ProZac Posted June 4, 2019 Share Posted June 4, 2019 1 minute ago, baldfox said: Got it. As I am typing this, i just successfully managed to login with the openvpn plugin. Worked relatively quickly. Will sort this when I get a chance. Thanks again for your help. Sounds awsome A side note, when you are done and the docker works as planned, take a backup. So if you in the future mess things up or an update crashes anything, you can revert back Quote Link to comment
CHBMB Posted June 4, 2019 Share Posted June 4, 2019 But that shows it running? Can you not get to the webui.Sent from my Mi A1 using Tapatalk Quote Link to comment
aartr Posted June 5, 2019 Share Posted June 5, 2019 (edited) Hey Everybody, I'm hit with these problems as well after upgrading to 6.7. Using the instructions here I got the connection to work again, however I'm using a layer 2 link to connect directly to my local subnet so I can use Bonjour and all that. Now when I connect the connection is successful but I get a random IP address outside of my subnet instead a DHCP-assigned ip on my 10.0.0.0/24 subnet. I'm guessing switching from host to bridge is preventing docker from talking to my network including the DHCP server? I'm not 100% sure what's happening. Am I basically out of luck here? Or is there way to maintain compatibility with layer 2 connections? Edited June 5, 2019 by aartr Quote Link to comment
CyberMew Posted June 5, 2019 Share Posted June 5, 2019 21 hours ago, CHBMB said: But that shows it running? Can you not get to the webui. Sent from my Mi A1 using Tapatalk Ah yes it's working now, I guess I tried it while it was still loading up. I just realise that it's limited for 2 connections? I remember it was totally free and open source? Quote Link to comment
JonathanM Posted June 5, 2019 Share Posted June 5, 2019 2 minutes ago, CyberMew said: I just realise that it's limited for 2 connections? I remember it was totally free and open source? You are confusing 2 different things. The core technology, and the application using that technology. https://openvpn.net/faq/what-is-openvpn-access-server/ Quote Link to comment
uldise Posted June 5, 2019 Share Posted June 5, 2019 10 minutes ago, CyberMew said: I just realise that it's limited for 2 connections? I remember it was totally free and open source? this was the reason i switched to pfsense with openvpn in it.. Quote Link to comment
aptalca Posted June 5, 2019 Share Posted June 5, 2019 (edited) 1 hour ago, uldise said: this was the reason i switched to pfsense with openvpn in it.. Yeah, but it's good to have a backup, in case you can't connect to one for some reason. I have my pfsense one with udp on the standard port, the container on unraid that is tcp stream proxied by letsencrypt on port 80 and wireguard on an rpi3. Some public wifi block all outgoing udp connections and tcp over non-http/s so the port 80 one saved my a$$ quite a few times Edited June 5, 2019 by aptalca Quote Link to comment
CyberMew Posted June 6, 2019 Share Posted June 6, 2019 (edited) How do we connect to the docker from iOS OpenVPN Connect app? I selected Access Server and put in the details but it isnt working. Edit: needed to provide 9443 in port field. Edit 2: why is it connecting to my docker internal ip 172.17.x.x:1194? Edited June 6, 2019 by CyberMew help required Quote Link to comment
aptalca Posted June 6, 2019 Share Posted June 6, 2019 7 hours ago, CyberMew said: How do we connect to the docker from iOS OpenVPN Connect app? I selected Access Server and put in the details but it isnt working. Edit: needed to provide 9443 in port field. Edit 2: why is it connecting to my docker internal ip 172.17.x.x:1194? Provide more clarification Quote Link to comment
dajinn Posted June 7, 2019 Share Posted June 7, 2019 I'm so confused on the docker network mapping stuff, when I try to connect to the AS from an external client the client is trying to connect to the docker network IP which is 172.12.0.5 which obviously won't resolve on a completely different private network behind another internet connection. Shouldn't the config be attempting to connect to my public IP? What is the 'fix' for this? The container is setup with all of the most recent defaults. Quote Link to comment
ProZac Posted June 7, 2019 Share Posted June 7, 2019 11 minutes ago, dajinn said: I'm so confused on the docker network mapping stuff, when I try to connect to the AS from an external client the client is trying to connect to the docker network IP which is 172.12.0.5 which obviously won't resolve on a completely different private network behind another internet connection. Shouldn't the config be attempting to connect to my public IP? What is the 'fix' for this? The container is setup with all of the most recent defaults. This has been gone over several times in the last few pages. You need to add your subnet in the settings page under routing Quote Link to comment
dajinn Posted June 7, 2019 Share Posted June 7, 2019 1 hour ago, ProZac said: This has been gone over several times in the last few pages. You need to add your subnet in the settings page under routing I believe you misunderstood, the issue was not with routing. I probably left some keywords out. I resolved my issue by changing the hostname of my vpn server in the Access Server settings from the bridge network to my public IP. I felt like this was an obvious thing but for some reason was thinking that however it came configured out of the box was just 'how it was supposed to be'. But alas after making the change my third party clients are able to connect to the VPN. Dank. Quote Link to comment
dajinn Posted June 7, 2019 Share Posted June 7, 2019 18 hours ago, CyberMew said: How do we connect to the docker from iOS OpenVPN Connect app? I selected Access Server and put in the details but it isnt working. Edit: needed to provide 9443 in port field. Edit 2: why is it connecting to my docker internal ip 172.17.x.x:1194? Go into your Access Server settings and change the hostname from the docker IP to your public IP/hostname. 1 Quote Link to comment
CyberMew Posted June 7, 2019 Share Posted June 7, 2019 (edited) 6 hours ago, dajinn said: Go into your Access Server settings and change the hostname from the docker IP to your public IP/hostname. Thanks! Working fine, able to connect now! Now I just need to find out why my new nonadmin users don't have a cert (client cert revoked) and fix it.. edit: worked by itself after a while. all good Edited June 7, 2019 by CyberMew Quote Link to comment
Riotz Posted June 9, 2019 Share Posted June 9, 2019 On 6/7/2019 at 4:26 AM, dajinn said: Go into your Access Server settings and change the hostname from the docker IP to your public IP/hostname. I thought I had the answer with this as well but this is not working for me. I have my Dynamic DNS hostname in place which I use for other services so I know it's resolving properly. However, when I try to connect from my phone I see it trying to connect to the Docker Containers IP address which is 172.12.0.5. I should mention that the Open Port Checker at https://www.yougetsignal.com/tools/open-ports/ shows that 9443 is open. So I know it's got to be an issue with the app config. Here are a few screen grabs of my network config for OpenVPN-AS. I temporarily masked my Dynamic DNS address for the grab. Here is the log file from the OpenVPN client app on my iPhone where I have the Dynamic DNS address set as the hostname and port 9443 as the port: 2019-07-09 07:07:47 ----- OpenVPN Start ----- OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04 2019-07-09 07:07:47 Frame=512/2048/512 mssfix-ctrl=1250 2019-07-09 07:07:47 UNUSED OPTIONS 11 [sndbuf] [0] 12 [rcvbuf] [0] 15 [verb] [3] 24 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 25 [CLI_PREF_BASIC_CLIENT] [False] 26 [CLI_PREF_ENABLE_CONNECT] [True] 27 [CLI_PREF_ENABLE_XD_PROXY] [True] 28 [WSHOST] [172.17.0.5:9443] 29 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- [Certificate Masked]...] 30 [IS_OPENVPN_WEB_CA] [1] 31 [ORGANIZATION] [OpenVPN Inc] 2019-07-09 07:07:47 EVENT: RESOLVE 2019-07-09 07:07:47 Contacting [172.17.0.5]:9443/TCP via TCP 2019-07-09 07:07:47 EVENT: WAIT 2019-07-09 07:07:58 Server poll timeout, trying next remote entry... 2019-07-09 07:07:58 EVENT: RECONNECTING 2019-07-09 07:07:58 EVENT: RESOLVE 2019-07-09 07:07:58 Contacting [172.17.0.5]:9443/TCP via TCP 2019-07-09 07:07:58 EVENT: WAIT 2019-08-09 07:08:09 Server poll timeout, trying next remote entry... 2019-08-09 07:08:09 EVENT: RECONNECTING 2019-08-09 07:08:09 EVENT: RESOLVE 2019-08-09 07:08:09 Contacting [172.17.0.5]:9443/TCP via TCP 2019-08-09 07:08:09 EVENT: WAIT 2019-08-09 07:08:19 EVENT: CONNECTION_TIMEOUT [ERR] 2019-08-09 07:08:19 Raw stats on disconnect: CONNECTION_TIMEOUT : 1 N_RECONNECT : 2 2019-08-09 07:08:19 Performance stats on disconnect: CPU usage (microseconds): 49938 Network bytes per CPU second: 0 Tunnel bytes per CPU second: 0 2019-08-09 07:08:19 EVENT: DISCONNECTED 2019-08-09 07:08:19 Raw stats on disconnect: CONNECTION_TIMEOUT : 1 N_RECONNECT : 2 2019-08-09 07:08:19 Performance stats on disconnect: CPU usage (microseconds): 51440 Network bytes per CPU second: 0 Tunnel bytes per CPU second: 0 Any assistance is greatly appreciated. Quote Link to comment
aptalca Posted June 9, 2019 Share Posted June 9, 2019 3 hours ago, Riotz said: I thought I had the answer with this as well but this is not working for me. I have my Dynamic DNS hostname in place which I use for other services so I know it's resolving properly. However, when I try to connect from my phone I see it trying to connect to the Docker Containers IP address which is 172.12.0.5. I should mention that the Open Port Checker at https://www.yougetsignal.com/tools/open-ports/ shows that 9443 is open. So I know it's got to be an issue with the app config. Here are a few screen grabs of my network config for OpenVPN-AS. I temporarily masked my Dynamic DNS address for the grab. Here is the log file from the OpenVPN client app on my iPhone where I have the Dynamic DNS address set as the hostname and port 9443 as the port: 2019-07-09 07:07:47 ----- OpenVPN Start ----- OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct 3 2018 06:35:04 2019-07-09 07:07:47 Frame=512/2048/512 mssfix-ctrl=1250 2019-07-09 07:07:47 UNUSED OPTIONS 11 [sndbuf] [0] 12 [rcvbuf] [0] 15 [verb] [3] 24 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 25 [CLI_PREF_BASIC_CLIENT] [False] 26 [CLI_PREF_ENABLE_CONNECT] [True] 27 [CLI_PREF_ENABLE_XD_PROXY] [True] 28 [WSHOST] [172.17.0.5:9443] 29 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- [Certificate Masked]...] 30 [IS_OPENVPN_WEB_CA] [1] 31 [ORGANIZATION] [OpenVPN Inc] 2019-07-09 07:07:47 EVENT: RESOLVE 2019-07-09 07:07:47 Contacting [172.17.0.5]:9443/TCP via TCP 2019-07-09 07:07:47 EVENT: WAIT 2019-07-09 07:07:58 Server poll timeout, trying next remote entry... 2019-07-09 07:07:58 EVENT: RECONNECTING 2019-07-09 07:07:58 EVENT: RESOLVE 2019-07-09 07:07:58 Contacting [172.17.0.5]:9443/TCP via TCP 2019-07-09 07:07:58 EVENT: WAIT 2019-08-09 07:08:09 Server poll timeout, trying next remote entry... 2019-08-09 07:08:09 EVENT: RECONNECTING 2019-08-09 07:08:09 EVENT: RESOLVE 2019-08-09 07:08:09 Contacting [172.17.0.5]:9443/TCP via TCP 2019-08-09 07:08:09 EVENT: WAIT 2019-08-09 07:08:19 EVENT: CONNECTION_TIMEOUT [ERR] 2019-08-09 07:08:19 Raw stats on disconnect: CONNECTION_TIMEOUT : 1 N_RECONNECT : 2 2019-08-09 07:08:19 Performance stats on disconnect: CPU usage (microseconds): 49938 Network bytes per CPU second: 0 Tunnel bytes per CPU second: 0 2019-08-09 07:08:19 EVENT: DISCONNECTED 2019-08-09 07:08:19 Raw stats on disconnect: CONNECTION_TIMEOUT : 1 N_RECONNECT : 2 2019-08-09 07:08:19 Performance stats on disconnect: CPU usage (microseconds): 51440 Network bytes per CPU second: 0 Tunnel bytes per CPU second: 0 Any assistance is greatly appreciated. Download a new client config. Your current config was generated before you fixed the hostname on your server. Quote Link to comment
Riotz Posted June 9, 2019 Share Posted June 9, 2019 1 hour ago, aptalca said: Download a new client config. Your current config was generated before you fixed the hostname on your server. Yup that did it! Thank you so much! Hope this helps someone else as well! Quote Link to comment
antohind Posted June 9, 2019 Share Posted June 9, 2019 Hi guys, looking for some advice I am on the latest version of Unraid using PFSENSE VM as my firewall/router. When I install the openvpn-as non of the options i select allows me to connect to the openVPN management gui Has anyone else got this setup working and have the time to point me in the right direction Thanks Ant Quote Link to comment
JonathanM Posted June 9, 2019 Share Posted June 9, 2019 13 minutes ago, antohind said: I am on the latest version of Unraid using PFSENSE VM as my firewall/router. Why are you trying to use the OpenVPN AS docker? Pfsense has OpenVPN functionality pretty much out of the box. Quote Link to comment
Globe89 Posted June 9, 2019 Share Posted June 9, 2019 2 hours ago, jonathanm said: Why are you trying to use the OpenVPN AS docker? Pfsense has OpenVPN functionality pretty much out of the box. Which Docker image would you recommend for this? Quote Link to comment
JonathanM Posted June 9, 2019 Share Posted June 9, 2019 Just now, Globe89 said: Which Docker image would you recommend for this? For what? Please describe what you need to accomplish. Quote Link to comment
Globe89 Posted June 10, 2019 Share Posted June 10, 2019 4 hours ago, jonathanm said: For what? Please describe what you need to accomplish. I want a hardened OpenVPN server + firewall. Quote Link to comment
antohind Posted June 10, 2019 Share Posted June 10, 2019 13 hours ago, jonathanm said: Why are you trying to use the OpenVPN AS docker? Pfsense has OpenVPN functionality pretty much out of the box. Hi yeah, after playing around i figured out I can configure OpenVPn directly onto the PFsense VM It's almost ready just have a few issues still 1 - once i connect via openvpn I am unable to reach my internal subnet of 192.168.1.0/24 not sure why the automatic NAT rules are failing Quote Link to comment
trurl Posted June 10, 2019 Share Posted June 10, 2019 7 hours ago, Globe89 said: I want a hardened OpenVPN server + firewall. As jonathanm noted, that sounds like a description of pfSense, so maybe you don't really need to bother with this docker at all. Quote Link to comment
ProZac Posted June 10, 2019 Share Posted June 10, 2019 2 hours ago, antohind said: Hi yeah, after playing around i figured out I can configure OpenVPn directly onto the PFsense VM It's almost ready just have a few issues still 1 - once i connect via openvpn I am unable to reach my internal subnet of 192.168.1.0/24 not sure why the automatic NAT rules are failing Not to sound like a brokren record, but did you add your subnet in the routing info in the server, as the new ovpn spits out an ip in the subnet of the docker as default. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.