[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

I went from having this setup and working to not, and this is the only thing that I can find in the docker log.  I ran new permissions this didnt work.  Any ideas?

 

./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied

 

Well I think it's safe to say there's a permissions issue.  Can you do a ls -la on the directory and post the results here?  In general new permissions isn't a good idea on appdata.

Link to comment

I went from having this setup and working to not, and this is the only thing that I can find in the docker log.  I ran new permissions this didnt work.  Any ideas?

 

./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied
./run: line 3: /config/scripts/openvpnas: Permission denied

 

Well I think it's safe to say there's a permissions issue.  Can you do a ls -la on the directory and post the results here?  In general new permissions isn't a good idea on appdata.

 

root@BennySRV:/mnt/user/Config/openvpn-as/scripts# ls -la
total 140
drwxrwxrwx 1 nobody users 4096 Oct  7 17:24 ./
drwxrwxrwx 1 nobody users  201 Oct 10 15:15 ../
-rw-rw-rw- 1 nobody users  406 Oct  7 17:24 authcli
-rw-rw-rw- 1 nobody users  403 Oct  7 17:24 bridge
-rw-rw-rw- 1 nobody users  406 Oct  7 17:24 certool
-rw-rw-rw- 1 nobody users  406 Oct  7 17:24 confdba
-rw-rw-rw- 1 nobody users 2737 Oct  7 17:24 db-update-1.8
-rw-rw-rw- 1 nobody users  400 Oct  7 17:24 dbcvt
-rw-rw-rw- 1 nobody users  403 Oct  7 17:24 dnscli
-rw-rw-rw- 1 nobody users  421 Oct  7 17:24 dnsfo_active
-rw-rw-rw- 1 nobody users  424 Oct  7 17:24 dnsfo_standby
-rw-rw-rw- 1 nobody users  403 Oct  7 17:24 iosvod
-rw-rw-rw- 1 nobody users  400 Oct  7 17:24 liman
-rw-rw-rw- 1 nobody users  403 Oct  7 17:24 logdba
-rw-rw-rw- 1 nobody users  403 Oct  7 17:24 mandep
-rw-rw-rw- 1 nobody users  406 Oct  7 17:24 netinfo
-rw-rw-rw- 1 nobody users  412 Oct  7 17:24 openvpnas
-rw-rw-rw- 1 nobody users  454 Oct  7 17:24 openvpnas_deferred_init
-rw-rw-rw- 1 nobody users  439 Oct  7 17:24 openvpnas_gen_init
-rw-rw-rw- 1 nobody users  466 Oct  7 17:24 openvpnas_gen_init_deferred
-rw-rw-rw- 1 nobody users  436 Oct  7 17:24 openvpnas_gen_pam
-rw-rw-rw- 1 nobody users  415 Oct  7 17:24 openvpncc
-rw-rw-rw- 1 nobody users  421 Oct  7 17:24 openvpncdisp
-rw-rw-rw- 1 nobody users  427 Oct  7 17:24 openvpncnode
-rw-rw-rw- 1 nobody users  415 Oct  7 17:24 ovpnpasswd
-rw-rw-rw- 1 nobody users  391 Oct  7 17:24 sa
-rw-rw-rw- 1 nobody users  400 Oct  7 17:24 sacli
-rw-rw-rw- 1 nobody users  409 Oct  7 17:24 signtool
-rw-rw-rw- 1 nobody users  281 Oct  7 17:24 sqlite3
-rw-rw-rw- 1 nobody users  421 Oct  7 17:24 sshrpc_agent
-rw-rw-rw- 1 nobody users  421 Oct  7 17:24 ucarp_active
-rw-rw-rw- 1 nobody users  424 Oct  7 17:24 ucarp_standby
-rw-rw-rw- 1 nobody users  427 Oct  7 17:24 update_as_conf
-rw-rw-rw- 1 nobody users  424 Oct  7 17:24 update_va_ver
-rw-rw-rw- 1 nobody users  406 Oct  7 17:24 userdba
-rw-rw-rw- 1 nobody users  394 Oct  7 17:24 web

Link to comment

Everything in my directory has permissions 775, yours are 666

 

Try

cd /config
chmod -R 775 *

 

root@server:/mnt/cache/.appdata/openvpn-as/scripts# ls -la
total 144
drwxrwxr-x  2 nobody users 4096 Aug  5 20:44 ./
drwxrwxrwx 10 nobody users 4096 Aug 16 13:17 ../
-rwxrwxr-x  1 nobody users  406 Aug  5 20:44 authcli*
-rwxrwxr-x  1 nobody users  403 Aug  5 20:44 bridge*
-rwxrwxr-x  1 nobody users  406 Aug  5 20:44 certool*
-rwxrwxr-x  1 nobody users  406 Aug  5 20:44 confdba*
-rwxrwxr-x  1 nobody users 2737 Aug  5 20:44 db-update-1.8*
-rwxrwxr-x  1 nobody users  400 Aug  5 20:44 dbcvt*
-rwxrwxr-x  1 nobody users  403 Aug  5 20:44 dnscli*
-rwxrwxr-x  1 nobody users  421 Aug  5 20:44 dnsfo_active*
-rwxrwxr-x  1 nobody users  424 Aug  5 20:44 dnsfo_standby*
-rwxrwxr-x  1 nobody users  403 Aug  5 20:44 iosvod*
-rwxrwxr-x  1 nobody users  400 Aug  5 20:44 liman*
-rwxrwxr-x  1 nobody users  403 Aug  5 20:44 logdba*
-rwxrwxr-x  1 nobody users  403 Aug  5 20:44 mandep*
-rwxrwxr-x  1 nobody users  406 Aug  5 20:44 netinfo*
-rwxrwxr-x  1 nobody users  412 Aug  5 20:44 openvpnas*
-rwxrwxr-x  1 nobody users  454 Aug  5 20:44 openvpnas_deferred_init*
-rwxrwxr-x  1 nobody users  439 Aug  5 20:44 openvpnas_gen_init*
-rwxrwxr-x  1 nobody users  466 Aug  5 20:44 openvpnas_gen_init_deferred*
-rwxrwxr-x  1 nobody users  436 Aug  5 20:44 openvpnas_gen_pam*
-rwxrwxr-x  1 nobody users  415 Aug  5 20:44 openvpncc*
-rwxrwxr-x  1 nobody users  421 Aug  5 20:44 openvpncdisp*
-rwxrwxr-x  1 nobody users  427 Aug  5 20:44 openvpncnode*
-rwxrwxr-x  1 nobody users  415 Aug  5 20:44 ovpnpasswd*
-rwxrwxr-x  1 nobody users  391 Aug  5 20:44 sa*
-rwxrwxr-x  1 nobody users  400 Aug  5 20:44 sacli*
-rwxrwxr-x  1 nobody users  409 Aug  5 20:44 signtool*
-rwxrwxr-x  1 nobody users  281 Aug  5 20:44 sqlite3*
-rwxrwxr-x  1 nobody users  421 Aug  5 20:44 sshrpc_agent*
-rwxrwxr-x  1 nobody users  421 Aug  5 20:44 ucarp_active*
-rwxrwxr-x  1 nobody users  424 Aug  5 20:44 ucarp_standby*
-rwxrwxr-x  1 nobody users  427 Aug  5 20:44 update_as_conf*
-rwxrwxr-x  1 nobody users  424 Aug  5 20:44 update_va_ver*
-rwxrwxr-x  1 nobody users  406 Aug  5 20:44 userdba*
-rwxrwxr-x  1 nobody users  394 Aug  5 20:44 web*

 

Link to comment

Ran the command here are the results:

 

root@BennySRV:/mnt/user/Config/openvpn-as/scripts# ls -la
total 140
drwxrwxrwx 1 nobody users 4096 Oct  7 17:24 ./
drwxrwxrwx 1 nobody users  201 Oct 10 15:15 ../
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 authcli*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 bridge*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 certool*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 confdba*
-rwxrwxr-x 1 nobody users 2737 Oct  7 17:24 db-update-1.8*
-rwxrwxr-x 1 nobody users  400 Oct  7 17:24 dbcvt*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 dnscli*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 dnsfo_active*
-rwxrwxr-x 1 nobody users  424 Oct  7 17:24 dnsfo_standby*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 iosvod*
-rwxrwxr-x 1 nobody users  400 Oct  7 17:24 liman*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 logdba*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 mandep*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 netinfo*
-rwxrwxr-x 1 nobody users  412 Oct  7 17:24 openvpnas*
-rwxrwxr-x 1 nobody users  454 Oct  7 17:24 openvpnas_deferred_init*
-rwxrwxr-x 1 nobody users  439 Oct  7 17:24 openvpnas_gen_init*
-rwxrwxr-x 1 nobody users  466 Oct  7 17:24 openvpnas_gen_init_deferred*
-rwxrwxr-x 1 nobody users  436 Oct  7 17:24 openvpnas_gen_pam*
-rwxrwxr-x 1 nobody users  415 Oct  7 17:24 openvpncc*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 openvpncdisp*
-rwxrwxr-x 1 nobody users  427 Oct  7 17:24 openvpncnode*
-rwxrwxr-x 1 nobody users  415 Oct  7 17:24 ovpnpasswd*
-rwxrwxr-x 1 nobody users  391 Oct  7 17:24 sa*
-rwxrwxr-x 1 nobody users  400 Oct  7 17:24 sacli*
-rwxrwxr-x 1 nobody users  409 Oct  7 17:24 signtool*
-rwxrwxr-x 1 nobody users  281 Oct  7 17:24 sqlite3*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 sshrpc_agent*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 ucarp_active*
-rwxrwxr-x 1 nobody users  424 Oct  7 17:24 ucarp_standby*
-rwxrwxr-x 1 nobody users  427 Oct  7 17:24 update_as_conf*
-rwxrwxr-x 1 nobody users  424 Oct  7 17:24 update_va_ver*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 userdba*
-rwxrwxr-x 1 nobody users  394 Oct  7 17:24 web*

 

Somewhat different error in log:

 

/config/scripts/openvpnas: line 11: /config/bin/python: Permission denied

Link to comment

Ran the command here are the results:

 

root@BennySRV:/mnt/user/Config/openvpn-as/scripts# ls -la
total 140
drwxrwxrwx 1 nobody users 4096 Oct  7 17:24 ./
drwxrwxrwx 1 nobody users  201 Oct 10 15:15 ../
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 authcli*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 bridge*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 certool*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 confdba*
-rwxrwxr-x 1 nobody users 2737 Oct  7 17:24 db-update-1.8*
-rwxrwxr-x 1 nobody users  400 Oct  7 17:24 dbcvt*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 dnscli*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 dnsfo_active*
-rwxrwxr-x 1 nobody users  424 Oct  7 17:24 dnsfo_standby*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 iosvod*
-rwxrwxr-x 1 nobody users  400 Oct  7 17:24 liman*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 logdba*
-rwxrwxr-x 1 nobody users  403 Oct  7 17:24 mandep*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 netinfo*
-rwxrwxr-x 1 nobody users  412 Oct  7 17:24 openvpnas*
-rwxrwxr-x 1 nobody users  454 Oct  7 17:24 openvpnas_deferred_init*
-rwxrwxr-x 1 nobody users  439 Oct  7 17:24 openvpnas_gen_init*
-rwxrwxr-x 1 nobody users  466 Oct  7 17:24 openvpnas_gen_init_deferred*
-rwxrwxr-x 1 nobody users  436 Oct  7 17:24 openvpnas_gen_pam*
-rwxrwxr-x 1 nobody users  415 Oct  7 17:24 openvpncc*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 openvpncdisp*
-rwxrwxr-x 1 nobody users  427 Oct  7 17:24 openvpncnode*
-rwxrwxr-x 1 nobody users  415 Oct  7 17:24 ovpnpasswd*
-rwxrwxr-x 1 nobody users  391 Oct  7 17:24 sa*
-rwxrwxr-x 1 nobody users  400 Oct  7 17:24 sacli*
-rwxrwxr-x 1 nobody users  409 Oct  7 17:24 signtool*
-rwxrwxr-x 1 nobody users  281 Oct  7 17:24 sqlite3*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 sshrpc_agent*
-rwxrwxr-x 1 nobody users  421 Oct  7 17:24 ucarp_active*
-rwxrwxr-x 1 nobody users  424 Oct  7 17:24 ucarp_standby*
-rwxrwxr-x 1 nobody users  427 Oct  7 17:24 update_as_conf*
-rwxrwxr-x 1 nobody users  424 Oct  7 17:24 update_va_ver*
-rwxrwxr-x 1 nobody users  406 Oct  7 17:24 userdba*
-rwxrwxr-x 1 nobody users  394 Oct  7 17:24 web*

 

Somewhat different error in log:

 

/config/scripts/openvpnas: line 11: /config/bin/python: Permission denied

 

Not really, same error message, different file and directory.  Same problem.  Might be easier for you to set it up from scratch.  Your perms are buggered.

Link to comment

I was afraid you would say that, the setup for this guy isn't the most intuitive.  I'll have to remember all the different steps and screens I went to in order to make this work.

 

Where is the config file located so I can replicate settings?

 

I don't think there is a discrete config file.  You could recursively change all the permissions in the config folder.  Just let me check mine and see if there's a pattern.

 

EDIT:  Permissions are wildly different across the files and thinking about it, it's not the kind of application where you want elevated perms where they shouldn't be.  Looks like there are some config files in /config/etc/

Link to comment
  • 2 weeks later...

Hey :)

 

I have an idea, and hope it can be done, but it is possible that you can make it so that every time the server starts / updates then it make a random admin password.

And write the password in the log file?

 

So you do not have to write, docker exec -it openvpn-as passwd admin "your password" each time it updates, so it just make a random admin password itself?

Link to comment

Hey :)

 

I have an idea, and hope it can be done, but it is possible that you can make it so that every time the server starts / updates then it make a random admin password.

And write the password in the log file?

 

So you do not have to write, docker exec -it openvpn-as passwd admin "your password" each time it updates, so it just make a random admin password itself?

Personally, I wouldn't want anything anywhere logging my password

 

Why not just make a user script for the user.scripts plugin composed of that command.  One click and you're done.

Link to comment

Hey :)

 

I have an idea, and hope it can be done, but it is possible that you can make it so that every time the server starts / updates then it make a random admin password.

And write the password in the log file?

 

So you do not have to write, docker exec -it openvpn-as passwd admin "your password" each time it updates, so it just make a random admin password itself?

Personally, I wouldn't want anything anywhere logging my password

 

Why not just make a user script for the user.scripts plugin composed of that command.  One click and you're done.

 

It was just to get away from the default password, which is all too easy to get into someone else's vpn if they have had an update and forgot to change the default password.

 

"Why not just make a user script for the user.scripts plugin composed of that command.  One click and you're done."

I wish I knew how, but I'm wayyyyy too new to unraid and coding ;P

 

 

Link to comment

Hey :)

 

I have an idea, and hope it can be done, but it is possible that you can make it so that every time the server starts / updates then it make a random admin password.

And write the password in the log file?

 

So you do not have to write, docker exec -it openvpn-as passwd admin "your password" each time it updates, so it just make a random admin password itself?

 

Why not just create a new user which is admin, and delete the default admin user? Is it recreated upon updates of this container, or did i miss something?

Link to comment

I've added Duo Security for Two-Factor Authentication when using this container. They have a free user tier which allows < 10 users.

 

It will basically send a push request / sms to your mobile phone as an extra confirmation when logging in from the Web Interface (for those who have this exposed to the internet). I've followed the steps described here https://duo.com/docs/openvpn and modified them a bit.

 

[*]download and edit duo_openvpn_as.py with secret key etc as described in the link

[*]move duo_openvpn_as.py to /mnt/cache/appdata/openvpn-as/scripts

[*]docker exec -it openvpn-as /bin/bash

[*]chmod a+x /config/scripts/duo_openvpn_as.py

[*]/config/scripts/sacli -a <admin_user> -k auth.module.post_auth_script --value_file=/config/scripts/duo_openvpn_as.py ConfigPut

[*]/config/scripts/sacli -a <admin_user> Reset

[*]Restart the container

 

Now you have 2FA for logins.

 

index.php?action=dlattach;topic=43317.0;attach=40568;image

 

Write "push", "sms", "phone" and click connect, and you will receive a 2FA.

2fa_openvpn.png.3215e708054bf6aece41ad812255b2d6.png

Link to comment

Hey :)

 

I have an idea, and hope it can be done, but it is possible that you can make it so that every time the server starts / updates then it make a random admin password.

And write the password in the log file?

 

So you do not have to write, docker exec -it openvpn-as passwd admin "your password" each time it updates, so it just make a random admin password itself?

 

Why not just create a new user which is admin, and delete the default admin user? Is it recreated upon updates of this container, or did i miss something?

 

 

Hey  thomast_88  :)

 

Yes, I have a different user which is admin, but even if you delete the admin user, it will come back after you've made an update to the docker. With the default user (admin) and passwords (passwords) but remember the other uses that are made.

 

(

To change the password (recommended) do

docker exec -it openvpn-as passwd admin (You will have to repeat this step if you update or reinstall this container)

)

Link to comment

hmmm I just tonight told it to update from the Docker tab. I take I just need to delete the whole thing?

 

So I removed the container and the image. Repulled from CA and I'm still looking at 2.1.2

 

Would it be because I reused my appdata folder without emptying it?

 

EDIT: [sigh] yup that was it. cleared out appdata. I'm sure somewhere in this thread it is mentioned.

Link to comment

hmmm I just tonight told it to update from the Docker tab. I take I just need to delete the whole thing?

 

So I removed the container and the image. Repulled from CA and I'm still looking at 2.1.2

 

Would it be because I reused my appdata folder without emptying it?

 

EDIT: [sigh] yup that was it. cleared out appdata. I'm sure somewhere in this thread it is mentioned.

 

I seem to have the same issue.  Did you erase the appdata openvpn folder and start over fresh? I have all my devices setup and would hate to have to recreate it all.

 

Thanks

Link to comment

So I have been trying to set up OpenVPN-as on my unraid server, and I keep getting this error when I try to start the OpenVPN server:

 

process started and then immediately exited: ['Sun Jan 29 10:21:33 2017 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)']

service failed to start or returned error status

 

I attached some screen grabs if that helps.  BTW, I took out the forward facing subdomain just for security sakes.  The one in the screen grab is not the real address.

Screen_Shot_2017-01-29_at_10_25.11_AM.png.76b03405ffda04586665f752fff589b8.png

Link to comment

hmmm I just tonight told it to update from the Docker tab. I take I just need to delete the whole thing?

 

So I removed the container and the image. Repulled from CA and I'm still looking at 2.1.2

 

Would it be because I reused my appdata folder without emptying it?

 

EDIT: [sigh] yup that was it. cleared out appdata. I'm sure somewhere in this thread it is mentioned.

 

I seem to have the same issue.  Did you erase the appdata openvpn folder and start over fresh? I have all my devices setup and would hate to have to recreate it all.

 

Thanks

 

Yes that is what I had to do. I only have one user and two devices so I wasn't too concerned about retaining settings. You might get away with just moving the bin folder out of there and see if it recreates correctly. Or go the other way and start with a fresh appdata folder and then can you import your device connection settings?

Link to comment

hmmm I just tonight told it to update from the Docker tab. I take I just need to delete the whole thing?

 

So I removed the container and the image. Repulled from CA and I'm still looking at 2.1.2

 

Would it be because I reused my appdata folder without emptying it?

 

EDIT: [sigh] yup that was it. cleared out appdata. I'm sure somewhere in this thread it is mentioned.

 

I seem to have the same issue.  Did you erase the appdata openvpn folder and start over fresh? I have all my devices setup and would hate to have to recreate it all.

 

Thanks

 

Yes that is what I had to do. I only have one user and two devices so I wasn't too concerned about retaining settings. You might get away with just moving the bin folder out of there and see if it recreates correctly. Or go the other way and start with a fresh appdata folder and then can you import your device connection settings?

 

I decided to go ahead start fresh and wipe it all out.  Thank you for replying. Its working fine.

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.