witalit Posted March 15, 2019 Share Posted March 15, 2019 On 11/14/2018 at 1:32 PM, aptalca said: If a docker container has its own ip, the connection between that and the host will be blocked. That's a security feature of macvlan If you install OpenVPN-as as Host without its own IP can you still connect to other dockers with their own IP? I have most of my dockers with their own IP for ease. Quote Link to comment
ppunraid Posted March 15, 2019 Share Posted March 15, 2019 29 minutes ago, witalit said: I can't seem to connect to the OpenVPN web portal I get connection refused. I don't have any bonded interfaces just using eth0 in the VARIABLE field of docker config.. any ideas? I think you need to specify an interface on network type, even if it's obvious your going to be using unraid's ip. Quote Link to comment
witalit Posted March 15, 2019 Share Posted March 15, 2019 What the hell its working now.. I realised I had an old docker appdata folder for OpenVPN. Since wiping that and waiting around 30 minutes are re-installing docker its working. Quote Link to comment
shaunsund Posted March 15, 2019 Share Posted March 15, 2019 Sometimes the openvpn-as docker is fragile on upgrading. I upgraded to the most recent docker this morning and the OPENVPN server stopped working. From the openvpn.log it looks like it is missing a config item 'config_db_local': 2019-03-15 05:05:19-0400 [-] Server Shut Down. 2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] twist d 17.9.0 (/config/bin/python 2.7.11) starting up. 2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] react or class: twisted.internet.epollreactor.EPollReactor. 2019-03-15T05:05:41-0400 [stdout#info] *** Insecure settings found. Permissions for /config/etc/as.conf were set to 0666. Resetting Permissions to 0600 *** 2019-03-15T05:05:42-0400 [-] Unhandled Error Traceback (most recent call last): File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x 86_64.egg/twisted/application/app.py", line 396, in startReactor self.config, oldstdout, oldstderr, self.profiler, reactor) File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x 86_64.egg/twisted/application/app.py", line 311, in runReactorWithLogging reactor.run() File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run self.mainLoop() File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop self.runUntilCurrent() --- <exception caught here> --- File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 878, in runUntilCurrent call.func(*call.args, **call.kw) File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 203, in server_agent_init File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 58, in get_active_config_profile File "build/bdist.linux-x86_64/egg/pyovpn/db/confdb.py", line 811, in get_active_profile File "build/bdist.linux-x86_64/egg/pyovpn/db/dbwrap.py", line 87, in db File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 56, in <lambda> File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 260, in get_req File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 303, in get_type File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 478, in log pyovpn.util.error.SimpleError: "ConfigDict: required config-key 'config_db_local' is not defined": util/cdict:285,util/cdict:257,util/cdict:521,util/cdict:550 (exceptions.KeyError) Anyone have an idea of what it should be and in what config file? Quote Link to comment
aptalca Posted March 15, 2019 Share Posted March 15, 2019 4 hours ago, witalit said: If you install OpenVPN-as as Host without its own IP can you still connect to other dockers with their own IP? I have most of my dockers with their own IP for ease. There are 3 types, host, bridge, and macvlan. Macvlan is the only one with that restriction. Quote Link to comment
aptalca Posted March 15, 2019 Share Posted March 15, 2019 22 minutes ago, shaunsund said: Sometimes the openvpn-as docker is fragile on upgrading. I upgraded to the most recent docker this morning and the OPENVPN server stopped working. From the openvpn.log it looks like it is missing a config item 'config_db_local': 2019-03-15 05:05:19-0400 [-] Server Shut Down. 2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] twist d 17.9.0 (/config/bin/python 2.7.11) starting up. 2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] react or class: twisted.internet.epollreactor.EPollReactor. 2019-03-15T05:05:41-0400 [stdout#info] *** Insecure settings found. Permissions for /config/etc/as.conf were set to 0666. Resetting Permissions to 0600 *** 2019-03-15T05:05:42-0400 [-] Unhandled Error Traceback (most recent call last): File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x 86_64.egg/twisted/application/app.py", line 396, in startReactor self.config, oldstdout, oldstderr, self.profiler, reactor) File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x 86_64.egg/twisted/application/app.py", line 311, in runReactorWithLogging reactor.run() File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run self.mainLoop() File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop self.runUntilCurrent() --- <exception caught here> --- File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 878, in runUntilCurrent call.func(*call.args, **call.kw) File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 203, in server_agent_init File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 58, in get_active_config_profile File "build/bdist.linux-x86_64/egg/pyovpn/db/confdb.py", line 811, in get_active_profile File "build/bdist.linux-x86_64/egg/pyovpn/db/dbwrap.py", line 87, in db File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 56, in <lambda> File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 260, in get_req File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 303, in get_type File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 478, in log pyovpn.util.error.SimpleError: "ConfigDict: required config-key 'config_db_local' is not defined": util/cdict:285,util/cdict:257,util/cdict:521,util/cdict:550 (exceptions.KeyError) Anyone have an idea of what it should be and in what config file? Openvpn-as devops is a bit of a mess, really. They like to make significant (breaking) changes to their db and data through their package updates, but not during service start. With this docker image, we don't do in place package updates, we replace the package along with the docker image. So the changes within their package updater need to be made manually. That happened about a year ago as well. Essentially, you're seeing a version mismatch between the app and its data and unfortunately it's not something we can easily prevent in the future Quote Link to comment
Eric Truong Posted March 15, 2019 Share Posted March 15, 2019 Dear All. firstly sorry for my english. I've succed create the VPN server on my unraid, and it's run perfectly, but i want to connect from my other Home network to unraid. because i use the Camera IP with USB 4g, connect directly to Buffalo router- running DD-WRT, 1. Can i connect from buffalo router to unraid server? 2. how can i setup using file client.opvn? 3. if not. are there anyway to do that. ? i search for two day to do that. i use the client files. download from my unraid. and use the info do fill in the openVPN client on router. but can not connect. please help me. thanks you all. Quote Link to comment
witalit Posted March 15, 2019 Share Posted March 15, 2019 4 hours ago, aptalca said: There are 3 types, host, bridge, and macvlan. Macvlan is the only one with that restriction. What about if I run OpenVPN on Host and the other dockers on macvlan can I connect to them? I setup OpenVPN earlier and was only able to connect to unRAID Gui but not other docker IP's. Quote Link to comment
aptalca Posted March 15, 2019 Share Posted March 15, 2019 6 hours ago, aptalca said: Openvpn-as devops is a bit of a mess, really. They like to make significant (breaking) changes to their db and data through their package updates, but not during service start. With this docker image, we don't do in place package updates, we replace the package along with the docker image. So the changes within their package updater need to be made manually. That happened about a year ago as well. Essentially, you're seeing a version mismatch between the app and its data and unfortunately it's not something we can easily prevent in the future Spent about an hour digging through their scripts and their post install of their package to see what could be missing. Wasted time. Openvpn pulled the 2.7.2 release. We pushed an update to set latest back to 2.6.1. If you updated to 2.7.2 today, update again to go back to 2.6.1 and things should go back to normal. 1 1 Quote Link to comment
aptalca Posted March 15, 2019 Share Posted March 15, 2019 2 hours ago, witalit said: What about if I run OpenVPN on Host and the other dockers on macvlan can I connect to them? I setup OpenVPN earlier and was only able to connect to unRAID Gui but not other docker IP's. No. Nothing on the host ip can connect to macvlan. One user here tried putting openvpn on macvlan as well, in order to be able to connect to other containers on macvlan but he had other issues I believe. Don't recall the details, it was beyond my networking knowledge. Quote Link to comment
Spazhead Posted March 16, 2019 Share Posted March 16, 2019 Last 2 updates broke my access to OpenVPN, had to delete container and delete directory then reinstall before i could access webgui again Quote Link to comment
xman111 Posted March 16, 2019 Share Posted March 16, 2019 hey guys is there any way to use this instead of pfsense on one side so i can do a site to site openvpn? i want to be able to connect two houses and see shares on both sides of the tunnel. Quote Link to comment
CHBMB Posted March 16, 2019 Share Posted March 16, 2019 3 hours ago, xman111 said: hey guys is there any way to use this instead of pfsense on one side so i can do a site to site openvpn? i want to be able to connect two houses and see shares on both sides of the tunnel. You need a client on one side and a server on the other. This is a server and you can configure pfsense as a client. Quote Link to comment
xman111 Posted March 16, 2019 Share Posted March 16, 2019 with 2 pfsense boxes, you can to server/client or peer to peer. I am looking to do peer to peer. That way everything on my network is available to everything on the other network. Right now i can access the server admin page and the shares but none of the other computers on the other side of the tunnel. Also, when i am connected to the tunnel, i can no longer see my own unraid on my side of the tunnel. I think i am just going to buy another pfsense router and do it that way. Quote Link to comment
CHBMB Posted March 17, 2019 Share Posted March 17, 2019 with 2 pfsense boxes, you can to server/client or peer to peer. I am looking to do peer to peer. That way everything on my network is available to everything on the other network. Right now i can access the server admin page and the shares but none of the other computers on the other side of the tunnel. Also, when i am connected to the tunnel, i can no longer see my own unraid on my side of the tunnel. I think i am just going to buy another pfsense router and do it that way.Makes more sense, I use my pfsense box for OpenVPN as then I can restart my server via IPMI without too much trouble.Sent from my Mi A1 using Tapatalk Quote Link to comment
cheesemarathon Posted March 17, 2019 Share Posted March 17, 2019 Just started having issues with openvpn-as. I noticed first that I was unable to connect and when I returned home, the web ui was not comming up. I have had issues in the past after an update so I deleted the container and the appdata config folder, then recreated the container. This did not help. As you will see in the logs. The container starts but the web ui fails to come up. Logs: https://pastebin.com/6tFC05r5 Config: Any ideas on what the issue is? Quote Link to comment
aptalca Posted March 17, 2019 Share Posted March 17, 2019 6 hours ago, cheesemarathon said: Just started having issues with openvpn-as. I noticed first that I was unable to connect and when I returned home, the web ui was not comming up. I have had issues in the past after an update so I deleted the container and the appdata config folder, then recreated the container. This did not help. As you will see in the logs. The container starts but the web ui fails to come up. Logs: https://pastebin.com/6tFC05r5 Config: Any ideas on what the issue is? Is it using host networking or bridge? Nothing wrong in the docker log Quote Link to comment
Stroker Posted March 17, 2019 Share Posted March 17, 2019 (edited) Sorry this Post will not be a lot of help @cheesemarathon but I expierienced also problems after the last update and wanted to notify persons here over my expierience. I noticed it just today because the WebGUI didn't came up but i didn't change anything on the Container for weeks. I got a "Connection Refused" on the GUI and I got curious. After that i had done a "netstat -tulpn" on the unraid server itself and nothing showed up. Bot no Errors in the Docker log. But a deletion from GUI (with active "also remove image"), a "rm -rf openvpn-as" from the Appdata over the console and reinstall of the Template from the WebGUI worked. I just had no internal config of the Container anymore. @aptalca On my Side it works with the Setup "eth0" on INTERFACE and also HOST Networking as Containerconfig Edit: But this didn't happend with my 2nd Server where the exact same configuration is running... Strange... Edited March 17, 2019 by Stroker Info 2nd Server Quote Link to comment
cheesemarathon Posted March 18, 2019 Share Posted March 18, 2019 8 hours ago, aptalca said: Is it using host networking or bridge? Nothing wrong in the docker log Currently host but I have tried both. No luck with either Quote Link to comment
crabsticks Posted March 20, 2019 Share Posted March 20, 2019 I'm not sure I'm asking this in the right place so apologies if it belongs elsewhere.. I have opnevpn docker setup and working perfectly, I have the open vpn client on my android phone setup and conecting as it should. What I would like to do if possible is have the openvpn server connect to either my privoxy or to my private internet access socks5 proxy. I'm trying to achieve the situation where I can connect the android openvpn client to my home server, browse and use the local network as it works at present, but also then forward any other web pages/searches to the provoxy or private internet access. This is to avoid having to disconnect and reconect my openvpn connection. I don't know how to go about this, or if it is even possible. Any advice is much appreciated Quote Link to comment
comet424 Posted March 22, 2019 Share Posted March 22, 2019 (edited) so i got the server setup and i downloaded the locked user client.ovpn file and i copied to my 2nd unraid box and using Peter_MS OpenVPN Client for Unraid when for now i need to type in user name and password... and it cannot connect to dns name says it cant be found yet on host side i have pfsense port forward udp port as i wanna do unraid to unraid for rsync transfer i get the cant resolve host namebut it should be able too system error i get Fri Mar 22 10:36:06 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. Fri Mar 22 10:36:06 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Mar 22 10:36:06 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Mar 22 10:36:06 2019 RESOLVE: Cannot resolve host address: <dnsaddress>:1200 (System error) Fri Mar 22 10:36:06 2019 RESOLVE: Cannot resolve host address: <dnsaddress>:1200 (System error) Fri Mar 22 10:36:06 2019 Could not determine IPv4/IPv6 protocol Fri Mar 22 10:36:06 2019 SIGUSR1[soft,init_instance] received, process restarting Fri Mar 22 10:36:06 2019 Restart pause, 10 second(s) Edited March 22, 2019 by comet424 Quote Link to comment
comet424 Posted March 22, 2019 Share Posted March 22, 2019 (edited) ok i found 2 bugs in this software when you first install OpenServer AS and you get the intitial settings it has 1194 port i set it to 1200 and then when i logged into the server admin it still kept the port 1194...so i re changed it to 1200 udp but i just noticed the docker still points 1194 not 1200... so i guess there is a bug its not saving as you can see 2 out of 3 images show Port 1200 yet docker keeps it at 1194 no matter what you do reboots stop start does nothing.. its like Webgui.. the Docker and the Docker Setting Of Openvpn -as save 3 different locations for the Port and not loading the same location Edited March 22, 2019 by comet424 Quote Link to comment
comet424 Posted March 22, 2019 Share Posted March 22, 2019 i edited config.json and changed 1194 to 1200 but didnt help in next 2 photos... i first did a reboot... then did a FORCE UPDATE then a screen shot after it and no change still forced 1194 not 1200 like its supposed to be Quote Link to comment
ppunraid Posted March 22, 2019 Share Posted March 22, 2019 15 minutes ago, comet424 said: i edited config.json and changed 1194 to 1200 but didnt help in next 2 photos... i first did a reboot... then did a FORCE UPDATE then a screen shot after it and no change still forced 1194 not 1200 like its supposed to be your screen shots shows that UDP port 1200 is opened on your unraid box, However the configuration in the openvpn application is a different thing. Quote Link to comment
comet424 Posted March 22, 2019 Share Posted March 22, 2019 (edited) thats correct reason i said there is a bug in the openvpn as program as you see in the previous images... Unraid is set to 1200 not 1194 yet unraid is reading another file then Edited March 22, 2019 by comet424 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.