CHBMB Posted January 19, 2016 Share Posted January 19, 2016 So basically, I can use the unsigned certificate then and it will still be secure? Yeah, it's just warning you, because anyone can setup an unsigned certificate. To get rid of the warning, you have to get the domain name validated by a third party to confirm you own the domain name. Quote Link to comment
greg_gorrell Posted January 19, 2016 Share Posted January 19, 2016 Sweet deal, thanks man. I am able to connect over the internet from my phone to the admin account and i have internet access so it seems like everything is working, although I cannot connect to server from the web interface. I am not going to worry and Ill test it out from my laptop later on. Thanks again! Quote Link to comment
CHBMB Posted January 19, 2016 Share Posted January 19, 2016 You can only connect to the server interface from within your LAN for security reasons. Quote Link to comment
greg_gorrell Posted January 19, 2016 Share Posted January 19, 2016 Wait, I see what you are saying.. I was referring to the connectivity test. It will not work for me but everything seems to be fine other than that. Quote Link to comment
shimee Posted January 20, 2016 Share Posted January 20, 2016 Hi All, A terribly bad question I'm sure but Im trying to setup OpenVPN and wish to set it up as a CA. I've installed the container, and can access the admin page. I am following the OpenVPN setup guide here - https://openvpn.net/index.php/open-source/documentation/howto.html#install - but am unable to locate the easy-rsa directory in my Unraid server. I assume as it is installed as a docker container the instructions on the setup guide are probably not 100% accuate but I cannot seem to find any easy-rsa directory and hence cannot proceed with generating certificates etc, Can anyone point me in the right directions please? The version installed is 2.0.20, so I *think* easy-rsa should be included. Thanks Quote Link to comment
dfarrall Posted January 20, 2016 Share Posted January 20, 2016 Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI. What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here. Quote Link to comment
CHBMB Posted January 20, 2016 Share Posted January 20, 2016 Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI. What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here. Why you adding repos to Unraid, just install Community Applications and install from there... Trust me, you'll like it... To answer your question, no it's not command line only. Eth0 is the interface to bind. Quote Link to comment
dfarrall Posted January 20, 2016 Share Posted January 20, 2016 Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI. What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here. Why you adding repos to Unraid, just install Community Applications and install from there... Trust me, you'll like it... To answer your question, no it's not command line only. Eth0 is the interface to bind. Damn, good shout.. This needs more press! Quote Link to comment
CHBMB Posted January 20, 2016 Share Posted January 20, 2016 Damn, good shout.. This needs more press! In my opinion there are 2 absolutely essential plugins for Unraid, CA and Powerdown, other useful ones are Unassigned Devices and Preclear Quote Link to comment
shimee Posted January 21, 2016 Share Posted January 21, 2016 Hi All, Can anyone please tell me how to get easy-rsa installed to suport my openvpn-as install? I have the vpn working fine with login credientials but want to move to certificate based authentication. Also for my understanding, are the certs in the WEB SERVER menu of openvpn specifically relating to the Web UI and not related to Server/Client certificates for VPN users? I need to be able to issue certs for VPN users on mobile devices. Cannot seem to get easy-rsa working. THanks Simon Quote Link to comment
CHBMB Posted January 21, 2016 Share Posted January 21, 2016 Hi Simon. I'm afraid I won't be able to help you with this as none of the ls.io team use this container that I'm aware of.... Quote Link to comment
shimee Posted January 21, 2016 Share Posted January 21, 2016 Hi there, do you mean no one uses easy-rsa? I don't know if it comes as a container but it used to be a part of the openvpn install by default. If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that? Cheers Quote Link to comment
CHBMB Posted January 22, 2016 Share Posted January 22, 2016 Hi there, do you mean no one uses easy-rsa? I don't know if it comes as a container but it used to be a part of the openvpn install by default. If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that? Cheers No I mean we don't use the container. Personally I use the OpenVPN on my router. Quote Link to comment
peter_sm Posted January 22, 2016 Share Posted January 22, 2016 Hi there, do you mean no one uses easy-rsa? I don't know if it comes as a container but it used to be a part of the openvpn install by default. If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that? Cheers Use the OpenVPN plugin instead. This use easyrsa to create cert for client/server Quote Link to comment
chuga Posted January 22, 2016 Share Posted January 22, 2016 Not to get off topic but does openvpn docker or plugin have any advantages vs running openvpn on a router? A decently powered router such as an asus ft-ac68. Quote Link to comment
danioj Posted January 23, 2016 Share Posted January 23, 2016 Hi All, Can anyone please tell me how to get easy-rsa installed to suport my openvpn-as install? I have the vpn working fine with login credientials but want to move to certificate based authentication. Also for my understanding, are the certs in the WEB SERVER menu of openvpn specifically relating to the Web UI and not related to Server/Client certificates for VPN users? I need to be able to issue certs for VPN users on mobile devices. Cannot seem to get easy-rsa working. THanks Simon Can I ask why you would you "need" to use easy-rsa to support the install / use of openvpn-as? It is my understanding of openvpn-as that it generates unique certificates/key files etc for you as part of setting up logging on. # Automatically generated OpenVPN client config file # Generated on Sat Jan 23 15:38:45 2016 by main # Note: this config file contains inline private keys # and therefore should be kept confidential! You can of course download a user locked version or not. What I did was follow the guides to add a user, change the users password. Enable auto login for that user. I make sure I check "Require user permissions record for VPN access" too. Open the port I selected on my router and forward it to the server port that openvpn-as is using. Then download the *.ovpn file which contained all the key authentication details / certs etc to allow the client (iPhone, Router, iMac, MacBookAir) to auto login. The connection is secure, encrypted and safe. Not to get off topic but does openvpn docker or plugin have any advantages vs running openvpn on a router? A decently powered router such as an asus ft-ac68. As I understand it openvpn-as is automated and does allot of the configuration and unique key/certificate generation for you. It also provides a nice pretty UI to configure everything. In addition - I have noticed that the connection on my unRAID server via this Docker vs the connection on my ASUS RT-AC3200 router is that this Docker on my unRAID server is faster AND can support more users without noticing a speed drop. One benefit of using openvpn on your router (not openvpn-as) I believe is that you don't have to purchase licences for more than 2 users. You can of course have multiple devices using the same users connection! This is all AFAIK unless someone corrects me .... EDIT: See this from the openvpn-as Server GUI: User Authentication User credentials are validated using one of the three (external) user databases below or using the locally configured users on 'Users Permissions' page. IMPORTANT NOTE: if you are using autologin profiles (selectable on the User Permissions page), bear in mind that they authenticate using a certificate only and will therefore bypass credential-based authentication using the external authentication DBs below. Authenticate users using: Local PAM [i have this enabled anyway but there are no configuration settings for PAM Authentication in that section of the GUI so no one can logon using that method. It is bypassed anyway as I use auto-login] RADIUS LDAP Quote Link to comment
j0nnymoe Posted January 23, 2016 Share Posted January 23, 2016 Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license. Quote Link to comment
danioj Posted January 23, 2016 Share Posted January 23, 2016 Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license. A very succinct summary of my point in my above post! Quote Link to comment
j0nnymoe Posted January 23, 2016 Share Posted January 23, 2016 Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license. A very succinct summary of my point in my above post! Sorry danioj, didn't see your post above call mine the TL;DR Quote Link to comment
Drazzilb Posted January 27, 2016 Share Posted January 27, 2016 Looks like I'm having the Ol' can't connect to the webUI problem. I installed the docker the same way I've done several others. /mnt/user/appdata/OpenVPN/ is where I pointed the config/ files to. from there I'm not able to access the webUI. I have very limited knowledge of linux so if I'm needed to do something other than the web interface please let me know how to. Quote Link to comment
CHBMB Posted January 27, 2016 Share Posted January 27, 2016 Looks like I'm having the Ol' can't connect to the webUI problem. I installed the docker the same way I've done several others. /mnt/user/appdata/OpenVPN/ is where I pointed the config/ files to. from there I'm not able to access the webUI. I have very limited knowledge of linux so if I'm needed to do something other than the web interface please let me know how to. Can you try changing /mnt/user/appdata/OpenVPN/ to /mnt/cache/appdata/OpenVPN/ Quote Link to comment
Drazzilb Posted January 27, 2016 Share Posted January 27, 2016 Can you try changing /mnt/user/appdata/OpenVPN/ to /mnt/cache/appdata/OpenVPN/ No luck. Quote Link to comment
CHBMB Posted January 27, 2016 Share Posted January 27, 2016 Can you try changing /mnt/user/appdata/OpenVPN/ to /mnt/cache/appdata/OpenVPN/ No luck. What's showing in the logs, also if the setup is interrupted then you may need to delete the container and appdata and try pulling again. Quote Link to comment
Drazzilb Posted January 27, 2016 Share Posted January 27, 2016 Color me dumb. but which log are you requesting? the installation log or the unraid log.. (sorry for being such a nub) Quote Link to comment
CHBMB Posted January 27, 2016 Share Posted January 27, 2016 Color me dumb. but which log are you requesting? the installation log or the unraid log.. (sorry for being such a nub) The docker container log The one under logs on the far right Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.