wgstarks Posted November 11, 2017 Share Posted November 11, 2017 14 hours ago, FraxTech said: I'm following the video from Spaceinvader One The video is very good but a little outdated. Probably a good idea to also take a look at the instructions linked in the OP since they are updated as needed. https://hub.docker.com/r/linuxserver/openvpn-as/ Scroll down to the "Setting up the application" section. Quote Link to comment
puncho Posted November 11, 2017 Share Posted November 11, 2017 Try the "Auto-Login" Profile.Thanks, that worked! Is this the only way to access it? Doesn't seem like the most secure way to access it with having to allow auto allow log in and using ovpnSent from my iPhone using Tapatalk Quote Link to comment
MowMdown Posted November 11, 2017 Share Posted November 11, 2017 1 hour ago, puncho said: Thanks, that worked! Is this the only way to access it? Doesn't seem like the most secure way to access it with having to allow auto allow log in and using ovpn Sent from my iPhone using Tapatalk Thats the only way I was able to get it to work on my iPhone Quote Link to comment
puncho Posted November 13, 2017 Share Posted November 13, 2017 On 11/11/2017 at 1:08 PM, MowMdown said: Thats the only way I was able to get it to work on my iPhone Sorry, meant on a laptop/desktop. Quote Link to comment
MowMdown Posted November 13, 2017 Share Posted November 13, 2017 11 hours ago, puncho said: Sorry, meant on a laptop/desktop. Unfortunately I'm not aware of any other way to get it to properly connect without the auto-login profile. None of my devices will connect without it. Quote Link to comment
Random.Name Posted November 17, 2017 Share Posted November 17, 2017 hi, i setup the docker and most of the time i can connect just fine. Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything. I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server... any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/ Quote Link to comment
aptalca Posted November 17, 2017 Share Posted November 17, 2017 4 hours ago, Random.Name said: hi, i setup the docker and most of the time i can connect just fine. Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything. I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server... any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/ As far as I know, there is no easy solution for that problem and it is a very common issue for people using 192.268.1.x You would have to change one of the ip ranges Quote Link to comment
neddamttocs Posted November 17, 2017 Share Posted November 17, 2017 Hey Guys, I must be missing something really basic here, I have installed this on my unraid box today, I can get to the admin interface but when i try to log in for the first time, it says incorrect login. I have used the one mentioned on the setup page. Any ideas? Thanks. Quote Link to comment
spalmisano Posted November 27, 2017 Share Posted November 27, 2017 I have OpenVPN working properly on my Unraid box, and can connect to it via the laptop with my configured user, so Im confident things are correct server side. What I can't do is get the OpenVPN connect page to render on my iPhone. Ive downloaded the OpenVPN client and attempted to import my profile, but the resulting page never fully renders. Trying both in Safari and Chrome all I get is the OpenVPN logo and the rest of the page is blank. There's nothing in the logs server side, and Im not sure where to turn for anything more diagnostic. With the page not rendering I can't get my client.opvn file into the OpenVPN iOS app. Is there another way to do this? What am I missing? Quote Link to comment
planetwilson Posted November 28, 2017 Share Posted November 28, 2017 I have used this a lot and it is ace. I do however get issues at one particular place that uses DPI to try and detect VPN traffic. Is there any interest in perhaps implementing an obfsproxy in the docker container to further hide the traffic? I know the Viscosity VPN client for Mac and Windows supports adding that layer from the client side. Quote Link to comment
ziggie216 Posted November 29, 2017 Share Posted November 29, 2017 (edited) Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. Also the web interface load very slow, normal? Edited November 29, 2017 by ziggie216 Quote Link to comment
aptalca Posted November 29, 2017 Share Posted November 29, 2017 1 hour ago, ziggie216 said: Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. Also the web interface load very slow, normal? Read the github or the docker hub page. It is all explained there Quote Link to comment
FreeMan Posted December 4, 2017 Share Posted December 4, 2017 This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times. Here's my config screen: Per the recommendations at Linuxserver's site, I've created a new users "localadmin": I usually use KeePass to create long, complex, random passwords, but, because I've been having issues (which I thought may be related to pasting the password into the telnet session), I created a simple password for this account that I knew I could type correctly. I've granted this new user admin rights: I have authentication set to local so my users & passwords survive reinstall: Yet every time I try to log in as my new "localadmin" I'm told that it's an incorrect login: I've attached the log after the most recent login attempt. If someone would point me in the right direction, I'd be most grateful! openvpn.log Quote Link to comment
wgstarks Posted December 4, 2017 Share Posted December 4, 2017 2 minutes ago, FreeMan said: This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times. I think you’ll find that the instructions linked in the OP are much more helpful- https://hub.docker.com/r/linuxserver/openvpn-as/ Scroll down to the setting up the application section. @gridrunner has also released a video- https://youtu.be/I58LTMKyeYw Its good for reference but a little dated with regards to admin user configuration. Quote Link to comment
FreeMan Posted December 4, 2017 Share Posted December 4, 2017 2 minutes ago, wgstarks said: I think you’ll find that the instructions linked in the OP are much more helpful- https://hub.docker.com/r/linuxserver/openvpn-as/ Scroll down to the setting up the application section. Thanks, wgstarks. Seems I wasn't clear enough - those are the instructions I've been following (along with gridrunner's somewhat outdated video). I've done all these steps: During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation). The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons: 1) Set another user as an admin, 2) Delete the "admin" user in the gui, 3) Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin (this only has to be done once and will survive container recreation) With the exception of #3 because the default admin account is the only one that will allow me to log in to the web interface. I'd hoped that the screen shots provided would have shown that or shown where I thought I was following those steps but missed something. I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message. Doesn't matter whether I try "Connect" or "Login". (Still not clear on the difference - I'll get that sorted once I can actually log in.) Quote Link to comment
wgstarks Posted December 4, 2017 Share Posted December 4, 2017 5 minutes ago, FreeMan said: I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message. If you want to connect to the admin page you would use 192.168.1.5:943/admin Quote Link to comment
FreeMan Posted December 4, 2017 Share Posted December 4, 2017 I tried that but it won't let me log in with my "localadmin" user: Quote Link to comment
wgstarks Posted December 4, 2017 Share Posted December 4, 2017 Just to be sure, are you using this screen to create your local user? Want to make sure you have set Authentication>General to local? You entered a new user in the screen shown, with admin selected and a password in the proper field? Saved the changes and updated the running server? Quote Link to comment
FreeMan Posted December 4, 2017 Share Posted December 4, 2017 11 minutes ago, wgstarks said: Just to be sure, are you using this screen to create your local user? Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line? Quote Link to comment
wgstarks Posted December 5, 2017 Share Posted December 5, 2017 Just now, FreeMan said: Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line? IIRC, using CLI doesn't create the user in the local database. Log in with the default admin user and then add the new user in the gui as I described. Once you have verified that that user is working delete the default admin user in the gui and run step 3 from the dockerhub page to be sure the default user doesn't get recreated during updates. Let me know if this works. 1 Quote Link to comment
FreeMan Posted December 5, 2017 Share Posted December 5, 2017 (edited) 33 minutes ago, wgstarks said: Let me know if this works. That did the trick! I really appreciate the work @gridrunner has done with his video, but it seems that it really needs to be updated. Additionally, since so many places around here point users to that video, it would be super helpful if the linuxserver page contained a couple of notes on what's out dated and the current best methods. (hint, hint, @CHBMB ). I've got port 943 forwarded to my server and from my phone (WiFi off) I'm able to browse to https://domain.com:943 where I can log in with my newly created user name & pwd. I downloaded the .ovpn autologin file, opened it with the Android OpenVPN client, but now it's timing out every time I try to connect. CPU load on the server ran about 25-50% with a few spikes to 60-75%. I've got decent network speed: That's about normal for my hourly speed test runs. I've attached the last 100 or so lines from the openvpn.log file. It looks like this is what's generated when I tried to connect. ovpn.timeout.log Edited December 5, 2017 by FreeMan Quote Link to comment
FreeMan Posted December 5, 2017 Share Posted December 5, 2017 Once I get the timeout issue resolved, should I change this by removing the 172... line since I'm only using 192.168 addresses? Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway... Quote Link to comment
wgstarks Posted December 5, 2017 Share Posted December 5, 2017 25 minutes ago, FreeMan said: Once I get the timeout issue resolved, should I change this by removing the 172... line since I'm only using 192.168 addresses? Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway... I left those settings at default and haven't had any issues. Maybe someone with better knowledge might have different suggestions. Quote Link to comment
FreeMan Posted December 5, 2017 Share Posted December 5, 2017 I'll leave them as-is, then. Thoughts on the timeout issue? It's the same thing I'm getting with my LetsEncrypt/NGINX server (I posted in that thread and never got it resolved). Everything else responds quite promptly from the WAN, but I'd like to close up all those open ports. Quote Link to comment
wgstarks Posted December 5, 2017 Share Posted December 5, 2017 3 minutes ago, FreeMan said: Thoughts on the timeout issue? Not really. I don't use Android. Might try the openvpn forum. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.