littlered Posted December 9, 2017 Share Posted December 9, 2017 1 minute ago, wgstarks said: If you have the docker setup correctly I don’t think you’ll be able to use the user “admin”. Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. Quote Link to comment
wgstarks Posted December 9, 2017 Share Posted December 9, 2017 I guess you could try the command with whatever user you created. Doubt it will work though. Would be a huge security hole. Quote Link to comment
littlered Posted December 9, 2017 Share Posted December 9, 2017 Is there any other way to reset it or I would have to delete the docker and re-create the settings? Quote Link to comment
wgstarks Posted December 9, 2017 Share Posted December 9, 2017 I would hope that the only way to change the password is to reinstall the docker, but I’m no expert. Quote Link to comment
FreeMan Posted December 9, 2017 Share Posted December 9, 2017 17 minutes ago, littlered said: Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. If I recall, I was able to use the command line to change the password. I don't believe that it asked me for the current pwd before asking for the new one, but don't quote me on that - I've slept since then. Also, I'd agree with wgstarks - that would be a big security hole. Of course, once someone's got enough access to your machine to run "docker exec" it's really too late anyway... Quote Link to comment
littlered Posted December 9, 2017 Share Posted December 9, 2017 I tried the command line and it didn't work. I guess I will just reinstall the docker and make sure not to forget the password again. Quote Link to comment
BSAVAG3 Posted December 9, 2017 Share Posted December 9, 2017 Ok, so i am able to get it setup properly and working now but 2 things. 1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes. 2) I'm unable to see my mapped network drive while on the VPN Any suggestions? Quote Link to comment
BSAVAG3 Posted December 10, 2017 Share Posted December 10, 2017 Ok, so i am able to get it setup properly and working now but 2 things. 1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes. 2) I'm unable to see my mapped network drive while on the VPN Any suggestions?Never mine I realized my connection for the VPN on my laptop was set to specific IP with nothing in that field. Set to Obtain automatically and it worked. I also added another user beside root to the server Quote Link to comment
GreenEyedMonster Posted December 12, 2017 Share Posted December 12, 2017 After weeks of trying to figure this out. I come to you for help. I have a weird issue that I can't seem to figure out. I can log into OpenVPN remotely but have access to nothing inside the network. Also when I turn on OpenVPN my dockers lose their images as if they have no external access to the net. (Don't think they do actually. No plex access for example.) These are my settings below. Let's start with settings. Server - https://snag.gy/A7vayi.jpg Docker Setting - https://snag.gy/4yjMoX.jpg OpenVPN Edit - https://snag.gy/7zQJI2.jpg Inside container settings Status Overview - https://snag.gy/KjJ2XF.jpg Server Network Settings - https://snag.gy/POdDEf.jpg Admin Web UI and Client Web Server - https://snag.gy/8LGzFM.jpg VPN Mode - https://snag.gy/1LZ0eP.jpg VPN Settings - https://snag.gy/DcWSmE.jpg Routing and DNS Settings- https://snag.gy/UhX08G.jpg Advance VPN Settings - https://snag.gy/MlBcSu.jpg Client Settings - https://snag.gy/19cF6e.jpg User Permissions - https://snag.gy/Wj7fir.jpg User Authentication - https://snag.gy/AojJ9r.jpg Connectivity Test - https://snag.gy/hG2YcX.jpg I have 9443 forwarded. Any ideas?! I'm at a loss. Quote Link to comment
Lyror Posted December 12, 2017 Share Posted December 12, 2017 My dns won't work while on the vpn. If i insert 8.8.8.8 then the dns server will work but only for public addresses. If I insert 192.168.2.1 which is my router it will not work.. Why?? Client Settings: (yes it's german :D) Ethernet-Adapter Ethernet 4: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : TAP Adapter OAS NDIS 6.0 Physische Adresse . . . . . . . . : 00-FF-51-2E-D5-74 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Verbindungslokale IPv6-Adresse . : fe80::ed9a:e2dc:7753:198d%56(Bevorzugt) IPv4-Adresse . . . . . . . . . . : 172.27.240.11(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.240.0 Standardgateway . . . . . . . . . : 172.27.240.1 DHCPv6-IAID . . . . . . . . . . . : 939589457 DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1E-AC-F1-29-74-D4-35-EB-B1-FE DNS-Server . . . . . . . . . . . : 192.168.2.1 NetBIOS über TCP/IP . . . . . . . : Deaktiviert Router DNS-Server is 192.168.2.1 OpenVPN DNS Config Quote Link to comment
wgstarks Posted December 12, 2017 Share Posted December 12, 2017 46 minutes ago, Lyror said: My dns won't work while on the vpn Just a guess on my part, but have you tried pushing the host’s dns settings? I would suggest that the OpenVPN-AS forum might be a better place to resolve configuration issues with the app if you don’t get any good answers here. Quote Link to comment
SpaceInvaderOne Posted December 16, 2017 Share Posted December 16, 2017 On 05/12/2017 at 4:00 PM, FreeMan said: Sounds great,@gridrunner! Sent from Tapatalk As promised here is an updated video tutorial for setting up this excellent container. Hope its useful 1 1 Quote Link to comment
digiblur Posted December 16, 2017 Share Posted December 16, 2017 (edited) 2 hours ago, gridrunner said: As promised here is an updated video tutorial for setting up this excellent container. Hope its useful Thanks for the update. I glanced through and will definitely try this. Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers. EDIT: Interesting. I see the TLS Auth stuff is already configured. Have to do some digging about the key/cert generation though. EDIT2: Looks like the admin cert is still in the config, might be a good idea to revoke it as well as deleting the ID. I also noticed several messages about a weak cipher being used when connected, definitely needs some hardening and such and changed to 256bit encryption but the video should get everyone started! https://community.openvpn.net/openvpn/wiki/Hardening Edited December 16, 2017 by digiblur Quote Link to comment
wgstarks Posted December 16, 2017 Share Posted December 16, 2017 (edited) 1 hour ago, digiblur said: Thanks for the update. I glanced through and will definitely try this. Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers. EDIT: Interesting. I see the TLS Auth stuff is already configured. Have to do some digging about the key/cert generation though. If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate for that platform (windows, macOS, iOS, etc). Edited December 16, 2017 by wgstarks Quote Link to comment
digiblur Posted December 16, 2017 Share Posted December 16, 2017 2 minutes ago, wgstarks said: If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate. No, that's the simple part. I'm used to doing this step and creating my own certs (that warm and fuzzy feeling of making the connection unique to you). https://openvpn.net/index.php/open-source/documentation/howto.html#pki Quote Link to comment
wgstarks Posted December 16, 2017 Share Posted December 16, 2017 2 minutes ago, digiblur said: No, that's the simple part. I'm used to doing this step and creating my own certs (that warm and fuzzy feeling of making the connection unique to you). https://openvpn.net/index.php/open-source/documentation/howto.html#pki Not necessary. OpenVPN-AS is commercial software. It's based on OpenVPN but there are differences. Quote Link to comment
digiblur Posted December 16, 2017 Share Posted December 16, 2017 5 minutes ago, wgstarks said: Not necessary. OpenVPN-AS is commercial software. It's based on OpenVPN but there are differences. Explain more on what you mean by this. Also , so if I install it twice there will be two different sets of keys/certs? Quote Link to comment
wgstarks Posted December 16, 2017 Share Posted December 16, 2017 38 minutes ago, digiblur said: Explain more on what you mean by this. OpenVPN Access Server is commercial software. The docs probably have most of the details you want. 40 minutes ago, digiblur said: Also , so if I install it twice there will be two different sets of keys/certs? Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this. Quote Link to comment
GreenEyedMonster Posted December 17, 2017 Share Posted December 17, 2017 So now I can see my server if I type its local ip on chrome but I can't see the rest of the network. Any ideas?? Quote Link to comment
digiblur Posted December 17, 2017 Share Posted December 17, 2017 Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.It is OpenVPN, not sure what you are getting at.If I installed it twice and had the same certs and keys that would mean I have the same keys/certs as the next guy. Oof... Will test this in the morning and fix the cipher version issues. Quote Link to comment
Heciruam Posted December 17, 2017 Share Posted December 17, 2017 Hello, I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect: Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1 Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194 Any ideas? Quote Link to comment
wgstarks Posted December 17, 2017 Share Posted December 17, 2017 34 minutes ago, Heciruam said: Hello, I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect: Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1 Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194 Any ideas? Did you forward the port on your router? Quote Link to comment
Heciruam Posted December 17, 2017 Share Posted December 17, 2017 4 minutes ago, wgstarks said: Did you forward the port on your router? Yes. I also pinged my dyndns to make sure it's working. Quote Link to comment
himisk71 Posted December 18, 2017 Share Posted December 18, 2017 Since i have tvheadend and embyserver in a docker (before they was installed in a ubuntu vm) i can't connect them when i have a vpn-connection. Not the webgui nor through e.g. tvhclient. Anybody knows how i have to configure openvpn-as that i can connect them again? Quote Link to comment
ElectricBadger Posted December 18, 2017 Share Posted December 18, 2017 I've got this working (thanks to @gridrunner) but I can't quite see how to get it to pass proxy settings to the client so that web traffic from the client will pass through my local Privoxy (running in the DelugeVPN docker container) before going out to the web. Googling for "openvpn proxy" just returns a load of results about how to access openvpn through a proxy, which isn't what I'm trying to do here, and I didn't find anything obvious in the openvpn-as WebUI… Is there a way to get this to happen automatically on connect, or do I need to manually configure proxy settings each time? The client is the iOS OpenVPN Connect, if it matters… Thanks! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.