[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

For the record I set up the netgear R7000 router openVPN too, headache free very easy guide. Still 2MB/s. So I have no clue what it could possibly be. I connected to two windows 10 PCs, both with 6700k processors and high end intel NICs.

 

There absolutely must be some setting that everyone changes because clearly this can't be on my end. Either that or one of our ISPs is throttling us, or a router is causing problems.

Link to comment

For the record I set up the netgear R7000 router openVPN too, headache free very easy guide. Still 2MB/s. So I have no clue what it could possibly be. I connected to two windows 10 PCs, both with 6700k processors and high end intel NICs.

 

There absolutely must be some setting that everyone changes because clearly this can't be on my end. Either that or one of our ISPs is throttling us, or a router is causing problems.

 

If with a completely different device gives the same output, why do you think it's a problem with the OpenVPN config?

Link to comment

For the record I set up the netgear R7000 router openVPN too, headache free very easy guide. Still 2MB/s. So I have no clue what it could possibly be. I connected to two windows 10 PCs, both with 6700k processors and high end intel NICs.

 

There absolutely must be some setting that everyone changes because clearly this can't be on my end. Either that or one of our ISPs is throttling us, or a router is causing problems.

 

If with a completely different device gives the same output, why do you think it's a problem with the OpenVPN config?

 

Well give me some ideas what it could be... Both ISPs claim they don't throttle VPN (they offer gigabit with zero bandwidth caps, so doubtful they throttle anything). One router is a NETGEAR R7000 (very popular router), and the other is a pfsense router (very popular as well). Both have overkill processors. I have no idea what else it could possibly be, and it seems no one else has this problem or everyone is OK with <2MB/s transfers.

 

Is there some other way to test our speed to each other outside of VPN?

Should I try getting rid of the routers and doing a single direct connection to 1 computer on each network?

Link to comment

Well give me some ideas what it could be...

 

I can't if I could I would have...

 

Both ISPs claim they don't throttle VPN (they offer gigabit with zero bandwidth caps, so doubtful they throttle anything). One router is a NETGEAR R7000 (very popular router), and the other is a pfsense router (very popular as well). Both have overkill processors. I have no idea what else it could possibly be, and it seems no one else has this problem or everyone is OK with <2MB/s transfers.

 

fwiw I haven't heard of anyone else with a similar problem, either on this thread or our IRC chatroom.  I wouldn't be ok with <2MB/s either.

 

Is there some other way to test our speed to each other outside of VPN?

Should I try getting rid of the routers and doing a single direct connection to 1 computer on each network?

 

If either of you run a webserver that might help test speeds by downloading files from each other?

 

Link to comment

Well i've seen multiple complaints on pfsense forums about openvpn speeds, the issue was fixed by adjusting a setting which was later forced by default and removed from the settings. I'm guessing it really wasn't, so in a couple hours we will do a direct connection on his end to ensure it's not his overly complex router.

 

If that doesn't fix it, we'll be calling ISPs and push harder because that's the only thing left it could possibly be. It can't be a direct port throttle either, the NETGEAR's OpenVPN uses entirely different ports than OpenVPN-AS.

Link to comment

So you are getting 2 MB/s transfers. So the server which is uploading the file is doing so at 16 Mbps.

Is this file coming from his server to yours at this speed or from your server to his.

1.  Do you both have gigabit internet.

2.  If so is it the same ISP

3.  When you test Is it the same speed both ways from his server to your server. And from your server to his server ?

 

And would i be ok with 2MBS yes my fiber is only 38mbps (4.75MBS ) down and 10mbps (1.25MBS) up  :(

Link to comment

So you are getting 2 MB/s transfers. So the server which is uploading the file is doing so at 16 Mbps.

Is this file coming from his server to yours at this speed or from your server to his.

1.  Do you both have gigabit internet.

2.  If so is it the same ISP

3.  When you test Is it the same speed both ways from his server to your server. And from your server to his server ?

 

And would i be ok with 2MBS yes my fiber is only 38mbps (4.75MBS ) down and 10mbps (1.25MBS) up  :(

 

We tried both ways.

1. I have 1000/500, he has 1000/25 (His upload shouldn't affect us when files are coming from my server, going to his?)

2. No, he lives in 20 miles out of town with a "very" small local ISP.

3. Yes

 

I contacted some help from someone who knows VPNs and he remoted in. Getting 2MB/s to him as well. Tried direct connection with no routers on both ends. Tried VPN hosted on unRAID, as well as VPN hosted on router. Every single test results in roughly 2MB/s. He said it's unfixable and due to bad routing between our houses as well as his house. Seems unlikely, but I am out of ideas and that one makes the most sense.

 

We have about 130TB of data each that we want to share with each other, so 2MB/s just won't cut it... guess we'll be stuck with external hard drives and driving 20 miles to share data...

Link to comment

So you are getting 2 MB/s transfers. So the server which is uploading the file is doing so at 16 Mbps.

Is this file coming from his server to yours at this speed or from your server to his.

1.  Do you both have gigabit internet.

2.  If so is it the same ISP

3.  When you test Is it the same speed both ways from his server to your server. And from your server to his server ?

 

And would i be ok with 2MBS yes my fiber is only 38mbps (4.75MBS ) down and 10mbps (1.25MBS) up  :(

 

We tried both ways.

1. I have 1000/500, he has 1000/25 (His upload shouldn't affect us when files are coming from my server, going to his?)

2. No, he lives in 20 miles out of town with a "very" small local ISP.

3. Yes

 

I contacted some help from someone who knows VPNs and he remoted in. Getting 2MB/s to him as well. Tried direct connection with no routers on both ends. Tried VPN hosted on unRAID, as well as VPN hosted on router. Every single test results in roughly 2MB/s. He said it's unfixable and due to bad routing between our houses as well as his house. Seems unlikely, but I am out of ideas and that one makes the most sense.

 

We have about 130TB of data each that we want to share with each other, so 2MB/s just won't cut it... guess we'll be stuck with external hard drives and driving 20 miles to share data...

 

Umm yeah,  you would think transferring from you to him it should be way better with that upload speed  :(

Have you tried testing what kind of speeds do you get transferring files in another way. Maybe using a file transfer with TeamViewer or Splashtop desktop

to compare?

Link to comment

So you are getting 2 MB/s transfers. So the server which is uploading the file is doing so at 16 Mbps.

Is this file coming from his server to yours at this speed or from your server to his.

1.  Do you both have gigabit internet.

2.  If so is it the same ISP

3.  When you test Is it the same speed both ways from his server to your server. And from your server to his server ?

 

And would i be ok with 2MBS yes my fiber is only 38mbps (4.75MBS ) down and 10mbps (1.25MBS) up  :(

 

We tried both ways.

1. I have 1000/500, he has 1000/25 (His upload shouldn't affect us when files are coming from my server, going to his?)

2. No, he lives in 20 miles out of town with a "very" small local ISP.

3. Yes

 

I contacted some help from someone who knows VPNs and he remoted in. Getting 2MB/s to him as well. Tried direct connection with no routers on both ends. Tried VPN hosted on unRAID, as well as VPN hosted on router. Every single test results in roughly 2MB/s. He said it's unfixable and due to bad routing between our houses as well as his house. Seems unlikely, but I am out of ideas and that one makes the most sense.

 

We have about 130TB of data each that we want to share with each other, so 2MB/s just won't cut it... guess we'll be stuck with external hard drives and driving 20 miles to share data...

 

Umm yeah,  you would think transferring from you to him it should be way better with that upload speed  :(

Have you tried testing what kind of speeds do you get transferring files in another way. Maybe using a file transfer with TeamViewer or Splashtop desktop

to compare?

 

I just tested FTP and it's the same issues. The catcher? If I enable multi-part connections using CuteFTP it maxes the connection out on his side. So the bandwidth is there, but I need to use multi-connections to achieve it.

 

Does this provide any insight on what the problem could be? I'd rather use VPN than FTP.

Link to comment

I've setup openVPN but I cannot acces my webui (host and privilged are on), is there a way to acces it but have my server on bonded lan connections? Do I NEED to unbond them and connect it to eth0 to use openVPN?

 

I had same issue. After change it to bridge i can see the web gui.

Damn it worked... Should've tried that myself, thanks mate :)

 

Sent from my SM-G935F using Tapatalk

 

 

Link to comment

I have installed openvpnas using the Community Applications in unRaid 6.2 but it didn't work. As least not until I found out that I needed to add an additional environment variable INTERFACE and set to bond0. Can you please update the unRAID template to include this environment variable? I also note there is no documentation (that I could find) on how to actually install in unRaid. Its really hard when you have to scrawl through pages and pages of the community forum to find anything out.

 

 

Link to comment

I have installed openvpnas using the Community Applications in unRaid 6.2 but it didn't work. As least not until I found out that I needed to add an additional environment variable INTERFACE and set to bond0. Can you please update the unRAID template to include this environment variable? I also note there is no documentation (that I could find) on how to actually install in unRaid. Its really hard when you have to scrawl through pages and pages of the community forum to find anything out.

 

I did a video guide for this a few posts up, although it doesn't mention to add that variable for bonded connections!

Remember the guys who give us these dockers etc do so in their spare time. They may not have hardware configs set up in the same way, as some of us may. ie bonded connections etc. So they can't test all conditions. As such these things can easily get overlooked, which is probably why it's not in the template.

I know that some devs don't even use the dockers for their own daily use, they just convert them for us to use in unRAID.

Sometimes if you can't find the info you need in the threads for the docker, then its worth posting in and checking the official forums for that particular application  :)

Link to comment

I have installed openvpnas using the Community Applications in unRaid 6.2 but it didn't work. As least not until I found out that I needed to add an additional environment variable INTERFACE and set to bond0. Can you please update the unRAID template to include this environment variable? I also note there is no documentation (that I could find) on how to actually install in unRaid. Its really hard when you have to scrawl through pages and pages of the community forum to find anything out.

 

The variable is not in the template, but it's clearly stated on our github readme for the container, and there is a handy github link in the OP for this image, and all our LT forum support posts for our images contain the relevant links back to github in the first post.

 

Link to comment

Thank you for your replies. I understand that its all voluntary and I do appreciate the developers time, sorry if it came across otherwise. Its as much frustration with my own lack of understanding - I'm still getting my head around the interface of Dockers vs unRaid templates etc. I wish I knew more and was able to contribute myself.

Link to comment

Thank you for your replies. I understand that its all voluntary and I do appreciate the developers time, sorry if it came across otherwise. Its as much frustration with my own lack of understanding - I'm still getting my head around the interface of Dockers vs unRaid templates etc. I wish I knew more and was able to contribute myself.

Basically, a template is just a way of saving the stuff you put in the Add/Update Container form, and the stuff in the Add/Update Container form is just a way of specifying what to put in the docker run command. The docker service takes care of the rest in the standard docker ways.
Link to comment

This was very helpful, thanks.

 

That being said, if you follow these simple rules then I think you are safe:

 

1. Do not expose the Connect or Admin interfaces to the Internet.

 

There is literally no need to open these interfaces to the internet in the majority of cases. You're a home user (I imagine, as are the majority of those who use unRAID) and you can access these interfaces on your LAN to configure / download config files.

 

2. Use UDP protocol on port 1194 (or other) only for VPN access.

 

When TCP mode is chosen for the VPN Server protocol, the VPN Server can optionally provide access to these services through its IP address and port. You don't want to do this or forget that its set. So just don't enable it. These settings are however maintained across updates.

 

3. Update your Container carefully.

 

If you are really worried, before you update the Container: disable your port forwarding, have a terminal session open with the command ready to execute. If you are even more worried you could have your unRAID server (along with any configuring client) on a dedicated switch so you can isolate other local clients from being able to access the unRAID server for that period of time.

 

I want to add that #3 is way OTT IMHO but #1 and #2 should be followed to maintain security. I don't run in an environment where LAN clients are not trusted (in that I would never expect someone on the LAN side to maliciously "hack" into the OpenVPN-AS interfaces in the short time they are open when I upgrade). Therefore #3 is not something I really thought about until your question. I would suggest that most unRAID users (without getting Philosophical about it) would consider their LAN secure.

 

Anyway, in summary, not that much of an issue IMHO.

Link to comment
  • 3 weeks later...

I went from having this setup and working to not, and this is the only thing that I can find in the docker log.  I ran new permissions this didnt work.  Any ideas?

 

./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.