CHBMB Posted May 10, 2018 Share Posted May 10, 2018 That may be better asked on the OpenVPN forums. We really just package the container. Quote Link to comment
Sinister Posted May 13, 2018 Share Posted May 13, 2018 Thank you for all the suggestions i managed to figure out what the problem was for whatever reason auto login needed to be enabled. as well as my local subnet being the issue they cant be identical in linux though this isnt a problem on windows . lastly having the (use this network only for its local resources) box enabled makes it not work (SOLVED) Quote Link to comment
daniel329 Posted May 15, 2018 Share Posted May 15, 2018 On 5/10/2018 at 8:09 AM, Sinister said: I believe I already know which one your talking about and it' is enabled by default I just connected through my mobile device and I can access everything with no problem Has anyone had luck with this? Since the update my clients connect to OpenVPN-AS but I can't access any local devices. IE going to 192.168.1.1 just accesses the router at the remote site and not my router at home where UnRaid is. Similarly, I can't access the UnRaid WebUI. Quote Link to comment
Sinister Posted May 15, 2018 Share Posted May 15, 2018 35 minutes ago, daniel329 said: Has anyone had luck with this? Since the update my clients connect to OpenVPN-AS but I can't access any local devices. IE going to 192.168.1.1 just accesses the router at the remote site and not my router at home where UnRaid is. Similarly, I can't access the UnRaid WebUI. Not sure what OS your running but if it is Windows then spaceinvader one tutorial works flawlessly. If its linux like my issue was then I'm no expert by any means but I can tell you what worked in my specific case Quote Link to comment
JonathanM Posted May 16, 2018 Share Posted May 16, 2018 1 hour ago, daniel329 said: going to 192.168.1.1 just accesses the router at the remote site and not my router at home That is a different issue. You need to make sure your home environment is a unique subnet so you won't have that type of collision. Use something unique like 192.168.210.X on your home network, that way no matter what remote network you access it from, the IP's will be unique. There are ways to work around it, but changing your home network subnet is the easiest foolproof method. Quote Link to comment
Aerodb Posted June 1, 2018 Share Posted June 1, 2018 Hey all. Installed the Docker and was following Space invader's video but after disabling the admin user account and creating another account I've locked myself out of the openVPN webUI. I removed the docker and reinstalled but to no avail. Now the new docker install wont accept the default (admin/password). any idea how i can truly clear all settings on the docker and start with all default configs? Quote Link to comment
aptalca Posted June 2, 2018 Share Posted June 2, 2018 Delete the config folder and recreate the docker 1 Quote Link to comment
Aerodb Posted June 4, 2018 Share Posted June 4, 2018 That's worked perfectly. Thank you!Sent from my Pixel 2 XL using Tapatalk Quote Link to comment
patm95 Posted June 9, 2018 Share Posted June 9, 2018 What is the advantage to configuring the SSL certificate? Quote Link to comment
WarDave Posted June 13, 2018 Share Posted June 13, 2018 On the unraid docker I have tried to login to the admin ui with admin/openvpn with no luck as it shows in the wiki. Whats the default password? It doesnt state it in the directions or any of the settings boxes on the unraid plugin setup. Quote Link to comment
trurl Posted June 13, 2018 Share Posted June 13, 2018 15 minutes ago, WarDave said: On the unraid docker I have tried to login to the admin ui with admin/openvpn with no luck as it shows in the wiki. Whats the default password? It doesnt state it in the directions or any of the settings boxes on the unraid plugin setup. What wiki? Did you look at any of the documentation linked in the first post of this thread? See the docker hub or github links Quote Link to comment
WarDave Posted June 13, 2018 Share Posted June 13, 2018 (edited) 26 minutes ago, trurl said: What wiki? Did you look at any of the documentation linked in the first post of this thread? See the docker hub or github links Yes but for example Docker Hub: https://hub.docker.com/r/linuxserver/openvpn-as/ shows a setup guide nothing like it is for unraid, for example Usage docker create \ --name=openvpn-as \ -v <path to data>:/config \ -e PGID=<gid> -e PUID=<uid> \ -e TZ=<timezone> \ -e INTERFACE=<interface> \ --net=host --privileged \ linuxserver/openvpn-as You dont have to do this to set it up on unraid and none of the boxes to configure it shows a password box so you can edit the default one or the txt at the top doesnt show what its set to. Edited June 13, 2018 by WarDave Quote Link to comment
aptalca Posted June 13, 2018 Share Posted June 13, 2018 10 hours ago, WarDave said: Yes but for example Docker Hub: https://hub.docker.com/r/linuxserver/openvpn-as/ shows a setup guide nothing like it is for unraid, for example Usage docker create \ --name=openvpn-as \ -v <path to data>:/config \ -e PGID=<gid> -e PUID=<uid> \ -e TZ=<timezone> \ -e INTERFACE=<interface> \ --net=host --privileged \ linuxserver/openvpn-as You dont have to do this to set it up on unraid and none of the boxes to configure it shows a password box so you can edit the default one or the txt at the top doesnt show what its set to. The page you linked to tells you what the default user pass are. Quote Link to comment
ThePhotraveller Posted June 13, 2018 Share Posted June 13, 2018 On 10/7/2015 at 2:06 AM, linuxserver.io said: Application Name: OpenVPN-AS Application Site: https://openvpn.net/index.php/access-server/overview.html Docker Hub: https://hub.docker.com/r/linuxserver/openvpn-as/ Github: https://github.com/linuxserver/docker-openvpnas Please post any questions/issues relating to this docker you have in this thread. If you are not using Unraid (and you should be!) then please do not post here, rather use the linuxserver.io forum for support. For upgrading from 2.1.9 to 2.1.12 you may need to follow the directions in this post https://forums.lime-technology.com/topic/41631-support-linuxserverio-openvpn-as/?do=findComment&comment=598988 Installed but when i click the webUI it says the below. This site can’t be reached 192.168.0.120 refused to connect. Quote Link to comment
aptalca Posted June 13, 2018 Share Posted June 13, 2018 40 minutes ago, ThePhotraveller said: Installed but when i click the webUI it says the below. This site can’t be reached 192.168.0.120 refused to connect. You may have to set the interface correctly Quote Link to comment
ThePhotraveller Posted June 13, 2018 Share Posted June 13, 2018 Just now, aptalca said: You may have to set the interface correctly some technical info would help me. How to do that correctly? Quote Link to comment
turco Posted June 13, 2018 Share Posted June 13, 2018 hi, thank for the docker first of all. I installed via spaceinvaders youtube video so i did exactly like on the video however i cant connect. from my phone keeps giving reconnecting. what can be the issue? tia Quote Link to comment
jfrancais Posted June 28, 2018 Share Posted June 28, 2018 Has anyone successfully got their OpenVPN-AS Docker running on network type br0 with it's own IP? Still struggling to get my clients communicating properly and I don't want to switch back to a full VM if I don't have to. Quote Link to comment
Lo Key Posted July 2, 2018 Share Posted July 2, 2018 (edited) I have been running this OpenVPN container without issues for a few months now. Once I realized the option for assigning containers their own IP address was available in Unraid, I assigned most of my containers static IPs in their settings so I could use my router software to track bandwidth usage. I did not reassign the OpenVPN container and left it running on the same IP as Unraid. Internally, everything is fine. But when I connect via OpenVPN, I cannot get to any container that has it's own IP address. I am able to reach the Unraid webgui and any container still running off of the Unraid IP address. I am able to get to any other resources on the network with other PCs, web sites not on Unraid, etc. The static IPs are on the same internal subnet, 192.168.1.0/24. In searching for information, I came upon this old reddit thread where the top response says "Using custom IP's (macvlan) isolates you from the host, can't remember if it also isolates you from other containers.". Is this correct, and if so, is there any way around it or do I have to reassign the containers back to using the Unraid IP if I want to access them via OpenVPN? Edited July 2, 2018 by Lo Key Quote Link to comment
aptalca Posted July 2, 2018 Share Posted July 2, 2018 3 hours ago, Lo Key said: I have been running this OpenVPN container without issues for a few months now. Once I realized the option for assigning containers their own IP address was available in Unraid, I assigned most of my containers static IPs in their settings so I could use my router software to track bandwidth usage. I did not reassign the OpenVPN container and left it running on the same IP as Unraid. Internally, everything is fine. But when I connect via OpenVPN, I cannot get to any container that has it's own IP address. I am able to reach the Unraid webgui and any container still running off of the Unraid IP address. I am able to get to any other resources on the network with other PCs, web sites not on Unraid, etc. The static IPs are on the same internal subnet, 192.168.1.0/24. In searching for information, I came upon this old reddit thread where the top response says "Using custom IP's (macvlan) isolates you from the host, can't remember if it also isolates you from other containers.". Is this correct, and if so, is there any way around it or do I have to reassign the containers back to using the Unraid IP if I want to access them via OpenVPN? That is correct and it is a limitation (security feature) of macvlan. There was another user here who tried to put openvpn on macvlan as well but still couldn't access the containers. Question though, why do you want every container to have their own ip? Most of them only need one port to interface through. Why not just map a port on the host? Quote Link to comment
jfrancais Posted July 2, 2018 Share Posted July 2, 2018 6 minutes ago, aptalca said: That is correct and it is a limitation (security feature) of macvlan. There was another user here who tried to put openvpn on macvlan as well but still couldn't access the containers. Question though, why do you want every container to have their own ip? Most of them only need one port to interface through. Why not just map a port on the host? You may have been referring to me. I'm having this issue. It is expected behavior. dockers with their own IP will be able to talk to each other but not other docker containers with host IP by design. I have moved my OpenVPN docker to its own IP as well, but I'm struggling to get the VPN connected clients to talk to anything other than the br0 containers in this scenario. As for why we want them on their own IP, well for me I have a few services that run the same port and I prefer to not redirect the port to something else. And if you even have 1 docker container using its own IP your VPN connected clients cant talk to them when running as a docker. Kind of the point of a VPN server. Unfortunately my search thus far has been fruitless and I may have to go back to OpenVPN as a VM instead of a docker container. Quote Link to comment
ken-ji Posted July 3, 2018 Share Posted July 3, 2018 There are at least two ways around this depending on your server hardware. (fully supported) Best solution: at least 2 network interfaces. Do not bond the interfaces. Do not assign an IP to the 2nd interface (eth1/br1) Delete the docker custom network on eth0/br0 Setup the docker custom network on eth1/br1 Move all containers there. Done - you've side stepped the security feature/limitation ov mcvlan networks Alternate solution: have VLAN support on your network Create a VLAN subinterface (eth0.1/br0.1) Do not assign an IP to the VLAN subinterface Create a docker custom network on it Move containers there Done - you've side stepped the security feature/limitation ov mcvlan networks Alternate solution (not sure if supported by the GUI) in the go file, add code to create a macvlan subinterface (mac0) remove unRAID IP from eth0/br0 assign unRAID IP to macvlan subinterface (reset network gateway) Done - unRAID should be able to use the macvlan subinterface to work as if nothing has changed. conainters on docker custom networks should be able to talk to unRAID via the macvlan subinterface which does no trigger the security feature limitation. 3 Quote Link to comment
Lo Key Posted July 3, 2018 Share Posted July 3, 2018 Thank you ken-ji. Luckily enough, I am running Unraid on a server motherboard with dual NICs onboard. I'll try your best solution and report back in a few days. Quote Link to comment
Lo Key Posted July 3, 2018 Share Posted July 3, 2018 @ken-ji it worked! Thank you so much! With everything moved over, I'm now able to get to any docker with an assigned static IP over OpenVPN. I had not managed anything with docker from the command line before this. So, in case anyone else was like me and wants to do this, here were the commands I used in the console for the steps "Delete the docker custom network on eth0/br0" and "Setup the docker custom network on eth1/br1" after I had broken the bond on the interfaces in network settings: docker network ls (this will list out what docker networks are available) NETWORK ID NAME DRIVER SCOPE c152fe231096 br0 macvlan local 2077b50fac9e bridge bridge local c73f55312022 host host local e219d9bf945e none null local docker network rm br0 (this will delete the br0 network used by docker when static ips are applied - be sure you're ready to do this) docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth1 docker (creates the new network and names it "docker". Name it what you want. Make sure the network settings match your own local network if you're keeping them all on the same subnet.) Then, go into Docker and move each container onto the new network. Quote Link to comment
FunkySyntax Posted July 3, 2018 Share Posted July 3, 2018 I am trying to use the letsencrypt certbot docker (https://lime-technology.com/forums/topic/51808-support-linuxserverio-letsencrypt-nginx/) to create/update the web server certificate for the openvpn-as docker. I mounted the directory containing the certificates in this docker, but when I try to use the command line to set the certificates for openvpn, I get an error. root@3d57a74c7d35:/usr/local/openvpn_as/scripts# ./sacli --key "cs.priv_key" --value_file "{PRIV_KEY_LOCATION}" ConfigPut ERROR: [Errno 2] No such file or directory: '{PRIV_KEY_LOCATION}': util/options:79,sagent/sacli:808,util/simplefile:28,util/simplefile:20 (exceptions.IOError) Are there any instructions on how to update the web server certificate automatically? Or can anyone tell me what is going wrong? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.