wgstarks Posted April 15, 2017 Share Posted April 15, 2017 8 minutes ago, griff1984 said: Thanks for your reply... The only thing im running on my router is a DDNS tracker with a host name that openvpn is using on Unraid and a single port forwarding option for openvpn on my unraid machine... My router doesnt have an openvpn option on the router, only the new routers seem to have it. I guess i need to buy a new router!! So i'm a bit unsure of which way to proceed really.... My set up seems to work in regards of being to connect to openvpn using my phones network, giving me access to dockers via their various ports but not the actual Web GUI. Now i'm unsure whether or not i've got the whole thing configured correctly in the first place, i want it to be as secure as possible! The OpenVPN forum might be the best place to get answers if it's not a configuration issue. Maybe even if it is, who knows? I think I would at least give that a shot as well. Quote Link to comment
griff1984 Posted April 15, 2017 Share Posted April 15, 2017 okay, i try there now. Thanks for your help! Quote Link to comment
strike Posted April 15, 2017 Share Posted April 15, 2017 @griff1984 try unraidip:80 does that work? If not, go to the openvpn admin webui vpn settings->Routing make sure "yes, using NAT is enabled, then add your unraidip in the box there,save,update,restart docker and try again. Quote Link to comment
griff1984 Posted April 15, 2017 Share Posted April 15, 2017 Strike!! Awesome! Thats worked! So i can now go on my WebGUI by just typing in my ip address, just like if i was at home on the network... ONLY PROBLEM... All my dockers ip addresses has just stopped working... whereas before; ip:8282 would have opened Sonarr, now nothing happens! Any ideas?! So close! Quote Link to comment
strike Posted April 15, 2017 Share Posted April 15, 2017 You're using the unraidip:"dockerport" right? What happens if you open the docker webui from the unraid webui? Quote Link to comment
griff1984 Posted April 15, 2017 Share Posted April 15, 2017 Yep. So i always used my unraidip:8383 (the port its been assigned in the docker settings) and its always worked. I just changed my VPN settings on my openvpn settings to what you said; Should VPN clients have access to private subnets (non-public networks on the server side)? Yes, using NAT Specify the private subnets to which all clients should be given access (as 'network/netmask_bits', one per line): Myunraidip So internally, on the network itself, the ports all still work and all the dockers and plex still loads with these new settings. But when i use Openvpn connect on my android (ie connecting externally), the Webgui is now working (Finally!!!) but all my docker ports have stopped working. I tried using my new found ability of using the WebGui to open up the dockers but it still doesnt work.... Any thoughts? Quote Link to comment
strike Posted April 15, 2017 Share Posted April 15, 2017 (edited) Hmm, weird.. Been a while since I used the openvpn docker. I don't know if it makes a difference but try instead of your unraidip add the whole subnet, if your unraidip is 192.168.1.xxx add 192.168.1.0/24 in that box,update and restart the docker and try again. And when you try again try to open the webui from the unraid webui first before you try the direct ip:port Edit: And yeah, clear your browser cache on your phone or whatever you're using to browse with. Edited April 15, 2017 by strike Quote Link to comment
griff1984 Posted April 15, 2017 Share Posted April 15, 2017 Okay so I've done what you've suggested, put exactly 192.168.1.0/24 into the box and nothing seemed to change, the web gui still worked but no Dockers... Until... I tried my plex media server and it worked! Looked at the settings of that compared to the others and the difference to that docker is it has network type as host and privilege as on. Others are on network type bridge and privilege off! Tried changing the Dockers that didn't work to network type host and it works!! So my question is now, why? And should those settings actually be on host and privilege on (changing the privilege didn't do anything by the way)? As much as I'm pleased it's now working and I want it to work I don't want to sacrifice any security issues further on down the line.Can you shed any light on this? thanks so much for helping! Quote Link to comment
strike Posted April 15, 2017 Share Posted April 15, 2017 I don't understand why it works when you changed the network type, it shouldn't matter to openvpn, but hey as long as it works! If the Bridge type is selected, the docker's network access will be restricted to only communicating on the ports specified in the docker settings If the Host type is selected, the docker will be given access to communicate using any port on the host that isn’t already mapped to another in-use docker. I personally like to use bridge on all my dockers so I can map the ports myself. There shouldn't be any security issues "down the line" openvpn is a secure way to connect to your home network. The only thing I would suggest is changing the ip in the routing section back to the unraid ip, and if you wish to have access to other devices in your home network just add those when you need it. As you added the whole subnet in your last change you can now have access to every device in your home network. But you should restrict access only to the devices you need for security purposes in case your certificates gets in the wrong hands somehow.. Quote Link to comment
CHBMB Posted April 15, 2017 Share Posted April 15, 2017 4 hours ago, In0cenT said: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="openvpn-as" --net="bridge" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "PGID"="100" -e "PUID"="99" -e "INTERFACE"="bond0" -p 943:943/tcp -v "/mnt/cache/appdata/openvpn-as":"/config":rw linuxserver/openvpn-as 8f850d6227c96c18ae8b76c193380870c7cbfcb6b294cc58447458ef1c14fa6e The command finished successfully! Logs: Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... dpkg-query: package 'tzdata' is not installed and no information is available Use dpkg --info (= dpkg-deb --info) to examine archive files, and dpkg --contents (= dpkg-deb --contents) to list their contents. /usr/sbin/dpkg-reconfigure: tzdata is not installed [cont-init.d] 20-time: exited 1. [cont-init.d] 30-config: executing... [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... MOD Default {} {} MOD Default {} {} MOD Default {} {} MOD Default {} {} [cont-init.d] 50-interface: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Thanks for your help! Change networking back to host, delete /mnt/cache/appdata/openvpn-as and remove docker image and container. Then try again. Quote Link to comment
huntjules Posted May 2, 2017 Share Posted May 2, 2017 Hello. My question is around having OpenVPN retain/save user credentials and passwords if upgraded or re-image the config folder please? As every time I upgrade the OpenVPN docker, I need to SSH into tower and re-type in all the user credentials as OpenVPN doesn't retain the info - Any guidance appreciated. Quote Link to comment
strike Posted May 3, 2017 Share Posted May 3, 2017 From the readme For user accounts to be persistent, switch the "Authentication" in the webui from "PAM" to "Local" and then set up the user accounts with their passwords. Don't remember if it works on the admin user but it works on normal users. 1 Quote Link to comment
aptalca Posted May 3, 2017 Share Posted May 3, 2017 Don't remember if it works on the admin user but it works on normal users. Not for the admin user, but works on the vpn client users 1 Quote Link to comment
thegeneral Posted May 6, 2017 Share Posted May 6, 2017 (edited) I try to get into the WEB UI and i get this error This site can’t be reached Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_REFUSED 2017-05-06 16:34:57-0400 [-] Log opened. 2017-05-06 16:34:57-0400 [-] twistd 9.0.0 (/config/bin/python 2.7.11) starting up. 2017-05-06 16:34:57-0400 [-] reactor class: twisted.internet.epollreactor.EPollReactor. 2017-05-06 16:34:57-0400 [-] rmdir /config/etc/db_push 2017-05-06 16:34:58-0400 [-] ACCESS SERVER starting, version=2.1.4b 2017-05-06 16:34:58-0400 [-] Max open files set to (4096, 4096) 2017-05-06 16:34:59-0400 [-] /etc/resolv.conf changed, reparsing 2017-05-06 16:34:59-0400 [-] Resolver added ('192.168.1.1', 53) to server list 2017-05-06 16:35:01-0400 [-] twisted.web.server.Site starting on "u'/openvpn/sock/sagent'" 2017-05-06 16:35:01-0400 [-] twisted.web.server.Site starting on "u'/openvpn/sock/sagent.localroot'" 2017-05-06 16:35:01-0400 [-] twisted.web.server.Site starting on "u'/openvpn/sock/sagent.api'" 2017-05-06 16:35:01-0400 [-] LOCAL_ADDR eth0 : bad local address name or interface is not up; must be 'all', 'localhost', a local IP address, or an interface name: util/cdict:298,net/net:449,net/net:527,sagent/sagent_entry:14,sagent/sagent_entry:11,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1175,internet/base:779,util/defer:195,svc/svc:484,svc/svc:345,svc/svc:318,svc/svc:801,sagent/vpnsvc:47,sagent/vpnconfig:130,sagent/vpnconfig:138,sagent/vpnconfig:122,util/cdict:330,util/cdict:322,util/cdict:282,util/cdict:191,sagent/vpnconfig:23,util/cdict:330,util/cdict:322,util/cdict:298,net/net:449,net/net:527,util/error:61,util/error:44 (vpn.daemon.0.listen.ip_address) (vpn.daemon.0.listen) 2017-05-06 16:35:01-0400 [-] LOCAL_ADDR eth0 : bad local address name or interface is not up; must be 'all', 'localhost', a local IP address, or an interface name: util/cdict:298,net/net:449,net/net:527,util/daemon:28,util/daemon:69,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1175,internet/base:779,util/defer:195,svc/svc:484,svc/svc:378,svc/svc:448,svc/svc:457,svc/svc:318,svc/svc:801,sagent/vpnsvc:47,sagent/vpnconfig:130,sagent/vpnconfig:138,sagent/vpnconfig:122,util/cdict:330,util/cdict:322,util/cdict:282,util/cdict:191,sagent/vpnconfig:23,util/cdict:330,util/cdict:322,util/cdict:298,net/net:449,net/net:527,util/error:61,util/error:44 (vpn.daemon.0.listen.ip_address) (vpn.daemon.0.listen) 2017-05-06 16:35:01-0400 [-] OpenVPNDataDir: using shared dir: '/run/openvpn_as/tmp' 2017-05-06 16:35:01-0400 [-] OpenVPNDataDir: using shared dir: '/run/openvpn_as/dev' 2017-05-06 16:35:01-0400 [-] /bin/mknod -m 0666 /run/openvpn_as/dev/null c 1 3 2017-05-06 16:35:01-0400 [-] /bin/mknod -m 0666 /run/openvpn_as/dev/random c 1 8 2017-05-06 16:35:01-0400 [-] /bin/mknod -m 0444 /run/openvpn_as/dev/urandom c 1 9 2017-05-06 16:35:03-0400 [-] *** MyError.report *** 2017-05-06 16:35:03-0400 [-] Stack Traceback 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/svc/svc.py', 631, '_walk', None) 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/cqsvc.py', 185, 'start', None) 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 138, 'daemon_dict', None) 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 123, 'server_daemon_parms', None) 2017-05-06 16:35:03-0400 [-] 'ip_address': svc/svc:631,sagent/cqsvc:185,sagent/vpnconfig:138,sagent/vpnconfig:123 (exceptions.KeyError) 2017-05-06 16:35:03-0400 [-] *** MyError.report *** 2017-05-06 16:35:03-0400 [-] Stack Traceback 2017-05-06 16:35:03-0400 [-] ('/config/lib/python2.7/site-packages/Twisted-9.0.0-py2.7-linux-x86_64.egg/twisted/internet/defer.py', 323, '_runCallbacks', 'self.result = callback(self.result, *args, **kw)') 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/ipts.py', 145, 'parse_validate', None) 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/iptvpn.py', 139, 'parse_validate', None) 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 248, 'daemon_dict_port_forward', None) 2017-05-06 16:35:03-0400 [-] ('build/bdist.linux-x86_64/egg/pyovpn/sagent/vpnconfig.py', 123, 'server_daemon_parms', None) 2017-05-06 16:35:03-0400 [-] Service deferred error: 'ip_address': internet/defer:323,sagent/ipts:145,sagent/iptvpn:139,sagent/vpnconfig:248,sagent/vpnconfig:123 (exceptions.KeyError) 2017-05-06 16:35:03-0400 [-] Server agent initialization failed (1/6 attempts) because the following network resources are unavailable: set(['eth0']) Edited May 6, 2017 by thegeneral Quote Link to comment
CHBMB Posted May 6, 2017 Share Posted May 6, 2017 docker run command and what address you trying to access? Quote Link to comment
thegeneral Posted May 7, 2017 Share Posted May 7, 2017 2 hours ago, CHBMB said: docker run command and what address you trying to access? i have tried https://192.168.1.5:943/ https://tower:943/ and what do you mean by docker run command? kind of new to this. Quote Link to comment
CHBMB Posted May 7, 2017 Share Posted May 7, 2017 1 minute ago, thegeneral said: i have tried https://192.168.1.5:943/ https://tower:943/ and what do you mean by docker run command? kind of new to this. First of all, read the readme. Tells you which address to go to. Docker run command from the link in my signature. Quote Link to comment
thegeneral Posted May 7, 2017 Share Posted May 7, 2017 1 minute ago, CHBMB said: First of all, read the readme. Tells you which address to go to. Docker run command from the link in my signature. i went to the correct address it just tells me This site can’t be reached 192.168.1.5 refused to connect. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_REFUSED docker run command Command: root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name="openvpn-as" --net="host" --privileged="true" -e TZ="America/New_York" -e HOST_OS="unRAID" -e "TCP_PORT_943"="943" -e "TCP_PORT_9443"="9443" -e "UDP_PORT_1194"="1194" -e "PGID"="100" -e "PUID"="99" -v "/mnt/user/appdata/openvpn-as":"/config":rw linuxserver/openvpn-as b61c2daba6ddc74c9a509c27616a9513e56af0ad80c62639f7fa1a15f9494316 The command finished successfully! Quote Link to comment
CHBMB Posted May 7, 2017 Share Posted May 7, 2017 Sure you went to the right address? Quote The admin interface is available at https://<ip>:943/admin You didn't specify admin to start with. Quote Link to comment
thegeneral Posted May 7, 2017 Share Posted May 7, 2017 2 minutes ago, CHBMB said: Sure you went to the right address? You didn't specify admin to start with. true but i tried here is a screenshot Quote Link to comment
CHBMB Posted May 7, 2017 Share Posted May 7, 2017 Ok, post me a copy of your screen as shown in settings => network settings Quote Link to comment
thegeneral Posted May 7, 2017 Share Posted May 7, 2017 3 minutes ago, CHBMB said: Ok, post me a copy of your screen as shown in settings => network settings Quote Link to comment
CHBMB Posted May 7, 2017 Share Posted May 7, 2017 Edit your template, add a variable INTERFACE and specify bond0 You're using a bonded NIC not eth0 https://github.com/linuxserver/docker-openvpnas#parameters 1 Quote Link to comment
thegeneral Posted May 7, 2017 Share Posted May 7, 2017 5 minutes ago, CHBMB said: Edit your template, add a variable INTERFACE and specify bond0 You're using a bonded NIC not eth0 https://github.com/linuxserver/docker-openvpnas#parameters thanks man that worked. Quote Link to comment
grout58 Posted May 7, 2017 Share Posted May 7, 2017 Hey guys, i'm having the same issue thegeneral was having. I've setup a variable named INTERFACE and set it to bond0, I even tried br0. Any help would be super appreciated. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.