local/openvpn_as/scripts/ folder.https://www.openssl.org/docs/man1.0.2/apps/ciphers.htmlhttps://docs.openvpn.net/docs/access-server/openvpn-access-server-command-line-tools.html#selecting-web-server-ciphersuites Edited August 27, 2017 by mattkhan Quote Link to comment
Dyllan2000alfa Posted August 29, 2017 Share Posted August 29, 2017 I have used this openvpn docker for a while but recently when i installed on a new machine and i can not access the web ui here is the the log. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... Current default time zone: 'America/Los_Angeles' Local time is now: Mon Aug 28 19:15:04 PDT 2017. Universal Time is now: Tue Aug 29 02:15:04 UTC 2017. [cont-init.d] 20-time: exited 0. [cont-init.d] 30-config: executing... [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... Detected an existing OpenVPN-AS configuration. Continuing will delete this configuration and restart from scratch. Please enter 'DELETE' to delete existing configuration: OpenVPN Access Server Initial Configuration Tool ------------------------------------------------------ OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA) 1. Copyright Notice: OpenVPN Access Server License; Copyright (c) 2009-2013 OpenVPN Technologies, Inc.. All rights reserved. "OpenVPN" is a trademark of OpenVPN Technologies, Inc. 2. Redistribution of OpenVPN Access Server binary forms and related documents, are permitted provided that redistributions of OpenVPN Access Server binary forms and related documents reproduce the above copyright notice as well as a complete copy of this EULA. 3. You agree not to reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of this software, or create derivative works from this software. 4. The OpenVPN Access Server is bundled with other open source software components, some of which fall under different licenses. By using OpenVPN or any of the bundled components, you agree to be bound by the conditions of the license for each respective component. For more information, you can find our complete EULA (End-User License Agreement) on our website (http://openvpn.net), and a copy of the EULA is also distributed with the Access Server in the file /usr/local/openvpn_as/license.txt. 5. This software is provided "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall OpenVPN Technologies, Inc. be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. 6. OpenVPN Technologies, Inc. is the sole distributor of OpenVPN Access Server licenses. This agreement and licenses granted by it may not be assigned, sublicensed, or otherwise transferred by licensee without prior written consent of OpenVPN Technologies Inc. Any licenses violating this provision will be subject to revocation and deactivation, and will not be eligible for refunds. 7. A purchased license entitles you to use this software for the duration of time denoted on your license key on any one (1) particular device, up to the concurrent user limit specified by your license. Multiple license keys may be activated to achieve a desired concurrency limit on this given device. Unless otherwise prearranged with OpenVPN Technologies, Inc., concurrency counts on license keys are not to be divided for use amongst multiple devices. Upon activation of the first purchased license key in this software, you agree to forego any free licenses or keys that were given to you for demonstration purposes, and as such, the free licenses will not appear after the activation of a purchased key. You are responsible for the timely activation of these licenses on your desired server of choice. Refunds on purchased license keys are only possible within 30 days of purchase of license key, and then only if the license key has not already been activated on a system. To request a refund, contact us through our support ticket system using the account you have used to purchase the license key. Exceptions to this policy may be given for machines under failover mode, and when the feature is used as directed in the OpenVPN Access Server user manual. In these circumstances, a user is granted one (1) license key (per original license key) for use solely on failover purposes free of charge. Other failover and/or load balancing use cases will not be eligible for this exception, and a separate license key would have to be acquired to satisfy the licensing requirements. To request a license exception, please file a support ticket in the OpenVPN Access Server ticketing system. A staff member will be responsible for determining exception eligibility, and we reserve the right to decline any requests not meeting our eligibility criteria, or requests which we believe may be fraudulent in nature. 8. Activating a license key ties it to the specific hardware/software combination that it was activated on, and activated license keys are nontransferable. Substantial software and/or hardware changes may invalidate an activated license. In case of substantial software and/or hardware changes, caused by for example, but not limited to failure and subsequent repair or alterations of (virtualized) hardware/software, our software product will automatically attempt to contact our online licensing systems to renegotiate the licensing state. On any given license key, you are limited to three (3) automatic renegotiations within the license key lifetime. After these renegotiations are exhausted, the license key is considered invalid, and the activation state will be locked to the last valid system configuration it was activated on. OpenVPN Technologies, Inc. reserves the right to grant exceptions to this policy for license holders under extenuating circumstances, and such exceptions can be requested through a ticket via the OpenVPN Access Server ticketing system. 9. Once an activated license key expires or becomes invalid, the concurrency limit on our software product will decrease by the amount of concurrent connections previously granted by the license key. If all of your purchased license key(s) have expired, the product will revert to demonstration mode, which allows a maximum of two (2) concurrent users to be connected to your server. Prior to your license expiration date(s), OpenVPN Technologies, Inc. will attempt to remind you to renew your license(s) by sending periodic email messages to the licensee email address on record. You are solely responsible for the timely renewal of your license key(s) prior to their expiration if continued operation is expected after the license expiration date(s). OpenVPN Technologies, Inc. will not be responsible for any misdirected and/or undeliverable email messages, nor does it have an obligation to contact you regarding your expiring license keys. 10. Any valid license key holder is entitled to use our ticketing system for support questions or issues specifically related to the OpenVPN Access Server product. To file a ticket, go to our website at http://openvpn.net/ and sign in using the account that was registered and used to purchase the license key(s). You can then access the support ticket system through our website and submit a support ticket. Tickets filed in the ticketing system are answered on a best-effort basis. OpenVPN Technologies, Inc. staff reserve the right to limit responses to users of our demo / expired licenses, as well as requests that substantively deviate from the OpenVPN Access Server product line. Tickets related to the open source version of OpenVPN will not be handled here. 11. Purchasing a license key does not entitle you to any special rights or privileges, except the ones explicitly outlined in this user agreement. Unless otherwise arranged prior to your purchase with OpenVPN Technologies, Inc., software maintenance costs and terms are subject to change after your initial purchase without notice. In case of price decreases or special promotions, OpenVPN Technologies, Inc. will not retrospectively apply credits or price adjustments toward any licenses that have already been issued. Furthermore, no discounts will be given for license maintenance renewals unless this is specified in your contract with OpenVPN Technologies, Inc. Please enter 'yes' to indicate your agreement [no]: Once you provide a few initial configuration settings, OpenVPN Access Server can be configured by accessing its Admin Web UI using your Web browser. Will this be the primary Access Server node? (enter 'no' to configure as a backup or standby node) > Press ENTER for default [yes]: Please specify the network interface and IP address to be used by the Admin Web UI: (1) all interfaces: 0.0.0.0 (2) br0: 192.168.0.3 (3) docker0: 172.17.0.1 (4) virbr0: 192.168.122.1 (5) bond0: 192.168.0.3 (6) virbr0-nic: 192.168.122.1 Please enter the option number from the list above (1-6). > Press Enter for default [2]: Please specify the port number for the Admin Web UI. > Press ENTER for default [943]: Please specify the TCP port number for the OpenVPN Daemon > Press ENTER for default [443]: Should client traffic be routed by default through the VPN? > Press ENTER for default [yes]: Should client DNS traffic be routed by default through the VPN? > Press ENTER for default [yes]: Use local authentication via internal DB? > Press ENTER for default [no]: Private subnets detected: ['192.168.0.0/24', '192.168.122.0/24', '172.17.0.0/16'] Should private subnets be accessible to clients by default? > Press ENTER for default [yes]: To initially login to the Admin Web UI, you must use a username and password that successfully authenticates you with the host UNIX system (you can later modify the settings so that RADIUS or LDAP is used for authentication instead). You can login to the Admin Web UI as "openvpn" or specify a different user account to use for this purpose. Do you wish to login to the Admin UI as "openvpn"? > Press ENTER for default [yes]: > Specify the username for an existing user or for the new user account: Note: This user already exists. > Please specify your OpenVPN-AS license key (or leave blank to specify later): Initializing OpenVPN... Adding new user login... useradd -s /sbin/nologin "admin" Writing as configuration file... Perform sa init... Wiping any previous userdb... Creating default profile... Modifying default profile... Adding new user to userdb... Modifying new user as superuser in userdb... Getting hostname... Hostname: UNDyllan Preparing web certificates... Getting web user account... Adding web group account... Adding web group... Adjusting license directory ownership... Initializing confdb... Generating init scripts... Generating PAM config... Generating init scripts auto command... Starting openvpnas... Error: Could not execute server start. [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... MOD Default {u'admin_ui.https.ip_address': u'all'} {u'admin_ui.https.ip_address': 'eth0'} MOD Default {u'cs.https.ip_address': u'all'} {u'cs.https.ip_address': 'eth0'} MOD Default {u'vpn.daemon.0.listen.ip_address': u'all'} {u'vpn.daemon.0.listen.ip_address': 'eth0'} MOD Default {u'vpn.daemon.0.server.ip_address': u'all'} {u'vpn.daemon.0.server.ip_address': 'eth0'} [cont-init.d] 50-interface: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Quote Link to comment
aptalca Posted August 29, 2017 Share Posted August 29, 2017 I have used this openvpn docker for a while but recently when i installed on a new machine and i can not access the web ui here is the the log.[s6-init] making user provided files available at /var/run/s6/etc...exited 0.[s6-init] ensuring user provided files have correct perms...exited 0.[fix-attrs.d] applying ownership & permissions fixes...[fix-attrs.d] done.[cont-init.d] executing container initialization scripts...[cont-init.d] 10-adduser: executing...-------------------------------------_ _ _| |___| (_) ___| / __| | |/ _ \| \__ \ | | (_) ||_|___/ |_|\___/|_|Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-time: executing...Current default time zone: 'America/Los_Angeles'Local time is now: Mon Aug 28 19:15:04 PDT 2017.Universal Time is now: Tue Aug 29 02:15:04 UTC 2017.[cont-init.d] 20-time: exited 0.[cont-init.d] 30-config: executing...[cont-init.d] 30-config: exited 0.[cont-init.d] 40-openvpn-init: executing...Detected an existing OpenVPN-AS configuration.Continuing will delete this configuration and restart from scratch.Please enter 'DELETE' to delete existing configuration:OpenVPN Access ServerInitial Configuration Tool------------------------------------------------------OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)1. Copyright Notice: OpenVPN Access Server License;Copyright (c) 2009-2013 OpenVPN Technologies, Inc.. All rights reserved."OpenVPN" is a trademark of OpenVPN Technologies, Inc.2. Redistribution of OpenVPN Access Server binary forms and related documents,are permitted provided that redistributions of OpenVPN Access Server binaryforms and related documents reproduce the above copyright notice as well asa complete copy of this EULA.3. You agree not to reverse engineer, decompile, disassemble, modify,translate, make any attempt to discover the source code of this software,or create derivative works from this software.4. The OpenVPN Access Server is bundled with other open source softwarecomponents, some of which fall under different licenses. By using OpenVPNor any of the bundled components, you agree to be bound by the conditionsof the license for each respective component. For more information, you canfind our complete EULA (End-User License Agreement) on our website(http://openvpn.net), and a copy of the EULA is also distributed with theAccess Server in the file /usr/local/openvpn_as/license.txt.5. This software is provided "as is" and any expressed or implied warranties,including, but not limited to, the implied warranties of merchantabilityand fitness for a particular purpose are disclaimed. In no event shallOpenVPN Technologies, Inc. be liable for any direct, indirect, incidental,special, exemplary, or consequential damages (including, but not limitedto, procurement of substitute goods or services; loss of use, data, orprofits; or business interruption) however caused and on any theory ofliability, whether in contract, strict liability, or tort (includingnegligence or otherwise) arising in any way out of the use of thissoftware, even if advised of the possibility of such damage.6. OpenVPN Technologies, Inc. is the sole distributor of OpenVPN Access Serverlicenses. This agreement and licenses granted by it may not be assigned,sublicensed, or otherwise transferred by licensee without prior writtenconsent of OpenVPN Technologies Inc. Any licenses violating this provisionwill be subject to revocation and deactivation, and will not be eligiblefor refunds.7. A purchased license entitles you to use this software for the duration oftime denoted on your license key on any one (1) particular device, up tothe concurrent user limit specified by your license. Multiple license keysmay be activated to achieve a desired concurrency limit on this givendevice. Unless otherwise prearranged with OpenVPN Technologies, Inc.,concurrency counts on license keys are not to be divided for use amongstmultiple devices. Upon activation of the first purchased license key inthis software, you agree to forego any free licenses or keys that weregiven to you for demonstration purposes, and as such, the free licenseswill not appear after the activation of a purchased key. You areresponsible for the timely activation of these licenses on your desiredserver of choice. Refunds on purchased license keys are only possiblewithin 30 days of purchase of license key, and then only if the license keyhas not already been activated on a system. To request a refund, contact usthrough our support ticket system using the account you have used topurchase the license key. Exceptions to this policy may be given formachines under failover mode, and when the feature is used as directed inthe OpenVPN Access Server user manual. In these circumstances, a user isgranted one (1) license key (per original license key) for use solely onfailover purposes free of charge. Other failover and/or load balancing usecases will not be eligible for this exception, and a separate license keywould have to be acquired to satisfy the licensing requirements. To requesta license exception, please file a support ticket in the OpenVPN AccessServer ticketing system. A staff member will be responsible for determiningexception eligibility, and we reserve the right to decline any requests notmeeting our eligibility criteria, or requests which we believe may befraudulent in nature.8. Activating a license key ties it to the specific hardware/softwarecombination that it was activated on, and activated license keys arenontransferable. Substantial software and/or hardware changes mayinvalidate an activated license. In case of substantial software and/orhardware changes, caused by for example, but not limited to failure andsubsequent repair or alterations of (virtualized) hardware/software, oursoftware product will automatically attempt to contact our online licensingsystems to renegotiate the licensing state. On any given license key, youare limited to three (3) automatic renegotiations within the license keylifetime. After these renegotiations are exhausted, the license key isconsidered invalid, and the activation state will be locked to the lastvalid system configuration it was activated on. OpenVPN Technologies, Inc.reserves the right to grant exceptions to this policy for license holdersunder extenuating circumstances, and such exceptions can be requestedthrough a ticket via the OpenVPN Access Server ticketing system.9. Once an activated license key expires or becomes invalid, the concurrencylimit on our software product will decrease by the amount of concurrentconnections previously granted by the license key. If all of your purchasedlicense key(s) have expired, the product will revert to demonstration mode,which allows a maximum of two (2) concurrent users to be connected to yourserver. Prior to your license expiration date(s), OpenVPN Technologies,Inc. will attempt to remind you to renew your license(s) by sendingperiodic email messages to the licensee email address on record. You aresolely responsible for the timely renewal of your license key(s) prior totheir expiration if continued operation is expected after the licenseexpiration date(s). OpenVPN Technologies, Inc. will not be responsible forany misdirected and/or undeliverable email messages, nor does it have anobligation to contact you regarding your expiring license keys.10. Any valid license key holder is entitled to use our ticketing system forsupport questions or issues specifically related to the OpenVPN AccessServer product. To file a ticket, go to our website at http://openvpn.net/and sign in using the account that was registered and used to purchase thelicense key(s). You can then access the support ticket system through ourwebsite and submit a support ticket. Tickets filed in the ticketing systemare answered on a best-effort basis. OpenVPN Technologies, Inc. staffreserve the right to limit responses to users of our demo / expiredlicenses, as well as requests that substantively deviate from the OpenVPNAccess Server product line. Tickets related to the open source version ofOpenVPN will not be handled here.11. Purchasing a license key does not entitle you to any special rights orprivileges, except the ones explicitly outlined in this user agreement.Unless otherwise arranged prior to your purchase with OpenVPN Technologies,Inc., software maintenance costs and terms are subject to change after yourinitial purchase without notice. In case of price decreases or specialpromotions, OpenVPN Technologies, Inc. will not retrospectively applycredits or price adjustments toward any licenses that have already beenissued. Furthermore, no discounts will be given for license maintenancerenewals unless this is specified in your contract with OpenVPNTechnologies, Inc.Please enter 'yes' to indicate your agreement [no]:Once you provide a few initial configuration settings,OpenVPN Access Server can be configured by accessingits Admin Web UI using your Web browser.Will this be the primary Access Server node?(enter 'no' to configure as a backup or standby node)> Press ENTER for default [yes]:Please specify the network interface and IP address to beused by the Admin Web UI:(1) all interfaces: 0.0.0.0(2) br0: 192.168.0.3(3) docker0: 172.17.0.1(4) virbr0: 192.168.122.1(5) bond0: 192.168.0.3(6) virbr0-nic: 192.168.122.1Please enter the option number from the list above (1-6).> Press Enter for default [2]:Please specify the port number for the Admin Web UI.> Press ENTER for default [943]:Please specify the TCP port number for the OpenVPN Daemon> Press ENTER for default [443]:Should client traffic be routed by default through the VPN?> Press ENTER for default [yes]:Should client DNS traffic be routed by default through the VPN?> Press ENTER for default [yes]:Use local authentication via internal DB?> Press ENTER for default [no]:Private subnets detected: ['192.168.0.0/24', '192.168.122.0/24', '172.17.0.0/16']Should private subnets be accessible to clients by default?> Press ENTER for default [yes]:To initially login to the Admin Web UI, you must use ausername and password that successfully authenticates youwith the host UNIX system (you can later modify the settingsso that RADIUS or LDAP is used for authentication instead).You can login to the Admin Web UI as "openvpn" or specifya different user account to use for this purpose.Do you wish to login to the Admin UI as "openvpn"?> Press ENTER for default [yes]:> Specify the username for an existing user or for the new user account: Note: This user already exists.> Please specify your OpenVPN-AS license key (or leave blank to specify later):Initializing OpenVPN...Adding new user login...useradd -s /sbin/nologin "admin"Writing as configuration file...Perform sa init...Wiping any previous userdb...Creating default profile...Modifying default profile...Adding new user to userdb...Modifying new user as superuser in userdb...Getting hostname...Hostname: UNDyllanPreparing web certificates...Getting web user account...Adding web group account...Adding web group...Adjusting license directory ownership...Initializing confdb...Generating init scripts...Generating PAM config...Generating init scripts auto command...Starting openvpnas...Error: Could not execute server start.[cont-init.d] 40-openvpn-init: exited 0.[cont-init.d] 50-interface: executing...MOD Default {u'admin_ui.https.ip_address': u'all'} {u'admin_ui.https.ip_address': 'eth0'}MOD Default {u'cs.https.ip_address': u'all'} {u'cs.https.ip_address': 'eth0'}MOD Default {u'vpn.daemon.0.listen.ip_address': u'all'} {u'vpn.daemon.0.listen.ip_address': 'eth0'}MOD Default {u'vpn.daemon.0.server.ip_address': u'all'} {u'vpn.daemon.0.server.ip_address': 'eth0'}[cont-init.d] 50-interface: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done. No issues in the log. Are you sure it is listening on the correct interface? What address did you try to access? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.