[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

I have followed the Video guide here:

 

This also do double check steps. Creating an Admin password and logging in and chaging settings works fine.

 

However, I have, as shown in the video, also created a new user. (around 7:10)

But I cannot login with it afterwards as shown in the video. (around 8:55)

I set the dropdownmenu to Login instead of Connect aswell, as shown in the video.

 

Is there something that has changed since this video was created, that requires my attention in order to log in with the newly created user(s)? :)

Link to comment

I believe you are refering to these steps, to be exact:

https://github.com/linuxserver/docker-openvpnas#setting-up-the-application

 

 

What I did/try to do:

Under Authentication > General change from Local to PAM, and back from PAM to Local again. (It was already on Local for some reason)

 

Then deleted user(s) in de webgui. (And SSH, userdel)

Then continued to add users under SSH and then add then in the webgui.

 

I am un able to remove the admin user in the webgui. (As the steps on GitHub mention)

So I deleted the admin user via SSH, userdel. (not webgui...)

 

Modified the "as.conf" under "/appdata/openvpn-as/etc" and commeted the "boot_pam_users.0=admin" line by putting a hashtag in front of it.

 

 

 

But, as you probably guessed by now, I am still unable to log in with my newly created user(s). (Login failed, both Login and Connect)

I am using Linuxserver's OpenVPN-as, but there seem to be differences, even in the GitHub guide, or is it just me?

 

Any more info I can provide to help solve this issue? :)

  • Upvote 1
Link to comment

With the most recent version you shouldn't need to use PAM at all. Just login the first time with the default admi/password. Create a new user with admin privileges in the webgui. Logout of the default admin account. Log back in with the new user credentials you just created just to test it. Make the change to as.conf. I believe you shouldn't need SSH at all.

 

If this doesn't work you can attach your logs to your next post. Be sure to redact users and passwords. I'm sure one of the gurus here will be able to figure it out.

Link to comment
2 hours ago, wgstarks said:

The docker was just modified last week. Perhaps @gridrunner might update his video since the installation now has some significant changes. Much easier setup IMHO.

Indeed seems to be much easier, not that I had any problems the way I had to set it up according to the video. (... Well, you know what I mean)

 

Gridrunner's video still holds value regarding to the SSL setup, the basics of it were a big help in applying it for myself under my own environment.

Link to comment
I believe you are refering to these steps, to be exact:
https://github.com/linuxserver/docker-openvpnas#setting-up-the-application
 
 
What I did/try to do:
Under Authentication > General change from Local to PAM, and back from PAM to Local again. (It was already on Local for some reason)
 
Then deleted user(s) in de webgui. (And SSH, userdel)
Then continued to add users under SSH and then add then in the webgui.
 
I am un able to remove the admin user in the webgui. (As the steps on GitHub mention)
So I deleted the admin user via SSH, userdel. (not webgui...)
 
Modified the "as.conf" under "/appdata/openvpn-as/etc" and commeted the "boot_pam_users.0=admin" line by putting a hashtag in front of it.
 
 
 
But, as you probably guessed by now, I am still unable to log in with my newly created user(s). (Login failed, both Login and Connect)
I am using Linuxserver's OpenVPN-as, but there seem to be differences, even in the GitHub guide, or is it just me?
 
Any more info I can provide to help solve this issue?
Please read my message three messages above yours.

No need to add users through ssh. No need to delete the admin user. No need to do anything through ssh anymore.

Follow the directions on docker hub or github. It really is super simple to set up. You guys are way over-complicating it.

With regards to switching authentication to pam and back to local, you don't need to do that either. With the latest update, new installs default to local authentication. If you update an older install, it may have been set to pam, in that case, change it to local. If it's already local, you're good to go.
Link to comment

Sorry aptalca, I could indeed have looked through the thread a little more before posting about the issue I had. I didn't expect it to be in the most recent posts, nor could I think of the right search terminology at that time.

 

However, wgstarks already pointed out the GitHub guide and how this docker was updated just last week, making some changes in the initial setup.

I did a clean installation of the docker and followed the guide from the GitHub page, everything went smoothly from there on. :)

 

Very happy with the docker!

Edited by Arndroid
Link to comment
10 minutes ago, CHBMB said:

Are you using a bonded nic?

Sent from my LG-H815 using Tapatalk
 

I didn't think I was but I checked and it was on. It must come enabled by default now? Sorry to waste your time! 

 

To clarify to n00bs like myself. Go to settings and network settings and switch off bonded if you're not using bonded (which is seems most people aren't)

Link to comment
On ‎8‎/‎22‎/‎2017 at 8:14 PM, daniel329 said:

Since it isn't addressed in the ReadMe - Can someone clarify if additional SSL setup is necessary for security per SpaceInvader's video? I don't have a good understanding of SSL but I want to be sure traffic is encrypted as I will be accessing financial documents via OpenVPN

 

I believe the additional steps in the video are merely cosmetic so that you don't get the warning about a bad/missing certificate. Its just so you know its a "trusted" site/connection.

 

I don't believe it affects the actual encrypted connection in any way.

Link to comment
3 hours ago, MowMdown said:

 

I believe the additional steps in the video are merely cosmetic so that you don't get the warning about a bad/missing certificate. Its just so you know its a "trusted" site/connection.

 

I don't believe it affects the actual encrypted connection in any way.

Thank-you both for the clarification!

Link to comment

I've added this to my setup recently, v easy to get going so thanks for providing it. 

 

I'm using a 2.4.3 openvpn client and I notice it complains about 

WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).'

This seems to be  https://community.openvpn.net/openvpn/wiki/SWEET32 

 

The container logs indicate this is a 2.3.17 server

 

2017-08-04 17:14:46+0100 [-] OVPN 0 OUT: 'Fri Aug  4 17:14:46 2017 OpenVPN 2.3.17 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 27 2017'

https://openvpn.net/index.php/open-source/downloads.html indicates this is the old stable version, 2.4.3 is the current stable and this seems to be the fix (e.g. picking some other random docker openvpn container - https://github.com/kylemanna/docker-openvpn/issues/267) .

 

I notice that your dependency is on https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html for ubuntu 16 and it's not immediately obvious how this relates to the openvpn version. Do you have a plan to close this gap?

 

Link to comment

We pull the Ubuntu version directly from the OpenVPN-AS site, as you've seen for Ubuntu 16 as the container is based on Xenial.

 

Unfortunately OpenVPN haven't yet themselves updated this binary to the latest stable version, so it may be worth posting on their github as this is an upstream issue, rather than with us.

 

https://openvpn.net/index.php/access-server/download-openvpn-as-sw/113.html?osfamily=Ubuntu

Link to comment
I can't find a public repo for openvpn-as & it seems they use a trac instance on their site instead of github for issues so I logged a support ticket.
Openvpn and openvpn-as are separate products. The first is the actual platform and the backend, and is open source. The second is a frontend server based on the first, but is not open source and is a commercial product.
Link to comment
On 8/21/2017 at 1:37 PM, Arndroid said:

Modified the "as.conf" under "/appdata/openvpn-as/etc" and commeted the "boot_pam_users.0=admin" line by putting a hashtag in front of it.

Thank you for this. I brain locked on where to find as.conf

 

LSIO, it might be worth updating the github instructions to add the "appdata/" bit

Link to comment

No comment from them on when they will upgrade openvpn-as to openvpn 2.4 but it seems it is not necessary anyway as the config options to avoid this are available now. They are described in https://sweet32.info/ as either a client side only option

reneg-bytes 64000000

Alternatively, if you control the server and client, then you can set on both the server and client config directives (via the Advanced VPN page)

cipher AES-256-CBC

It doesn't seem there is a way to set this via the cli or in config so I don't suppose there is anything you can do to set this in the container. I suppose you could add something to the setup docs though. 

 

FWIW further reading suggests to use a few other directives, namely to set server and client as follows for a reasonably hardened config

cipher AES-256-CBC
auth SHA512
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256

This seems to work fine for me.

 

The support guy also commented on the possibility of an attack via the embedded twisted web server which I'll just post here for reference

 

Quote

And if you are referring to sweet32 vulnerable cipher being used on the web services, then you can adjust the web services to disable any ciphers you don't want to use. Usually this means adding !3DES to the cipher suite string or such. 

This issue has nothing to do with version of OpenVPN at all.

The OpenVPN Access Server program has a built-in web server that is based on Twisted (Python) web server, but modified for enhanced security. Because the security on web servers in regards to SSL/TLS encryption is an area of encryption that constantly changes due to ongoing research into how to improve security and how to break older, less secure, encryption methods, we have made it possible to change the encryption scheme used into a custom set of ciphers.

In the Admin UI, under SSL Settings, there are 3 sections. The first is to select OpenSSL or PolarSSL, and we recommend the default; OpenSSL. Another is for the TLS level used by the OpenVPN daemons, by which the default is usually TLS 1.0 (default). We generally recommend that this is not changed unless you have a specific need to. This particular OpenVPN daemons setting does not affect the web services but it affects the VPN tunnels themselves. But the other setting, for the OpenVPN web services, does affect the web services. We recommend that this setting is TLS 1.0 or higher. Please choose your preferred setting here. What you prefer in general hinges on current recommendations on security and compatibility for web browsers. This changes with time. For example, there was a time when Internet Explorer 6 was widely used, and TLS 1.2 simply would not work on this, making it impossible for IE6 users to connect. As time passes, these older browsers are no longer used and more secure methods can be used. We advise that you look up recommendations online for the current state of security and compatibility for web browsers. Our recommendation is TLS 1.0 to be compatible and reasonably safe.

The web server also uses a cipher string. This cipher string is in OpenSSL standard format and defines which encryption methods for the web browser sessions are allowed or specifically disallowed. We do have a recommendation ourselves, but, again, as time passes, this will likely change. For example at some point 3DES was an acceptable cipher string, but now it is no longer, because a vulnerability has been found it that makes it possible to crack it. Not very easily so, but still possible, and thus the recommendation now is to disable this. Again we refer to resources online to look up recommendations on the current state of security and compatibility for web browsers. And if you are using a security program that scans for vulnerabilities and reports a specific cipher as undesirable, please look up in the OpenSSL documentation how to disable this in the cipher string, and then implement this change in the cipher string used by the Access Server.

Below links are for the OpenSSL cipher string documentation and our documentation on how to change the cipher string in the OpenVPN Access Server. The commands mentioned in our documentation are meant to be run on the OpenVPN Access Server operating system itself, as root user, in the /usr/local/openvpn_as/scripts/ folder.

https://www.openssl.org/docs/man1.0.2/apps/ciphers.html
https://docs.openvpn.net/docs/access-server/openvpn-access-server-command-line-tools.html#selecting-web-server-ciphersuites

 

 

Edited by mattkhan
Link to comment

I have used this openvpn docker for a while but recently when i installed on a new machine and i can not access the web ui

here is the the log.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ _ _
| |___| (_) ___
| / __| | |/ _ \
| \__ \ | | (_) |
|_|___/ |_|\___/
|_|

Brought to you by linuxserver.io
We gratefully accept donations at:
https://www.linuxserver.io/donations/
-------------------------------------
GID/UID
-------------------------------------
User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...

Current default time zone: 'America/Los_Angeles'
Local time is now: Mon Aug 28 19:15:04 PDT 2017.
Universal Time is now: Tue Aug 29 02:15:04 UTC 2017.

[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-openvpn-init: executing...
Detected an existing OpenVPN-AS configuration.
Continuing will delete this configuration and restart from scratch.
Please enter 'DELETE' to delete existing configuration:
OpenVPN Access Server
Initial Configuration Tool
------------------------------------------------------
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)

1. Copyright Notice: OpenVPN Access Server License;
Copyright (c) 2009-2013 OpenVPN Technologies, Inc.. All rights reserved.
"OpenVPN" is a trademark of OpenVPN Technologies, Inc.
2. Redistribution of OpenVPN Access Server binary forms and related documents,
are permitted provided that redistributions of OpenVPN Access Server binary
forms and related documents reproduce the above copyright notice as well as
a complete copy of this EULA.
3. You agree not to reverse engineer, decompile, disassemble, modify,
translate, make any attempt to discover the source code of this software,
or create derivative works from this software.
4. The OpenVPN Access Server is bundled with other open source software
components, some of which fall under different licenses. By using OpenVPN
or any of the bundled components, you agree to be bound by the conditions
of the license for each respective component. For more information, you can
find our complete EULA (End-User License Agreement) on our website
(http://openvpn.net), and a copy of the EULA is also distributed with the
Access Server in the file /usr/local/openvpn_as/license.txt.
5. This software is provided "as is" and any expressed or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. In no event shall
OpenVPN Technologies, Inc. be liable for any direct, indirect, incidental,
special, exemplary, or consequential damages (including, but not limited
to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of
liability, whether in contract, strict liability, or tort (including
negligence or otherwise) arising in any way out of the use of this
software, even if advised of the possibility of such damage.
6. OpenVPN Technologies, Inc. is the sole distributor of OpenVPN Access Server
licenses. This agreement and licenses granted by it may not be assigned,
sublicensed, or otherwise transferred by licensee without prior written
consent of OpenVPN Technologies Inc. Any licenses violating this provision
will be subject to revocation and deactivation, and will not be eligible
for refunds.
7. A purchased license entitles you to use this software for the duration of
time denoted on your license key on any one (1) particular device, up to
the concurrent user limit specified by your license. Multiple license keys
may be activated to achieve a desired concurrency limit on this given
device. Unless otherwise prearranged with OpenVPN Technologies, Inc.,
concurrency counts on license keys are not to be divided for use amongst
multiple devices. Upon activation of the first purchased license key in
this software, you agree to forego any free licenses or keys that were
given to you for demonstration purposes, and as such, the free licenses
will not appear after the activation of a purchased key. You are
responsible for the timely activation of these licenses on your desired
server of choice. Refunds on purchased license keys are only possible
within 30 days of purchase of license key, and then only if the license key
has not already been activated on a system. To request a refund, contact us
through our support ticket system using the account you have used to
purchase the license key. Exceptions to this policy may be given for
machines under failover mode, and when the feature is used as directed in
the OpenVPN Access Server user manual. In these circumstances, a user is
granted one (1) license key (per original license key) for use solely on
failover purposes free of charge. Other failover and/or load balancing use
cases will not be eligible for this exception, and a separate license key
would have to be acquired to satisfy the licensing requirements. To request
a license exception, please file a support ticket in the OpenVPN Access
Server ticketing system. A staff member will be responsible for determining
exception eligibility, and we reserve the right to decline any requests not
meeting our eligibility criteria, or requests which we believe may be
fraudulent in nature.
8. Activating a license key ties it to the specific hardware/software
combination that it was activated on, and activated license keys are
nontransferable. Substantial software and/or hardware changes may
invalidate an activated license. In case of substantial software and/or
hardware changes, caused by for example, but not limited to failure and
subsequent repair or alterations of (virtualized) hardware/software, our
software product will automatically attempt to contact our online licensing
systems to renegotiate the licensing state. On any given license key, you
are limited to three (3) automatic renegotiations within the license key
lifetime. After these renegotiations are exhausted, the license key is
considered invalid, and the activation state will be locked to the last
valid system configuration it was activated on. OpenVPN Technologies, Inc.
reserves the right to grant exceptions to this policy for license holders
under extenuating circumstances, and such exceptions can be requested
through a ticket via the OpenVPN Access Server ticketing system.
9. Once an activated license key expires or becomes invalid, the concurrency
limit on our software product will decrease by the amount of concurrent
connections previously granted by the license key. If all of your purchased
license key(s) have expired, the product will revert to demonstration mode,
which allows a maximum of two (2) concurrent users to be connected to your
server. Prior to your license expiration date(s), OpenVPN Technologies,
Inc. will attempt to remind you to renew your license(s) by sending
periodic email messages to the licensee email address on record. You are
solely responsible for the timely renewal of your license key(s) prior to
their expiration if continued operation is expected after the license
expiration date(s). OpenVPN Technologies, Inc. will not be responsible for
any misdirected and/or undeliverable email messages, nor does it have an
obligation to contact you regarding your expiring license keys.
10. Any valid license key holder is entitled to use our ticketing system for
support questions or issues specifically related to the OpenVPN Access
Server product. To file a ticket, go to our website at http://openvpn.net/
and sign in using the account that was registered and used to purchase the
license key(s). You can then access the support ticket system through our
website and submit a support ticket. Tickets filed in the ticketing system
are answered on a best-effort basis. OpenVPN Technologies, Inc. staff
reserve the right to limit responses to users of our demo / expired
licenses, as well as requests that substantively deviate from the OpenVPN
Access Server product line. Tickets related to the open source version of

OpenVPN will not be handled here.
11. Purchasing a license key does not entitle you to any special rights or
privileges, except the ones explicitly outlined in this user agreement.
Unless otherwise arranged prior to your purchase with OpenVPN Technologies,
Inc., software maintenance costs and terms are subject to change after your
initial purchase without notice. In case of price decreases or special
promotions, OpenVPN Technologies, Inc. will not retrospectively apply
credits or price adjustments toward any licenses that have already been
issued. Furthermore, no discounts will be given for license maintenance
renewals unless this is specified in your contract with OpenVPN
Technologies, Inc.

Please enter 'yes' to indicate your agreement [no]:
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.

Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) br0: 192.168.0.3
(3) docker0: 172.17.0.1
(4) virbr0: 192.168.122.1
(5) bond0: 192.168.0.3
(6) virbr0-nic: 192.168.122.1
Please enter the option number from the list above (1-6).
> Press Enter for default [2]:
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:
Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Use local authentication via internal DB?
> Press ENTER for default [no]:
Private subnets detected: ['192.168.0.0/24', '192.168.122.0/24', '172.17.0.0/16']

Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]:
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).

You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.

Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]:
> Specify the username for an existing user or for the new user account: Note: This user already exists.

> Please specify your OpenVPN-AS license key (or leave blank to specify later):

Initializing OpenVPN...
Adding new user login...
useradd -s /sbin/nologin "admin"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: UNDyllan
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating init scripts...
Generating PAM config...
Generating init scripts auto command...
Starting openvpnas...
Error: Could not execute server start.

[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
MOD Default {u'admin_ui.https.ip_address': u'all'} {u'admin_ui.https.ip_address': 'eth0'}
MOD Default {u'cs.https.ip_address': u'all'} {u'cs.https.ip_address': 'eth0'}
MOD Default {u'vpn.daemon.0.listen.ip_address': u'all'} {u'vpn.daemon.0.listen.ip_address': 'eth0'}
MOD Default {u'vpn.daemon.0.server.ip_address': u'all'} {u'vpn.daemon.0.server.ip_address': 'eth0'}
[cont-init.d] 50-interface: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

 

Link to comment
I have used this openvpn docker for a while but recently when i installed on a new machine and i can not access the web ui
here is the the log.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.[s6-init] ensuring user provided files have correct perms...exited 0.[fix-attrs.d] applying ownership & permissions fixes...[fix-attrs.d] done.[cont-init.d] executing container initialization scripts...[cont-init.d] 10-adduser: executing...-------------------------------------_ _ _| |___| (_) ___| / __| | |/ _ \| \__ \ | | (_) ||_|___/ |_|\___/|_|Brought to you by linuxserver.ioWe gratefully accept donations at:https://www.linuxserver.io/donations/-------------------------------------GID/UID-------------------------------------User uid: 99User gid: 100-------------------------------------[cont-init.d] 10-adduser: exited 0.[cont-init.d] 20-time: executing...Current default time zone: 'America/Los_Angeles'Local time is now: Mon Aug 28 19:15:04 PDT 2017.Universal Time is now: Tue Aug 29 02:15:04 UTC 2017.[cont-init.d] 20-time: exited 0.[cont-init.d] 30-config: executing...[cont-init.d] 30-config: exited 0.[cont-init.d] 40-openvpn-init: executing...Detected an existing OpenVPN-AS configuration.Continuing will delete this configuration and restart from scratch.Please enter 'DELETE' to delete existing configuration:OpenVPN Access ServerInitial Configuration Tool------------------------------------------------------OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)1. Copyright Notice: OpenVPN Access Server License;Copyright (c) 2009-2013 OpenVPN Technologies, Inc.. All rights reserved."OpenVPN" is a trademark of OpenVPN Technologies, Inc.2. Redistribution of OpenVPN Access Server binary forms and related documents,are permitted provided that redistributions of OpenVPN Access Server binaryforms and related documents reproduce the above copyright notice as well asa complete copy of this EULA.3. You agree not to reverse engineer, decompile, disassemble, modify,translate, make any attempt to discover the source code of this software,or create derivative works from this software.4. The OpenVPN Access Server is bundled with other open source softwarecomponents, some of which fall under different licenses. By using OpenVPNor any of the bundled components, you agree to be bound by the conditionsof the license for each respective component. For more information, you canfind our complete EULA (End-User License Agreement) on our website(http://openvpn.net), and a copy of the EULA is also distributed with theAccess Server in the file /usr/local/openvpn_as/license.txt.5. This software is provided "as is" and any expressed or implied warranties,including, but not limited to, the implied warranties of merchantabilityand fitness for a particular purpose are disclaimed. In no event shallOpenVPN Technologies, Inc. be liable for any direct, indirect, incidental,special, exemplary, or consequential damages (including, but not limitedto, procurement of substitute goods or services; loss of use, data, orprofits; or business interruption) however caused and on any theory ofliability, whether in contract, strict liability, or tort (includingnegligence or otherwise) arising in any way out of the use of thissoftware, even if advised of the possibility of such damage.6. OpenVPN Technologies, Inc. is the sole distributor of OpenVPN Access Serverlicenses. This agreement and licenses granted by it may not be assigned,sublicensed, or otherwise transferred by licensee without prior writtenconsent of OpenVPN Technologies Inc. Any licenses violating this provisionwill be subject to revocation and deactivation, and will not be eligiblefor refunds.7. A purchased license entitles you to use this software for the duration oftime denoted on your license key on any one (1) particular device, up tothe concurrent user limit specified by your license. Multiple license keysmay be activated to achieve a desired concurrency limit on this givendevice. Unless otherwise prearranged with OpenVPN Technologies, Inc.,concurrency counts on license keys are not to be divided for use amongstmultiple devices. Upon activation of the first purchased license key inthis software, you agree to forego any free licenses or keys that weregiven to you for demonstration purposes, and as such, the free licenseswill not appear after the activation of a purchased key. You areresponsible for the timely activation of these licenses on your desiredserver of choice. Refunds on purchased license keys are only possiblewithin 30 days of purchase of license key, and then only if the license keyhas not already been activated on a system. To request a refund, contact usthrough our support ticket system using the account you have used topurchase the license key. Exceptions to this policy may be given formachines under failover mode, and when the feature is used as directed inthe OpenVPN Access Server user manual. In these circumstances, a user isgranted one (1) license key (per original license key) for use solely onfailover purposes free of charge. Other failover and/or load balancing usecases will not be eligible for this exception, and a separate license keywould have to be acquired to satisfy the licensing requirements. To requesta license exception, please file a support ticket in the OpenVPN AccessServer ticketing system. A staff member will be responsible for determiningexception eligibility, and we reserve the right to decline any requests notmeeting our eligibility criteria, or requests which we believe may befraudulent in nature.8. Activating a license key ties it to the specific hardware/softwarecombination that it was activated on, and activated license keys arenontransferable. Substantial software and/or hardware changes mayinvalidate an activated license. In case of substantial software and/orhardware changes, caused by for example, but not limited to failure andsubsequent repair or alterations of (virtualized) hardware/software, oursoftware product will automatically attempt to contact our online licensingsystems to renegotiate the licensing state. On any given license key, youare limited to three (3) automatic renegotiations within the license keylifetime. After these renegotiations are exhausted, the license key isconsidered invalid, and the activation state will be locked to the lastvalid system configuration it was activated on. OpenVPN Technologies, Inc.reserves the right to grant exceptions to this policy for license holdersunder extenuating circumstances, and such exceptions can be requestedthrough a ticket via the OpenVPN Access Server ticketing system.9. Once an activated license key expires or becomes invalid, the concurrencylimit on our software product will decrease by the amount of concurrentconnections previously granted by the license key. If all of your purchasedlicense key(s) have expired, the product will revert to demonstration mode,which allows a maximum of two (2) concurrent users to be connected to yourserver. Prior to your license expiration date(s), OpenVPN Technologies,Inc. will attempt to remind you to renew your license(s) by sendingperiodic email messages to the licensee email address on record. You aresolely responsible for the timely renewal of your license key(s) prior totheir expiration if continued operation is expected after the licenseexpiration date(s). OpenVPN Technologies, Inc. will not be responsible forany misdirected and/or undeliverable email messages, nor does it have anobligation to contact you regarding your expiring license keys.10. Any valid license key holder is entitled to use our ticketing system forsupport questions or issues specifically related to the OpenVPN AccessServer product. To file a ticket, go to our website at http://openvpn.net/and sign in using the account that was registered and used to purchase thelicense key(s). You can then access the support ticket system through ourwebsite and submit a support ticket. Tickets filed in the ticketing systemare answered on a best-effort basis. OpenVPN Technologies, Inc. staffreserve the right to limit responses to users of our demo / expiredlicenses, as well as requests that substantively deviate from the OpenVPNAccess Server product line. Tickets related to the open source version ofOpenVPN will not be handled here.11. Purchasing a license key does not entitle you to any special rights orprivileges, except the ones explicitly outlined in this user agreement.Unless otherwise arranged prior to your purchase with OpenVPN Technologies,Inc., software maintenance costs and terms are subject to change after yourinitial purchase without notice. In case of price decreases or specialpromotions, OpenVPN Technologies, Inc. will not retrospectively applycredits or price adjustments toward any licenses that have already beenissued. Furthermore, no discounts will be given for license maintenancerenewals unless this is specified in your contract with OpenVPNTechnologies, Inc.Please enter 'yes' to indicate your agreement [no]:Once you provide a few initial configuration settings,OpenVPN Access Server can be configured by accessingits Admin Web UI using your Web browser.Will this be the primary Access Server node?(enter 'no' to configure as a backup or standby node)> Press ENTER for default [yes]:Please specify the network interface and IP address to beused by the Admin Web UI:(1) all interfaces: 0.0.0.0(2) br0: 192.168.0.3(3) docker0: 172.17.0.1(4) virbr0: 192.168.122.1(5) bond0: 192.168.0.3(6) virbr0-nic: 192.168.122.1Please enter the option number from the list above (1-6).> Press Enter for default [2]:Please specify the port number for the Admin Web UI.> Press ENTER for default [943]:Please specify the TCP port number for the OpenVPN Daemon> Press ENTER for default [443]:Should client traffic be routed by default through the VPN?> Press ENTER for default [yes]:Should client DNS traffic be routed by default through the VPN?> Press ENTER for default [yes]:Use local authentication via internal DB?> Press ENTER for default [no]:Private subnets detected: ['192.168.0.0/24', '192.168.122.0/24', '172.17.0.0/16']Should private subnets be accessible to clients by default?> Press ENTER for default [yes]:To initially login to the Admin Web UI, you must use ausername and password that successfully authenticates youwith the host UNIX system (you can later modify the settingsso that RADIUS or LDAP is used for authentication instead).You can login to the Admin Web UI as "openvpn" or specifya different user account to use for this purpose.Do you wish to login to the Admin UI as "openvpn"?> Press ENTER for default [yes]:> Specify the username for an existing user or for the new user account: Note: This user already exists.> Please specify your OpenVPN-AS license key (or leave blank to specify later):Initializing OpenVPN...Adding new user login...useradd -s /sbin/nologin "admin"Writing as configuration file...Perform sa init...Wiping any previous userdb...Creating default profile...Modifying default profile...Adding new user to userdb...Modifying new user as superuser in userdb...Getting hostname...Hostname: UNDyllanPreparing web certificates...Getting web user account...Adding web group account...Adding web group...Adjusting license directory ownership...Initializing confdb...Generating init scripts...Generating PAM config...Generating init scripts auto command...Starting openvpnas...Error: Could not execute server start.[cont-init.d] 40-openvpn-init: exited 0.[cont-init.d] 50-interface: executing...MOD Default {u'admin_ui.https.ip_address': u'all'} {u'admin_ui.https.ip_address': 'eth0'}MOD Default {u'cs.https.ip_address': u'all'} {u'cs.https.ip_address': 'eth0'}MOD Default {u'vpn.daemon.0.listen.ip_address': u'all'} {u'vpn.daemon.0.listen.ip_address': 'eth0'}MOD Default {u'vpn.daemon.0.server.ip_address': u'all'} {u'vpn.daemon.0.server.ip_address': 'eth0'}[cont-init.d] 50-interface: exited 0.[cont-init.d] done.[services.d] starting services[services.d] done.

 

No issues in the log. Are you sure it is listening on the correct interface? What address did you try to access?
Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.