gacpac Posted October 14, 2018 Share Posted October 14, 2018 Hi, I don't know if you guys had the same problem. With the phone i connect to access my docking containers and stuff outside my network. But i will like to use my VPN without routing my internet traffic, that way i don't reach my bandwidth cap. I can do it with a option in the openvpn settings. But when I do that, FOR SOME REASON THAT DOESN'T MAKE SENSE. When i don't route my internet traffic. My VoiP apps stop working. Ex. Duo, whatsapp, skype. Quote Link to comment
jfrancais Posted November 2, 2018 Share Posted November 2, 2018 Still struggling a bit on OpenVPN-AS docker config but I have made some progress. I now have my OpenVPN-AS running in host mode. Docker containers are on br1 (running on the second NIC) with assiged IPs. If I shell into the OpenVPN-AS container I can communicate with everything, the host and all the containers. Clients connected to OpenVPN server can communicate to the unraid host and all the network except for the docker containers in br1. I feel like this is a routing issue that should be fixable. Can anyone provide assistance? I'm really weak on the networking side of things. Quote Link to comment
Magaman Posted November 6, 2018 Share Posted November 6, 2018 I'm having a strange issue. About once a week the VPN server is set to off. The docker is still running and hadn't been updated, I can access the gui locally and re-enable. When the server is running everything works perfectly. Any ideas?? Quote Link to comment
Adromir Posted November 12, 2018 Share Posted November 12, 2018 I am trying to set it up but although its running, i can't access the admin Interface at all. I always geg a 404 error, already changed the INTERFACE in the Docker Settings to bond0 and eth0 but neither is working Quote Link to comment
Waltm Posted November 12, 2018 Share Posted November 12, 2018 (edited) Hi folks. I have this docker installed and mostly working. It seems I can not access all of the IPs on my lan. From outside my lan I can access my router and the unraid server but not other docker IPs. I'm trying to get access to a Zoneminder docker with it's own IP but just get an error. I can access the .123 address from within my lan and also if I forward my external IP port 80 to the .123 address but I would rather not have the port open. This seems like a similar issue that jfrancais is having above. I'm not sure what pages of the OpenVPN docker to post for info or if this is even the right place to ask for help with this. Edited November 12, 2018 by Waltm Quote Link to comment
Waltm Posted November 14, 2018 Share Posted November 14, 2018 On 10/7/2018 at 3:41 PM, joeri said: yes i followed all his instructions but he ends his video with connecting to the opnVPN client app on his computer. but he never shows how to acces the files on his unraid system. or ACCES the web UI of his unraid system. Once you connect a remote client to the VPN, you only need to open a web browser on the connected device and enter the IP address of the unraid system in the address bar and you should get the web UI of the server. You should have access to anything on your network the same way as if you were at home on a connected device. Quote Link to comment
aptalca Posted November 14, 2018 Share Posted November 14, 2018 On 11/12/2018 at 5:25 PM, Waltm said: Hi folks. I have this docker installed and mostly working. It seems I can not access all of the IPs on my lan. From outside my lan I can access my router and the unraid server but not other docker IPs. I'm trying to get access to a Zoneminder docker with it's own IP but just get an error. I can access the .123 address from within my lan and also if I forward my external IP port 80 to the .123 address but I would rather not have the port open. This seems like a similar issue that jfrancais is having above. I'm not sure what pages of the OpenVPN docker to post for info or if this is even the right place to ask for help with this. If a docker container has its own ip, the connection between that and the host will be blocked. That's a security feature of macvlan Quote Link to comment
slowb Posted November 14, 2018 Share Posted November 14, 2018 On 11/2/2018 at 10:57 AM, jfrancais said: Still struggling a bit on OpenVPN-AS docker config but I have made some progress. I now have my OpenVPN-AS running in host mode. Docker containers are on br1 (running on the second NIC) with assiged IPs. If I shell into the OpenVPN-AS container I can communicate with everything, the host and all the containers. Clients connected to OpenVPN server can communicate to the unraid host and all the network except for the docker containers in br1. I feel like this is a routing issue that should be fixable. Can anyone provide assistance? I'm really weak on the networking side of things. Were you able to get anywhere with your issue? I'm having the same problem. Ultimately, I'd like to get the VPN to work on the br0 network so I can assign it a unique IP address, but I am not able to connect when it is setup that way. Quote Link to comment
jfrancais Posted November 14, 2018 Share Posted November 14, 2018 3 hours ago, slowb said: Were you able to get anywhere with your issue? I'm having the same problem. Ultimately, I'd like to get the VPN to work on the br0 network so I can assign it a unique IP address, but I am not able to connect when it is setup that way. Nope. Still hung up. if I navigate into the container I can see everything, but the connected clients can not. I feel like it is a routing issue or something for the NATed ips but I'm not skilled enough in the networking side to go any further and it seems like no one else is running into this issue. Quote Link to comment
Waltm Posted November 14, 2018 Share Posted November 14, 2018 6 hours ago, aptalca said: If a docker container has its own ip, the connection between that and the host will be blocked. That's a security feature of macvlan Oh. Thanks for the info. Is there any workaround for this? Anything I can do on my router? It's sort of the reason I am trying to run OpenVPN in the first place. Quote Link to comment
jfrancais Posted November 14, 2018 Share Posted November 14, 2018 12 minutes ago, Waltm said: Oh. Thanks for the info. Is there any workaround for this? Anything I can do on my router? It's sort of the reason I am trying to run OpenVPN in the first place. Adding a second NIC and second br gets around this restriction. But it still doesnt seem to work with OpenVPN. the OpenVPN container itself can see everything but the clients connected to it cant. Quote Link to comment
pr85 Posted November 16, 2018 Share Posted November 16, 2018 Hi all, First time poster, and new to Unraid after being on Debian for many years. I just started using the openvpn-as docker, and love the simplicity and great UI. However, I did have a question about RSA implementation. It appears that the application is using RSA 2048, and I was wondering if there was a way to change that when generating keys, and setting up the server, preferrably to use RSA 4096 or higher. I searched for quite some time, and was unable to find out any information about it. Thank you once again for this great app! Quote Link to comment
pr85 Posted November 20, 2018 Share Posted November 20, 2018 On 11/15/2018 at 7:30 PM, pr85 said: Hi all, First time poster, and new to Unraid after being on Debian for many years. I just started using the openvpn-as docker, and love the simplicity and great UI. However, I did have a question about RSA implementation. It appears that the application is using RSA 2048, and I was wondering if there was a way to change that when generating keys, and setting up the server, preferrably to use RSA 4096 or higher. I searched for quite some time, and was unable to find out any information about it. Thank you once again for this great app! Update: I did find a command that allowed me to change the RSA to 4096. However, when the docker is updated, it no longer starts up. I wanted to ask if there was a way to set the default RSA to 4096, and keep it persistent across updates. Thank you! Quote Link to comment
trurl Posted November 20, 2018 Share Posted November 20, 2018 3 hours ago, pr85 said: Update: I did find a command that allowed me to change the RSA to 4096. However, when the docker is updated, it no longer starts up. I wanted to ask if there was a way to set the default RSA to 4096, and keep it persistent across updates. Thank you! Do you have a link to the method you used? Generally, when a docker is updated it is replaced by the new version, so anything that isn't in its appdata typically won't persist. Quote Link to comment
pr85 Posted November 20, 2018 Share Posted November 20, 2018 16 minutes ago, trurl said: Do you have a link to the method you used? Generally, when a docker is updated it is replaced by the new version, so anything that isn't in its appdata typically won't persist. Here is the link that I used: https://forums.openvpn.net/viewtopic.php?t=21766 In the post, it states to use the ./sa command, however, when checking the help menu of that command, it shows that it is used for testing. The actual command that I used was: "/usr/local/openvpn_as/scripts/sacli --keysize=4096 Init" Keep in mind, that using the command above will generate new keys, and will kick anyone off the VPN. You will have to reissue the OVPN files to all users. Also, my experience with this is that when updating the docker, it will fail to boot up, and you will have to reinstall it, and rerun that command. It is not a huge issue, as I can script out what I need, but would love it if it was as easy as everything else in Unraid, and used 4096 by default. Thanks! Quote Link to comment
Micah1 Posted November 26, 2018 Share Posted November 26, 2018 (edited) [NOW SOLVED, leaving for others] Trying to set this docker up, and I can not access the web gui. I've been following the spaceinvader one video up until this point. I pulled the log below. Any advice would be appreciated. Googling the below, I found a user with the same error ( LINK ), but I don't have a cache to move it to. [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... [cont-init.d] 20-time: exited 0. [cont-init.d] 30-config: executing... [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... ERROR: Could not read active profile name: profile/key _INTERNAL/run_api.active_profile not found in sqlite:////config/etc/db/config.db: util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,<string>:1,sagent/sagent_entry:38,db/confdb_admin:354,util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,util/error:61,util/error:44 ERROR: Could not read active profile name: profile/key _INTERNAL/run_api.active_profile not found in sqlite:////config/etc/db/config.db: util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,<string>:1,sagent/sagent_entry:38,db/confdb_admin:354,util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,util/error:61,util/error:44 ERROR: Could not read active profile name: profile/key _INTERNAL/run_api.active_profile not found in sqlite:////config/etc/db/config.db: util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,<string>:1,sagent/sagent_entry:38,db/confdb_admin:354,util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,util/error:61,util/error:44 ERROR: Could not read active profile name: profile/key _INTERNAL/run_api.active_profile not found in sqlite:////config/etc/db/config.db: util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,<string>:1,sagent/sagent_entry:38,db/confdb_admin:354,util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,util/error:61,util/error:44 ERROR: Could not read active profile name: profile/key _INTERNAL/run_api.active_profile not found in sqlite:////config/etc/db/config.db: util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,<string>:1,sagent/sagent_entry:38,db/confdb_admin:354,util/options:79,db/confdb_admin:280,db/confdb:531,db/confdb:523,util/error:61,util/error:44 [cont-init.d] 50-interface: exited 1. [cont-init.d] done. [services.d] starting services [services.d] done. ===== UPDATE: Solved by erasing appdata and restarting Edited November 26, 2018 by Micah1 solved Quote Link to comment
gacpac Posted December 1, 2018 Share Posted December 1, 2018 I started having problems with my VPN not connecting as soon as I enabled my transmission VPN docker. But this is weird, because my openvpn docker is running at the host network and my transmission docker is using the virtual network from the docker. Maybe adding a new docker network will fix it, what do you guys think. Has that happened to you? Quote Link to comment
ScottyBoom Posted December 15, 2018 Share Posted December 15, 2018 Hello, I am also having trouble getting this docker to work. I have configured the docker, set up a duckdns account, and configured OpenVpn. I have forwared the port in pfsense and set that up, but i can not connect from a client. It keeps telling me that it is unable to connect. I followed the same tutorial that a lot of people on here mentioned posed by spaceinvaderone. I am not sure where i am going wrong. Any help would be appreciated. let me know what information that i should post to help diagnose the issue. Here are some screenshots of settings. Any help would be greatly appreciated!!! Quote Link to comment
laest Posted December 17, 2018 Share Posted December 17, 2018 (edited) Hello everybody! As many other guys I followed Spaceinvaders Tutorial and set up OpenVPN on my UnRaid NAS. Connecting to my NAS from outside the Network works, but I do not have access to the UnRaid shares or other devices in the host's network. My setup is as follows: Location 1: NAS with UnRaid OS, OpenVPN set up, Fritzbox 7590 with Subnet 192.168.188.0 Location 2: Fritzbox 7590 with Subnet 192.168.188.0, MacOS Client -> can connect to NAS via OpenVPN, but cannot access shares or the Fritzbox of the UnRaid Host Network I found out, that when connected via OpenVPN the MacBook's IP Adress is 172.xxx.xxx.xxx. In the OpenVPN Admin Interface I found the following: Dynamic IP Adress Network: 172.27.224.0/20 Group Default IP Address Network (Optional): 172.27.240.0/20 Routing (Yes, NAT): 192.168.122.0/24, 192.168.188.0/24, 172.17.0.0/16 Should client Internet traffic be routed through the VPN? YES Should clients be allowed to access network services on the VPN gateway IP address? YES Do not alter clients' DNS server settings: NO Have clients use the same DNS servers as the Access Server host: YES Have clients use specific DNS servers: NO Can you help me out? I just want to access my UnRaid Shares via OpenVPN from outside the LAN of the UnRaid NAS. Thanks in advance! //EDIT: Found the solution by myself,.. stupid me 😮 -> Changed the Subnet of the second Location to 192.168.178.0, so now it is working perfectly Edited December 17, 2018 by laest Resolved Quote Link to comment
k2x8 Posted December 18, 2018 Share Posted December 18, 2018 (edited) Not sure if anyone else pays for a licence but OpenVPN is changing their licencing structure and an update to 2.6.1 is required to support it when the change happens on January 20th 2019. Currently the latest version this app supports is 2.5.2, are there plans for an update before the 20th to at least 2.6.1 version? Screenshot attached with the email from OpenVPN support. The link goes here: https://openvpn.net/security-advisory/action-needed-important-update-for-openvpn-access-server/?utm_source=sg&utm_medium=Email&utm_campaign=serverUpdate Edited December 18, 2018 by k2x8 Quote Link to comment
Coolsaber57 Posted December 26, 2018 Share Posted December 26, 2018 Dumb question: Is it a bad idea to expose the OpenVPN-AS front end via reverse proxy, or is that its intended purpose? I have everything set up and working, but wanted to double check myself before creating the proxy rule. Quote Link to comment
aptalca Posted December 27, 2018 Share Posted December 27, 2018 11 hours ago, Coolsaber57 said: Dumb question: Is it a bad idea to expose the OpenVPN-AS front end via reverse proxy, or is that its intended purpose? I have everything set up and working, but wanted to double check myself before creating the proxy rule. I personally think it's a bad idea to expose the openvpn-as gui. If someone brute forces it, they can create their own vpn user and get on to your lan Quote Link to comment
sjaak Posted December 27, 2018 Share Posted December 27, 2018 On 12/18/2018 at 9:56 PM, k2x8 said: Not sure if anyone else pays for a licence but OpenVPN is changing their licencing structure and an update to 2.6.1 is required to support it when the change happens on January 20th 2019. Currently the latest version this app supports is 2.5.2, are there plans for an update before the 20th to at least 2.6.1 version? Screenshot attached with the email from OpenVPN support. The link goes here: https://openvpn.net/security-advisory/action-needed-important-update-for-openvpn-access-server/?utm_source=sg&utm_medium=Email&utm_campaign=serverUpdate I use this docker app and here its running on 2.6.1 , i use CA Auto Update Applications to do fully automatic updates. didn't pay for any licence, the free version is enough for me. Quote Link to comment
Coolsaber57 Posted December 27, 2018 Share Posted December 27, 2018 10 hours ago, aptalca said: I personally think it's a bad idea to expose the openvpn-as gui. If someone brute forces it, they can create their own vpn user and get on to your lan Hmm, that's what I was afraid of. I think if I ever do expose it, I'll setup fail2ban at the same time to prevent that. Thx. Quote Link to comment
JonathanM Posted December 27, 2018 Share Posted December 27, 2018 7 hours ago, Coolsaber57 said: Hmm, that's what I was afraid of. I think if I ever do expose it, I'll setup fail2ban at the same time to prevent that. Thx. Better to have an alternate access method. Free teamviewer account on a VM or some other machine on the network, a VPN on your router, any other secure method to get local network access. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.