Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - OpenVPN AS

Featured Replies

Anyone have a guide on how to setup IPv6 for this docker?

  • Replies 2k
  • Views 462.6k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • SpaceInvaderOne
    SpaceInvaderOne

    I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

  • PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

  • Stupifier
    Stupifier

    Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

On 2/13/2019 at 1:53 AM, Brawbag said:

[...] I am curently running a Pi-Hole container with it's own IP address and its working great with all connected devices - locally and externally.  The openvpn-AS server is also working great when not altering the client's DNS server settings.  The issue I am querying is when I set custom DNS to Pi-Hole's internal IP address and connect from outside the network, I connect to the VPN, but i cannot then connect back out to the internet.  The only change I have made is under "VPN settings" and "Have clients use specific DNS servers", from which I enter the local IP of my PI-Hole server.

 

Same here. Did you find out how to pass pihole dns to connected clients?

Chrome on my Mac will not load the admin page (https://myip:943/admin). Neither the root ca nor the self-signed certificate are being trusted: NET::ERR_CERT_REVOKED

 

I can't force a bypass of this error by choosing to proceed to the unsafe webpage. I am able to on other devices. I verified the time inside the docker and it is correct (same as my laptop). What am I missing?

 

Edit: I got a copy of the root ca from /appdata/openvpn-as/etc/web-ssl/ca.crt, added it to my Mac's Keychain and manually trusted it in my Keychain's System area. Chrome now says that the root ca and server certificate are "valid", but is still me NET::ERR_CERT_REVOKED with no way to bypass.

 

Edit 2: This may be an issue with Chrome and Catalina? Anyone running Catalina and openvpn-as able to open the admin page?

 

Edit 3: Last edit. I'm pretty sure this is due to Catalina's new requirements for certificates. openvpn-as is generating a certificate valid for 10 years while Catalina will only trust certificates generated after July 2019 that are valid for 825 days or less. Not related to openvpn-as, this seems to be the same issue: https://github.com/symfony/cli/issues/146

Edited by Chrrs

hey guys thanks for the great docker. is there anyway i can secure the webpage with letsencrypt  docker useing an proxy config file ?

4 hours ago, dave234ee said:

hey guys thanks for the great docker. is there anyway i can secure the webpage with letsencrypt  docker useing an proxy config file ?

You'd have to make your own proxy config file if we don't have one (I haven't checked) but in theory it should be possible.  Although you don't need to for the VPN to work, just the VPN port forwards, the webui port can remain closed and only LAN accessible.

Is It Possible? OpenVPN-AS inbound AND tunnel out to PIA on same server?

 

Hi All,

 

Curious if anyone has successfully setup OpenVPN-AS (docker) to create a persistent tunnel to PIA (would this be a client then?); my inbound client connections are working beautifully! And if anyone has, would they be willing to share their config?

 

All the reading I have done has me undecided if I could make both happen. It seems OPVN can do either, but I cannot find any specific documentation on how to make it do both; only hints that it can.

 

Any feedback would be appreciated! Thanks everyone.

1 hour ago, TechMed said:

Is It Possible? OpenVPN-AS inbound AND tunnel out to PIA on same server?

 

Hi All,

 

Curious if anyone has successfully setup OpenVPN-AS (docker) to create a persistent tunnel to PIA (would this be a client then?); my inbound client connections are working beautifully! And if anyone has, would they be willing to share their config?

 

All the reading I have done has me undecided if I could make both happen. It seems OPVN can do either, but I cannot find any specific documentation on how to make it do both; only hints that it can.

 

Any feedback would be appreciated! Thanks everyone.

Inbound and outbound would have to handled by separate containers. This image only does inbound as it is a server.

 

Also, you'd need to request an inbound port forwarding requested via PIA's api and set that as your vpn port

 

Thanks @aptalca, I was leaning towards two distinct containers being the answer so thanks for confirming!

 

As for the traffic, you hit the nail on the head with the port forwarding (read speed); though my ultimate goal is for all my traffic to be tunneled. With respect to the API call, I am assuming this script is what you are referring to?

 

Since my near-term goal is to implement pfSense, is it worth it (admittedly a noob here, but learning) to set up the outbound container? From my early discovery, it appears that pfSense may have both In and Out OVPN functionality built-in; assuming one has a VPN account.

 

Lastly, if setting up the second container, pfSense or not, is the only answer, would using SpaceInvaders Virtual VPN be the best approach to an outbound tunnel?

 

4 hours ago, TechMed said:

 

Thanks @aptalca, I was leaning towards two distinct containers being the answer so thanks for confirming!

 

As for the traffic, you hit the nail on the head with the port forwarding (read speed); though my ultimate goal is for all my traffic to be tunneled. With respect to the API call, I am assuming this script is what you are referring to?

 

Since my near-term goal is to implement pfSense, is it worth it (admittedly a noob here, but learning) to set up the outbound container? From my early discovery, it appears that pfSense may have both In and Out OVPN functionality built-in; assuming one has a VPN account.

 

Lastly, if setting up the second container, pfSense or not, is the only answer, would using SpaceInvaders Virtual VPN be the best approach to an outbound tunnel?

 

Yep, that's the script.

 

Pfsense/opnsense would be ideal. I have my entire internet connection go out through pfsense's ovpn client.

 

Keep in mind that PIA let's you 1 incoming port forwarded per connection/account (can't remember which). So you won't be able to tunnel everything incoming (unless you reverse proxy everything through letsencrypt)

 

I also highly recommend running pfsense on a dedicated machine rather than in a container or vm

How do you all deal with having multiple VPN connections at once? I get an error when my iPad and iPhone use the VPN for a period of time saying that I can't have more than 2 concurrent VPN connections and for that I need to purchase a license.

👍

3 hours ago, aptalca said:

Pfsense/opnsense would be ideal. I have my entire internet connection go out through pfsense's ovpn client.

Thank you for confirming - your doing exactly what I am looking to accomplish.

 

3 hours ago, aptalca said:

unless you reverse proxy everything through letsencrypt

This will be after I get pfSense up and running.

 

3 hours ago, aptalca said:

I also highly recommend running pfsense on a dedicated machine rather than in a container or vm

Funny, that was an additional question I had.

 

When/if you have the time: Why standalone? and a number of posts around show folks making two pfSense systems up. Why?

 

 

4 hours ago, TechMed said:

Why standalone? and a number of posts around show folks making two pfSense systems up. Why?

High availability.

  I like primarily running a pfSense VM since my server is always running anyway, however if I need to down the server for any length of time I like to fire up the standalone so I still have internet with all the filtering and vpn services while the server isn't running. If you keep a regular cheap router around for those occasions, and you don't need the advanced capabilities of pfSense, then you don't need a standalone box.

My two cents: cheep Protectli box doing standalone Pfsense is a win. These folks above are 100% on pfSense. It’s the way...only way.. to go. [emoji1305]

Decisions, decisions, decisions...

 

52 minutes ago, jonathanm said:

if I need to down the server for any length of time I like to fire up the standalone so I still have internet

Makes perfect "pfSense" to me! Thanks! 😁

 

42 minutes ago, blaine07 said:

Protectli box doing standalone Pfsense is a win

I am going to check them out. I am currently leaning the way of @jonathanm, but I am absolutely open to everyone's suggestions as I am still on the fence.

Thanks @blaine07!

 

Going to step away as I don't want to booger up the thread.

Thanks everyone.

Happy Turkey Day in the USA! 🦃

  • 2 weeks later...

Hello, I managed to set it up correctly, but I am wondering if there is a way to change admin password. I tried it from web gui -> user management, but password never changed. Is there any way to change it? Or should I change it at all?

40 minutes ago, Healadin said:

Hello, I managed to set it up correctly, but I am wondering if there is a way to change admin password. I tried it from web gui -> user management, but password never changed. Is there any way to change it? Or should I change it at all?

Have you read and followed the application setup guide on the github or docker hub link in the first post of this thread?

8 hours ago, jonathanm said:

Have you read and followed the application setup guide on the github or docker hub link in the first post of this thread?

I followed this video, and there he only sets up user password but not changing admin

 

8 hours ago, jonathanm said:

Have you read and followed the application setup guide on the github or docker hub link in the first post of this thread?

ye found it there, thx :)

 

The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons:


1. Create another user and set as an admin,

2. Log in as the new user,

3. Delete the "admin" user in the gui,

4. Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin boot_pam_users.0=kjhvkhv (this only has to be done once and will survive container recreation)


IMPORTANT NOTE: Commenting out the first pam user in as.conf creates issues in 2.7.5. To make it work while still blocking pam user access, uncomment that line and change admin to a random nonexistent user as described above.

Edited by Healadin
added resolution

I still have problem - to be exact with 4th step. I opened containers console, went to config/etc, but now I cannot edit that file (or have no idea how to do it since there is no nano or vim).

Snímka obrazovky (13).png

6 hours ago, Healadin said:

I still have problem - to be exact with 4th step. I opened containers console, went to config/etc, but now I cannot edit that file (or have no idea how to do it since there is no nano or vim).

Snímka obrazovky (13).png

Don't exec into the container. Just edit the file in the appdata share for openvpn-as. Then you can use nano.

 

1 hour ago, saarg said:

Don't exec into the container. Just edit the file in the appdata share for openvpn-as. Then you can use nano.

 

ah, thx... I wasnt sure what to do, coz when I consoled into unraid with putty/webconsole "ls" showed nothing... but when I did "cd /mnt/cache/appdata" I managed to find config file :)

Hi guys, I cant login to admin open vpn. Today i upgraded, everything work ok, i can connect to serve, but when I open admin UI ang login i give following error.

 

Capture.jpg

1 hour ago, Kristijan said:

Hi guys, I cant login to admin open vpn. Today i upgraded, everything work ok, i can connect to serve, but when I open admin UI ang login i give following error.

 

Capture.jpg

Did you upgrade from an older openvpn-as version (in other words, did you update for the first time in a long time)? If so, see the notice in the readme. You'll have to edit the as.conf and uncomment the admin line, replace it with a non-existing user.

1 hour ago, aptalca said:

Did you upgrade from an older openvpn-as version (in other words, did you update for the first time in a long time)? If so, see the notice in the readme. You'll have to edit the as.conf and uncomment the admin line, replace it with a non-existing user.

No, I updated orderly, no updated from older verison.

This is my as.conf, what i need uncoment?

 

Capture.png

 

On 12/9/2019 at 7:27 PM, Kristijan said:

No, I updated orderly, no updated from older verison.

This is my as.conf, what i need uncoment?

 

Capture.png

 

The problem is in the as.conf view. I didn't notice right away. I resolved this problem edited as.conf. Tnx

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.