aptalca Posted May 12, 2019 Share Posted May 12, 2019 2 hours ago, syniex said: After deleting openvpn-as from appdata and reinstall it seems to work, but i can't seems to configure it so i can connect remotely, anyone got a good new guide? with the new settings? seems like MTU problem? 2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 TCP connection established with [AF_INET]ip.ip.ip.ip:63189' 2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 Socket flags: TCP_NODELAY=1 succeeded' 2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]' 2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 Connection reset, restarting [0]' 2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 SIGUSR1[soft,connection-reset] received, client-instance restarting' Check your mtu settings on your router Quote Link to comment
syniex Posted May 12, 2019 Share Posted May 12, 2019 1 minute ago, aptalca said: Check your mtu settings on your router while you were replaying i updated my message it was solved by upgrading the client itself (UDP still doesn't work) but i am wondering how to protect the vpn more, it seems the client web has to be enabled (without it i can't connect) Quote Link to comment
aptalca Posted May 12, 2019 Share Posted May 12, 2019 5 hours ago, syniex said: while you were replaying i updated my message it was solved by upgrading the client itself (UDP still doesn't work) but i am wondering how to protect the vpn more, it seems the client web has to be enabled (without it i can't connect) The webserver is published in two ways: 1. Through the admin gui port (defined in container settings) 2. On the tcp and udp connection ports. You should disable the second one in the openvpn-as gui. And do not make the 943 port available on the internet. That way the gui will only be available on lan Quote Link to comment
thostr Posted May 13, 2019 Share Posted May 13, 2019 After upgrade to unRAID 6.7 I get an error when starting OpenVPN service. When I log on OpenVPN AS the service is stoppen, and when I try to start it again I get following error: service failed to start due to unresolved dependencies: set(['user']) service failed to start due to unresolved dependencies: set(['iptables_openvpn']) Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 153', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/error:66,util/error:47 service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn']) service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn']) Quote Link to comment
wirenut Posted May 13, 2019 Share Posted May 13, 2019 2 hours ago, thostr said: After upgrade to unRAID 6.7 I get an error when starting OpenVPN service. When I log on OpenVPN AS the service is stoppen, and when I try to start it again I get following error: service failed to start due to unresolved dependencies: set(['user']) service failed to start due to unresolved dependencies: set(['iptables_openvpn']) Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 153', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/error:66,util/error:47 service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn']) service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn']) Read through the last few posts prior to yours and you will be up and running again in no time. 1 1 Quote Link to comment
redQs Posted May 14, 2019 Share Posted May 14, 2019 (edited) i got problems with the openvpn-as since i upgradet to 6.7 I was on network host. It works all fine since update. I read that i have to change to bridge. Than the openvpn Server startes normal. The think is i cant connect anymore to my vpn. i using port tcp 8080 Portforworting works. i just got the messing: Transport Error: TCP connect error on "mydomain.de:8080" ([myhomeipadress]:8080/tcp): System/Connection refused i just test my old linux vm with openvpn. There it works normal. sad that the docker dont work anymore for me.. Edited May 14, 2019 by redQs Quote Link to comment
sizo Posted May 14, 2019 Share Posted May 14, 2019 (edited) I've been keeping an eye on this thread since the updates but I can't seem to find an answer for my issue. For some reason openvpn keeps pulling the docker ip address range through on eth0 (172.x.x.x) when I'm using a 192.168.1.x range. When I connect via the openvpn app on my mobile I'm dished out a 172.x.x.x address. I can use a static 192.168.1.x address via vpn settings on the openvpn web GUI, which is then used in the openvpn app on my mobile, but I can't access the unraid GUI or sabnzbz/sonarr/radarr. All worked perfectly before the later releases but I'm stumped! Any help would be much appreciated. Thanks! Update If i amend the Dynamic IP Address Network from 172.x.x.x to 192.168.1.0/24 I can't connect back to the openvpn webgui but i do get a 192.168.1.x address in the mobile app. However I still cant connect to the unraid GUI or any services (all on the same 192.168.1.x subnet). Edited May 14, 2019 by sizo update Quote Link to comment
rutherford Posted May 14, 2019 Share Posted May 14, 2019 @sizo try what @Stupifier mentioned above. "Update: Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though. In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)" 1 Quote Link to comment
JWMutant Posted May 14, 2019 Share Posted May 14, 2019 26 minutes ago, dkerlee said: @sizo try what @Stupifier mentioned above. "Update: Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though. In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)" I can confirm this worked. Good Job. Quote Link to comment
Stupifier Posted May 15, 2019 Share Posted May 15, 2019 6 hours ago, JWMutant said: I can confirm this worked. Good Job. Glad I could help.......It was frustrating me too. Quote Link to comment
ramblinreck47 Posted May 15, 2019 Share Posted May 15, 2019 (edited) I had the same issue as everyone else. I originally set it up using spaceinvader one's video as a guide. I deleted everything to start over fresh. I made sure it was set to bridge and didn't set an interface variable. Now that I'm inside, I'm stuck on what to do about the "Accepting VPN client connections on IP address:". I had bond0 when I first set this up. That is no longer an option. It's between "Listen on all interfaces" or eth0? Which should I choose? ***EDIT: I chose eth0 and everything seems to be working now! Still don't know if that was correct but it works. Edited May 15, 2019 by ramblinreck47 Quote Link to comment
sizo Posted May 15, 2019 Share Posted May 15, 2019 23 hours ago, dkerlee said: @sizo try what @Stupifier mentioned above. "Update: Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though. In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)" tried this again but for some unknown reason this time it works!! Thanks for all the help! Quote Link to comment
sittingmongoose Posted May 16, 2019 Share Posted May 16, 2019 Having a weird issue with openvpn. It works perfectly on my iphone over my work WiFi and cellular. And it works on my desktop(not the same network as the server, server is located remotely) on my LAN, as well as my GFs laptop which is on our WiFi. It won’t work on my iPad and iPhone when they are connected to my WiFi though. Even though the laptops works over the same WiFi and my iPad and iphone work over other networks. Any ideas? Not using a custom dns on those devices. Quote Link to comment
jfrancais Posted May 21, 2019 Share Posted May 21, 2019 Does anyone have any experience setting up ios on demand profiles? I have my Openvpn-AS up and running, working as expected. I can connect via my ios clients. I now want to set up the on demand profile so that the VPN connects when I hit an unsecured network or a couple specifid wifi networks, and disconnect from the VPN whenever connected to my home wifi networks. Quote Link to comment
Jaster Posted May 24, 2019 Share Posted May 24, 2019 Hey guys, after that last update the server won't start with that error appearing: service failed to start due to unresolved dependencies: set(['user']) service failed to start due to unresolved dependencies: set(['iptables_openvpn']) Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 148', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47 service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn']) service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn']) What's wrong? How can I fix it? Quote Link to comment
aptalca Posted May 24, 2019 Share Posted May 24, 2019 2 hours ago, Jaster said: Hey guys, after that last update the server won't start with that error appearing: service failed to start due to unresolved dependencies: set(['user']) service failed to start due to unresolved dependencies: set(['iptables_openvpn']) Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 148', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47 service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn']) service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn']) What's wrong? How can I fix it? Read the last couple pages Quote Link to comment
Jaster Posted May 25, 2019 Share Posted May 25, 2019 On 5/12/2019 at 5:46 AM, dkerlee said: @aptalca thank you very much! Almost got it working - I would like to mention that the README.md (github link) wasn't specific enough for me to follow. I'm sorry! I'm not the sharpest tool in the shed for sure. I need more concise instructions for unRaid. The Spaceinvader video is great, but it's got old info now. But thank you thank you again for all your work here - and answering the same questions again and again. I'm definitely guilty of that! I donated $5 to you guys. 1. use bridge networking 2. don't set interface variable (like Spaceinvaderone video) 3. make sure correct ports are forwarded and mapped 4. add the cap-add statement looks like the cap_add statement is already in the command root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' --log-opt max-size='20m' --log-opt max-file='1' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as' Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container. Quote Link to comment
RevLaw Posted May 25, 2019 Share Posted May 25, 2019 2 hours ago, Jaster said: Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container. Hey, Try to remove the docker container and remove the openvpnas folder under appdata. Then use the stettings from @dkerlee to set it up again. Quote Link to comment
aptalca Posted May 25, 2019 Share Posted May 25, 2019 5 hours ago, Jaster said: Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container. Post a screenshot of your container settings Quote Link to comment
aptalca Posted May 26, 2019 Share Posted May 26, 2019 3 hours ago, Jaster said: That's host networking, not bridge. See the first item on the list above 1 Quote Link to comment
Jaster Posted May 26, 2019 Share Posted May 26, 2019 (edited) Edit: Bridge works (not br0..?). Thanks... sometimes I'm just blind Edited May 26, 2019 by Jaster Quote Link to comment
eb3k Posted May 26, 2019 Share Posted May 26, 2019 Getting pretty frustrated now. I have been trying to get this to work for about 4 days. I think I have followed all the settings but I'm obviously missing something. I can connect to the WebUI and I've added my users and my duckdns address. I have forwarded port 1194 in my router (both UDP and TCP just in case). But I can't get any of my devices to actually connect to the VPN. In my connection log I'm seeing these two errors: WARNING: --ns-cert-type is DEPRECIATED. Use --remote-cert-tls instead TLS Error: cannot locate HMAC in incoming packet from [AF_INET]76.x.x.x:1194 Let me know what logs/screen shots needed to to help me trouble shoot this. Thank you in advance. Quote Link to comment
ProZac Posted May 27, 2019 Share Posted May 27, 2019 19 hours ago, eb3k said: Getting pretty frustrated now. I have been trying to get this to work for about 4 days. I think I have followed all the settings but I'm obviously missing something. I can connect to the WebUI and I've added my users and my duckdns address. I have forwarded port 1194 in my router (both UDP and TCP just in case). But I can't get any of my devices to actually connect to the VPN. In my connection log I'm seeing these two errors: WARNING: --ns-cert-type is DEPRECIATED. Use --remote-cert-tls instead TLS Error: cannot locate HMAC in incoming packet from [AF_INET]76.x.x.x:1194 Let me know what logs/screen shots needed to to help me trouble shoot this. Thank you in advance. I assume u downloaded the new cert files after you reinstalled the docker and use those too connect? Or are you trying with the old ones? Quote Link to comment
eb3k Posted May 27, 2019 Share Posted May 27, 2019 3 hours ago, ProZac said: I assume u downloaded the new cert files after you reinstalled the docker and use those too connect? Or are you trying with the old ones? Yes, I download new cert files after each edit I make to the server. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.