deusxanime Posted November 1, 2017 Share Posted November 1, 2017 Not sure what happened, but I can no longer connect to my OpenVPN-AS container setup. I set up the container a couple months ago and have had no issues since, until now. I believe the last time I successfully connected remotely was late last week. If I remember correctly there was an update to the container over the weekend or recently that I applied. No errors showing in the docker/container log, but I can no longer connect using Windows client or from my Android phone, both of which used to work fine as I said. I've made no changes other than updating. I can access the web GUI page remotely (and on my LAN of course, along with the admin page), and it does seem to get the initial handshake, but times out connecting after about 60 seconds or so. Here's what I see in the ovpn log under my appdata directory when a client is trying to connect: 2017-11-01 16:14:10-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:14:10 2017 <IP>:34291 TLS: Initial packet from [AF_INET]<IP>:34291, sid=<sid>' 2017-11-01 16:14:10-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:14:10 2017 <IP>:34291 TLS Error: reading acknowledgement record from packet' ... repeat ~50 times 2017-11-01 16:15:09-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:09 2017 <IP>:45709 TLS Error: reading acknowledgement record from packet' 2017-11-01 16:15:10-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:10 2017 <IP>:34291 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)' 2017-11-01 16:15:10-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:10 2017 <IP>:34291 TLS Error: TLS handshake failed' 2017-11-01 16:15:10-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:10 2017 <IP>:34291 SIGUSR1[soft,tls-error] received, client-instance restarting' 2017-11-01 16:15:52-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:52 2017 <IP>:45709 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)' 2017-11-01 16:15:52-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:52 2017 <IP>:45709 TLS Error: TLS handshake failed' 2017-11-01 16:15:52-0500 [-] OVPN 32 OUT: 'Wed Nov 1 16:15:52 2017 <IP>:45709 SIGUSR1[soft,tls-error] received, client-instance restarting' Of course I'm going out of town this weekend and would ideally really want it to be working for that. Any thoughts or ideas on what broke? I've tried restarting the container, but no joy. Also tried reinstalling my Windows client using the msi installer off the web gui after logging in through there, which does at least let me login with my vpn credentials. Quote Link to comment
puma1824 Posted November 1, 2017 Share Posted November 1, 2017 On 10/19/2017 at 10:49 AM, thomast_88 said: I'm myself converting down to a single cache drive. Multiple drives is just too unstable for me (and for many other it seems). Even when balancing each day (!!). Is it possible to run raid1 cache with XFS on unraid? Or does it even make any sense? On 10/27/2017 at 8:57 AM, wirenut said: i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer. log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194 I tried restarting container, did not change. Is there something I need to change on my end as a result of the container update? 7 On 10/28/2017 at 10:12 AM, wgstarks said: Ok. New reply from OpenVPN-AS support- It looks like the upgrade procedure you followed broke the database. Try the following to reset the TLS settings: Go to Advanced VPN in the Admin UI. Disable the "Enable TLS authentication" option. Save settings. Update running servers. Enable the "Enable TLS authentication" option. Save settings. Update running servers. Now try again. This fixed the problem for me. @linuxserver.io Looks like updating the docker caused an incompatibility of the local database??? deusxanime try this ^ 3 2 Quote Link to comment
deusxanime Posted November 1, 2017 Share Posted November 1, 2017 (edited) @puma1824 Thanks for putting that info/procedure together for me, and so quickly. It worked great! Now able to connect from my phone. I'm at home so can't test from my laptop right now (well easily anyway, would have to start up a tethering session or something), but now that the phone is working I'm pretty confident it will. I'll probably give it a try remotely before taking off this weekend, but puts my mind at ease. Was a bit panic-y. =) Thanks again! edit: Btw, re-noticed the first quote you had there. Is this related to running a cache pool with mirroring? I've had trouble with cache mirroring and trying to run torrent containers, wonder if this is another ding on that setup. Might be getting time to convert back to single drive cache instead. Edited November 1, 2017 by deusxanime question on cache pool Quote Link to comment
wgstarks Posted November 1, 2017 Share Posted November 1, 2017 Not related to cache pools. https://forums.lime-technology.com/topic/41631-support-linuxserverio-openvpn-as/?do=findComment&comment=599197 Quote Link to comment
phbigred Posted November 2, 2017 Share Posted November 2, 2017 4 hours ago, puma1824 said: deusxanime try this ^ Fixed it for me, been driving me nuts for almost a week! Quote Link to comment
DZMM Posted November 2, 2017 Share Posted November 2, 2017 I've followed the video guide https://www.youtube.com/watch?v=I58LTMKyeYw and I can connect to my server 172.30.12.2 from my VPN server 172.30.12.2:943. The problem I'm having is I've moved my dockers to other IPs e.g. 172.30.12.80 doe nzbget and I can't connect to them via the VPN? Do I need to assign an IP for the VPN server e.g. 172.30.12.81 as well? Would this mean though that I won't be able to connect to my unraid server on 172.30.12.2? Or, is there another solution? Thanks Quote Link to comment
puma1824 Posted November 2, 2017 Share Posted November 2, 2017 6 minutes ago, DZMM said: I've followed the video guide https://www.youtube.com/watch?v=I58LTMKyeYw and I can connect to my server 172.30.12.2 from my VPN server 172.30.12.2:943. The problem I'm having is I've moved my dockers to other IPs e.g. 172.30.12.80 doe nzbget and I can't connect to them via the VPN? Do I need to assign an IP for the VPN server e.g. 172.30.12.81 as well? Would this mean though that I won't be able to connect to my unraid server on 172.30.12.2? Or, is there another solution? Thanks can you ping .80 when you're logged into VPN? Quote Link to comment
DieFalse Posted November 2, 2017 Share Posted November 2, 2017 On 10/29/2017 at 5:46 PM, aptalca said: I think the way they handle database changes is not optimal. The app itself should update the database (through proper versioning), not the installer. What if someone were to restore an older database that was backed up a few versions ago, do they have to install that old version and update through the installer? So I ran into this problem just after doing a full backup on the old version. Yay for changing a cache drive from 128gb ssd to 512gb ssd. I restored the DB thinking I had broke the DB in the cache swap however the issue still occurred. So you are correct in thinking this would not fix it. I tried to update the docker manually and it would not work. Only disabling the TLS and enabling it fixed it with the old DB usage. Updating the docker manually skipped over the db due to the previous docker upgrade. This is as far as I got. Quote Link to comment
puncho Posted November 2, 2017 Share Posted November 2, 2017 On 10/31/2017 at 4:25 AM, puma1824 said: Yeah, I followed his directions prior the upgrade and all WAS good. After the upgrade couldn't get the 2nd user setup like you when I tried to re-setup. Ok, good to know it's not on my end. Hope to figure it out soon Quote Link to comment
wgstarks Posted November 2, 2017 Share Posted November 2, 2017 23 minutes ago, puncho said: Ok, good to know it's not on my end. Hope to figure it out soon Have you followed the installation instructions linked in the OP under Setting up the application? I’m not sure if gridrunner has updated his video yet. It may be outdated. Quote Link to comment
puncho Posted November 3, 2017 Share Posted November 3, 2017 8 hours ago, wgstarks said: Have you followed the installation instructions linked in the OP under Setting up the application? I’m not sure if gridrunner has updated his video yet. It may be outdated. Thanks! Seems to have fixed it Quote Link to comment
Kash76 Posted November 5, 2017 Share Posted November 5, 2017 I am struggling with this container as it seems others are. I have local users created in the docker image by using 'docker exec -it openvpn-as adduser username', I set a password with 'docker exec -it openvpn-as passwd username', add the user as an admin, and I still cannot use any user except for admin. I have also commented out the line 'boot_pam_users'. What am I missing? Quote Link to comment
wgstarks Posted November 5, 2017 Share Posted November 5, 2017 33 minutes ago, Kash76 said: I am struggling with this container as it seems others are. I have local users created in the docker image by using 'docker exec -it openvpn-as adduser username', I set a password with 'docker exec -it openvpn-as passwd username', add the user as an admin, and I still cannot use any user except for admin. I have also commented out the line 'boot_pam_users'. What am I missing? Local users need to be set up via the admin UI. Follow the instructions linked in the OP. Scroll down to Setting up the application. Quote Link to comment
Kash76 Posted November 5, 2017 Share Posted November 5, 2017 I have. I created my user account as an admin, updated the server, and I don't see a way to delete the admin user. I never can login as my additional user. Not sure what I'm still doing wrong.Sent from my ONEPLUS A5000 using Tapatalk Quote Link to comment
digiblur Posted November 5, 2017 Share Posted November 5, 2017 I have. I created my user account as an admin, updated the server, and I don't see a way to delete the admin user. I never can login as my additional user. Not sure what I'm still doing wrong.Sent from my ONEPLUS A5000 using TapatalkI ran into the same issues going back and forth. Going to give it a go again tomorrow from scratch. Quote Link to comment
aptalca Posted November 5, 2017 Share Posted November 5, 2017 1 hour ago, Kash76 said: I have. I created my user account as an admin, updated the server, and I don't see a way to delete the admin user. I never can login as my additional user. Not sure what I'm still doing wrong. Sent from my ONEPLUS A5000 using Tapatalk It doesn't sound like you read the instructions. Don't add users through command line. You don't delete the admin account, you disable it. Start over fresh, read the instructions on github or docker hub. Quote Link to comment
wgstarks Posted November 5, 2017 Share Posted November 5, 2017 8 hours ago, digiblur said: I ran into the same issues going back and forth. Going to give it a go again tomorrow from scratch. If you start over with a new install and follow the instructions on docker hub you shouldn't have any problems. If you are attempting to use spaceinvader's video for this, you'll run into issues. The docker has been updated since the video was recorded so the video is good, but a little outdated. If you run into problems, just post a detailed description of what you did and which step of the instructions you can't get to work. Users here will be glad to help. Quote Link to comment
Devo-McDuff Posted November 5, 2017 Share Posted November 5, 2017 I'm running Docker and have 4 or 5 containers working very well but I'm struggling with this one. I can access the web admin page at https://10.53.53.5:943/admin/ but whenever I manually try to start the server service I get the error 'iptables service not started because of error (SVC_RUN_EXCEPT)' This is running on a Synology NAS so apologies for posting here but I've been trawling the net for answers and these forums seem the most active and useful by far, I've fixed several other issues for this and other containers based on info found here. On the back of this I'll take a look at implementing unRAID as I'm intrigued now. Host networking and execute container using high privilege are both enabled. My environment variables are: PGID - 100 PUID - 1024 TZ - Australia/Sydney INTERFACE - bond0 From the openvpn.log: 2017-11-05 14:35:59+1100 [-] WEB OUT: '2017-11-05 14:35:59+1100 [-] set uid/gid 1024/100' 2017-11-05 14:35:59+1100 [-] WEB OUT: '2017-11-05 14:35:59+1100 [-] Web server running as UID 1024' 2017-11-05 14:35:59+1100 [-] iptables-PP ERR: 'iptables: No chain/target/match by that name.' 2017-11-05 14:35:59+1100 [-] Service deferred error: iptables capabilities error: ('Error verifying iptables capabilities when running following command', ('/sbin/iptables', '-A', 'FORWARD', '-d', '127.77.88.99', '-m', 'mark', '--mark', '0x12345678/0x12345678', '-j', 'DROP')) 2017-11-05 14:35:59+1100 [-] iptables service not started because of error (SVC_RUN_EXCEPT) 2017-11-05 14:35:59+1100 [-] iptables service not started because of error (SVC_RUN_EXCEPT) 2017-11-05 14:35:59+1100 [-] Server Agent initialization status: {'errors': {'iptables_web': [('error', "Service deferred error: iptables capabilities error: ('Error verifying iptables capabilities when running following command', ('/sbin/iptables', '-A', 'FORWARD', '-d', '127.77.88.99', '-m', 'mark', '--mark', '0x12345678/0x12345678', '-j', 'DROP'))")], 'iptables_openvpn': [('error', 'iptables service not started because of error (SVC_RUN_EXCEPT)')], 'ip6tables_openvpn': [('error', 'iptables service not started because of error (SVC_RUN_EXCEPT)')], 'ip6tables_live': [('error', "service failed to start due to unresolved dependencies: set(['ip6tables_openvpn'])")], 'openvpn_4': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'openvpn_5': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'openvpn_6': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'openvpn_7': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'openvpn_0': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'user': [('error', "service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn', 'ip6tables_openvpn', 'ip6tables_live'])")], 'openvpn_2': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'openvpn_3': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")], 'iptables_live': [('error', "service failed to start due to unresolved dependencies: set(['iptables_openvpn', 'ip6tables_live'])")], 'crl': [('error', "service failed to start due to unresolved dependencies: set(['user'])")], 'openvpn_1': [('error', "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])")]}, 'service_status': {'bridge': 'started', 'openvpn_4': 'off', 'openvpn_5': 'off', 'openvpn_6': 'off', 'api': 'started', 'openvpn_0': 'off', 'openvpn_1': 'off', 'openvpn_2': 'off', 'openvpn_3': 'off', 'web': 'started', 'log': 'started', 'iptables_web': 'off', 'iptables_openvpn': 'off', 'ip6tables_openvpn': 'off', 'ip6tables_live': 'off', 'daemon_pre': 'started', 'iptables_live': 'off', 'db_push': 'started', 'auth': 'started', 'client_query': 'started', 'user': 'off', 'license': 'started', 'openvpn_7': 'off', 'crl': 'off'}} 2017-11-05 14:35:59+1100 [-] Server Agent started From the init.log: Initializing confdb... Generating init scripts... Generating PAM config... Generating init scripts auto command... Warning: Iptables list command failed. Iptables may not be properly initialized. Starting openvpnas... Error: Could not execute server start. I noticed _ovpn-init has the following related commands: Perform iptables command to force initialization... IPTABLES_NULL = "iptables --list" retv = commands.getstatusoutput( IPTABLES_NULL ) if retv[0] != 0: print "Warning: Iptables list command failed. Iptables may not be properly initialized." if DEBUG: print "iptables null cmd=", IPTABLES_NULL, retv From the bash terminal I can manually run iptables --list though I'm not sure what that proves. If I manually run openvpn-init and go through the initial config wizard it fails to start the server too. Please let me know if there is any more useful info I can provide. Any help would be greatly appreciated! Cheers. Quote Link to comment
digiblur Posted November 5, 2017 Share Posted November 5, 2017 If you start over with a new install and follow the instructions on docker hub you shouldn't have any problems. If you are attempting to use spaceinvader's video for this, you'll run into issues. The docker has been updated since the video was recorded so the video is good, but a little outdated. If you run into problems, just post a detailed description of what you did and which step of the instructions you can't get to work. Users here will be glad to help.Much appreciated. I didn't have time to mess with it. Hopefully soon as I would expect I get better performance out of this instance than one on my router. Quote Link to comment
puncho Posted November 10, 2017 Share Posted November 10, 2017 I can access my unraid gui fine when I use my iphone. But, when I download the openvpn connect for windows, or even try the openvpn gui with the user-locked profile (ovpn) it won't connect...any ideas? Thanks Quote Link to comment
MowMdown Posted November 10, 2017 Share Posted November 10, 2017 5 hours ago, puncho said: I can access my unraid gui fine when I use my iphone. But, when I download the openvpn connect for windows, or even try the openvpn gui with the user-locked profile (ovpn) it won't connect...any ideas? Thanks Try the "Auto-Login" Profile. Quote Link to comment
cpluse Posted November 10, 2017 Share Posted November 10, 2017 Quote Hello , Forum members. I just want to say thank you for everyone help in here and input. I spend a day trying to get this to work. Sleep. Ready half the messages and started from scratch and finally got open to connect from my cell phone. Good stuff. My issue was i was behind a VPN and when i kept trying to use bond0 i should of used br0. And not thinking of the VPN i had the wrong IP. But after Dyn setup, OpenVPN setup and phone setup. This project has been completed. Now on to the next. Now to focus on VM and ESX super setup. But in short thank you for everyone help and Admin and all the guides and input. I know it not easy to repeat yourself 1,000 use bond0 or read the readme or add your logs. lol. Fun stuff. Have a good weekend. Cpluse2 Quote Link to comment
FraxTech Posted November 10, 2017 Share Posted November 10, 2017 Hey all, I'm trying to set up OpenVPN on my unRAID server, I'm following the video from Spaceinvader One (here), but when I try to open the WebUI I get the page below (The site cannot be reached) and I'm hoping you guys can help me out. Sorry, I'm very new to unRAID and I've never used any type of VPN except what I use for work. Any help would be greatly appreciated. Thanks. Quote Link to comment
Random.Name Posted November 10, 2017 Share Posted November 10, 2017 On 25.3.2016 at 1:45 PM, egtrev said: I am unable to access the Web UI in Host or Bridge mode. I noticed on my list of Dockers, that this one has nothing underneath "Port Mappings (App to Host)" and all the other Dockers do. Could that be the problem? On 25.3.2016 at 1:51 PM, Squid said: In host mode you never see port mappings as the app has access to any port as it sees fit I seem to have the same/ a similar problem as egtrev. I tried reinstalling the docker but i honestly have no idead how to get it running/ to the web UI These are my most recent Logs _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... [cont-init.d] 20-time: exited 0. [cont-init.d] 30-config: executing... [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... MOD Default {} {} MOD Default {} {} MOD Default {} {} MOD Default {} {} [cont-init.d] 50-interface: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] syncing disks. [s6-finish] sending all processes the TERM signal. [s6-finish] sending all processes the KILL signal and exiting. [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... usermod: no changes ------------------------------------- _ _ _ | |___| (_) ___ | / __| | |/ _ \ | \__ \ | | (_) | |_|___/ |_|\___/ |_| Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donations/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... [cont-init.d] 20-time: exited 0. [cont-init.d] 30-config: executing... [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... MOD Default {} {} MOD Default {} {} MOD Default {} {} MOD Default {} {} [cont-init.d] 50-interface: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. any ideas? Quote Link to comment
FraxTech Posted November 11, 2017 Share Posted November 11, 2017 6 hours ago, FraxTech said: Hey all, I'm trying to set up OpenVPN on my unRAID server, I'm following the video from Spaceinvader One (here), but when I try to open the WebUI I get the page below (The site cannot be reached) and I'm hoping you guys can help me out. Sorry, I'm very new to unRAID and I've never used any type of VPN except what I use for work. Any help would be greatly appreciated. Thanks. I was able to resolve my issue. If you have bonding enabled to allow multiple NICs to work together, you have to set Key1 to "bond0" (or whatever the connection name is). After doing this, I was able to get into the GUI w/ no issues. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.