December 9, 20178 yr 1 minute ago, wgstarks said: If you have the docker setup correctly I don’t think you’ll be able to use the user “admin”. Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in.
December 9, 20178 yr I guess you could try the command with whatever user you created. Doubt it will work though. Would be a huge security hole.
December 9, 20178 yr Is there any other way to reset it or I would have to delete the docker and re-create the settings?
December 9, 20178 yr I would hope that the only way to change the password is to reinstall the docker, but I’m no expert.
December 9, 20178 yr 17 minutes ago, littlered said: Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. If I recall, I was able to use the command line to change the password. I don't believe that it asked me for the current pwd before asking for the new one, but don't quote me on that - I've slept since then. Also, I'd agree with wgstarks - that would be a big security hole. Of course, once someone's got enough access to your machine to run "docker exec" it's really too late anyway...
December 9, 20178 yr I tried the command line and it didn't work. I guess I will just reinstall the docker and make sure not to forget the password again.
December 9, 20178 yr Ok, so i am able to get it setup properly and working now but 2 things. 1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes. 2) I'm unable to see my mapped network drive while on the VPN Any suggestions?
December 10, 20178 yr Ok, so i am able to get it setup properly and working now but 2 things. 1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes. 2) I'm unable to see my mapped network drive while on the VPN Any suggestions?Never mine I realized my connection for the VPN on my laptop was set to specific IP with nothing in that field. Set to Obtain automatically and it worked. I also added another user beside root to the server
December 12, 20178 yr After weeks of trying to figure this out. I come to you for help. I have a weird issue that I can't seem to figure out. I can log into OpenVPN remotely but have access to nothing inside the network. Also when I turn on OpenVPN my dockers lose their images as if they have no external access to the net. (Don't think they do actually. No plex access for example.) These are my settings below. Let's start with settings. Server - https://snag.gy/A7vayi.jpg Docker Setting - https://snag.gy/4yjMoX.jpg OpenVPN Edit - https://snag.gy/7zQJI2.jpg Inside container settings Status Overview - https://snag.gy/KjJ2XF.jpg Server Network Settings - https://snag.gy/POdDEf.jpg Admin Web UI and Client Web Server - https://snag.gy/8LGzFM.jpg VPN Mode - https://snag.gy/1LZ0eP.jpg VPN Settings - https://snag.gy/DcWSmE.jpg Routing and DNS Settings- https://snag.gy/UhX08G.jpg Advance VPN Settings - https://snag.gy/MlBcSu.jpg Client Settings - https://snag.gy/19cF6e.jpg User Permissions - https://snag.gy/Wj7fir.jpg User Authentication - https://snag.gy/AojJ9r.jpg Connectivity Test - https://snag.gy/hG2YcX.jpg I have 9443 forwarded. Any ideas?! I'm at a loss.
December 12, 20178 yr My dns won't work while on the vpn. If i insert 8.8.8.8 then the dns server will work but only for public addresses. If I insert 192.168.2.1 which is my router it will not work.. Why?? Client Settings: (yes it's german :D) Ethernet-Adapter Ethernet 4: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : TAP Adapter OAS NDIS 6.0 Physische Adresse . . . . . . . . : 00-FF-51-2E-D5-74 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Verbindungslokale IPv6-Adresse . : fe80::ed9a:e2dc:7753:198d%56(Bevorzugt) IPv4-Adresse . . . . . . . . . . : 172.27.240.11(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.240.0 Standardgateway . . . . . . . . . : 172.27.240.1 DHCPv6-IAID . . . . . . . . . . . : 939589457 DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1E-AC-F1-29-74-D4-35-EB-B1-FE DNS-Server . . . . . . . . . . . : 192.168.2.1 NetBIOS über TCP/IP . . . . . . . : Deaktiviert Router DNS-Server is 192.168.2.1 OpenVPN DNS Config
December 12, 20178 yr 46 minutes ago, Lyror said: My dns won't work while on the vpn Just a guess on my part, but have you tried pushing the host’s dns settings? I would suggest that the OpenVPN-AS forum might be a better place to resolve configuration issues with the app if you don’t get any good answers here.
December 16, 20178 yr On 05/12/2017 at 4:00 PM, FreeMan said: Sounds great,@gridrunner! Sent from Tapatalk As promised here is an updated video tutorial for setting up this excellent container. Hope its useful
December 16, 20178 yr 2 hours ago, gridrunner said: As promised here is an updated video tutorial for setting up this excellent container. Hope its useful Thanks for the update. I glanced through and will definitely try this. Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers. EDIT: Interesting. I see the TLS Auth stuff is already configured. Have to do some digging about the key/cert generation though. EDIT2: Looks like the admin cert is still in the config, might be a good idea to revoke it as well as deleting the ID. I also noticed several messages about a weak cipher being used when connected, definitely needs some hardening and such and changed to 256bit encryption but the video should get everyone started! https://community.openvpn.net/openvpn/wiki/Hardening Edited December 16, 20178 yr by digiblur
December 16, 20178 yr 1 hour ago, digiblur said: Thanks for the update. I glanced through and will definitely try this. Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers. EDIT: Interesting. I see the TLS Auth stuff is already configured. Have to do some digging about the key/cert generation though. If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate for that platform (windows, macOS, iOS, etc). Edited December 16, 20178 yr by wgstarks
December 16, 20178 yr 2 minutes ago, wgstarks said: If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate. No, that's the simple part. I'm used to doing this step and creating my own certs (that warm and fuzzy feeling of making the connection unique to you). https://openvpn.net/index.php/open-source/documentation/howto.html#pki
December 16, 20178 yr 2 minutes ago, digiblur said: No, that's the simple part. I'm used to doing this step and creating my own certs (that warm and fuzzy feeling of making the connection unique to you). https://openvpn.net/index.php/open-source/documentation/howto.html#pki Not necessary. OpenVPN-AS is commercial software. It's based on OpenVPN but there are differences.
December 16, 20178 yr 5 minutes ago, wgstarks said: Not necessary. OpenVPN-AS is commercial software. It's based on OpenVPN but there are differences. Explain more on what you mean by this. Also , so if I install it twice there will be two different sets of keys/certs?
December 16, 20178 yr 38 minutes ago, digiblur said: Explain more on what you mean by this. OpenVPN Access Server is commercial software. The docs probably have most of the details you want. 40 minutes ago, digiblur said: Also , so if I install it twice there will be two different sets of keys/certs? Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.
December 17, 20178 yr So now I can see my server if I type its local ip on chrome but I can't see the rest of the network. Any ideas??
December 17, 20178 yr Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.It is OpenVPN, not sure what you are getting at.If I installed it twice and had the same certs and keys that would mean I have the same keys/certs as the next guy. Oof... Will test this in the morning and fix the cipher version issues.
December 17, 20178 yr Hello, I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect: Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1 Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194 Any ideas?
December 17, 20178 yr 34 minutes ago, Heciruam said: Hello, I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect: Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1 Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194 Any ideas? Did you forward the port on your router?
December 17, 20178 yr 4 minutes ago, wgstarks said: Did you forward the port on your router? Yes. I also pinged my dyndns to make sure it's working.
December 18, 20178 yr Since i have tvheadend and embyserver in a docker (before they was installed in a ubuntu vm) i can't connect them when i have a vpn-connection. Not the webgui nor through e.g. tvhclient. Anybody knows how i have to configure openvpn-as that i can connect them again?
December 18, 20178 yr I've got this working (thanks to @gridrunner) but I can't quite see how to get it to pass proxy settings to the client so that web traffic from the client will pass through my local Privoxy (running in the DelugeVPN docker container) before going out to the web. Googling for "openvpn proxy" just returns a load of results about how to access openvpn through a proxy, which isn't what I'm trying to do here, and I didn't find anything obvious in the openvpn-as WebUI… Is there a way to get this to happen automatically on connect, or do I need to manually configure proxy settings each time? The client is the iOS OpenVPN Connect, if it matters… Thanks!
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.