[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

3 minutes ago, EDalcin said:

Thank you. Uninstaled.

Personally, I am now using WireGuard for VPN access as it is included in unRAID and managed via plugin.   I keep OpenVPN and ZeroTier installed and configured as backup access methods.  They all work, its just a matter of your preference and what you need to do with remote access.

Link to comment
3 hours ago, Hoopster said:

Personally, I am now using WireGuard for VPN access as it is included in unRAID and managed via plugin.   I keep OpenVPN and ZeroTier installed and configured as backup access methods.  They all work, its just a matter of your preference and what you need to do with remote access.

Thank you for your feedback. This is what I expect from this community!

Link to comment

I am admittedly new to unraid and using all of the plugins/dockers (upgraded from FreeNAS). My main goal for my unraid server is to manage media (radarr/sonarr/NZBGetVPN). I added the openvpn as in an attempt to be able to manage my movie ques remotely. I have been able to work my way to successfully connecting to the openvpn as client via port forwarding and DDNS server (thanks to SpaceInvader one). My issue is that now that i am connected to my home network remotely, i have not been able to open any web clients through the web interface. 

 

Maybe this is something simple that i am just completely ignorant of, but what do i have to use to actually look at my unraid server? Example DDNS.DDNSprovider.com/Tower:6789 or am i going about this all wrong?

Link to comment
3 hours ago, kurt698939 said:

I am admittedly new to unraid and using all of the plugins/dockers (upgraded from FreeNAS). My main goal for my unraid server is to manage media (radarr/sonarr/NZBGetVPN). I added the openvpn as in an attempt to be able to manage my movie ques remotely. I have been able to work my way to successfully connecting to the openvpn as client via port forwarding and DDNS server (thanks to SpaceInvader one). My issue is that now that i am connected to my home network remotely, i have not been able to open any web clients through the web interface. 

 

Maybe this is something simple that i am just completely ignorant of, but what do i have to use to actually look at my unraid server? Example DDNS.DDNSprovider.com/Tower:6789 or am i going about this all wrong?

Once you connect to the vpn, just browse to your server ip address and put in the port for the relevant gui.

 

If you want to do it with reverse proxy (properly), then you can use our letsencrypt image.

 

Here's a guide for that: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/

  • Thanks 1
Link to comment
2 hours ago, aptalca said:

Once you connect to the vpn, just browse to your server ip address and put in the port for the relevant gui.

 

If you want to do it with reverse proxy (properly), then you can use our letsencrypt image.

 

Here's a guide for that: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/

Thank you very much for your response. It let me know i was attempting to use the remote access correctly. I went back over my openvpn as settings and realized i had not entered private subnet properly. I got that fixed up and everything worked like a charm. 

Link to comment

HI i am having issues with a 10 user licence. I activated it before the latest update of the docker and i noticed that the hostname changed for the  docker machine and the license is locked attached to a previous hostname.

 

How can i change the hostname back?

 

 

Link to comment
15 hours ago, sneak2k said:

HI i am having issues with a 10 user licence. I activated it before the latest update of the docker and i noticed that the hostname changed for the  docker machine and the license is locked attached to a previous hostname.

 

How can i change the hostname back?

 

 

In container settings, additional arguments, enter "--hostname blah"

Link to comment

I'm looking for a docker container to connect to my PIA VPN and then route traffic from other docker containers through it using the new functionality in Unraid 6.8.3. Can I do that with this docker? Is there any guide to setting it up? If not, is there a different docker I should be using? Thanks!

Link to comment
2 hours ago, cbc02009 said:

I'm looking for a docker container to connect to my PIA VPN and then route traffic from other docker containers through it using the new functionality in Unraid 6.8.3. Can I do that with this docker? Is there any guide to setting it up? If not, is there a different docker I should be using? Thanks!

No, this is a server. What you need is a client

Link to comment
1 hour ago, sneak2k said:

Perfect worked for me thanks.

Can you confirm that the license remains valid through container recreation? We had a couple people ask in the past but they never confirmed. No one on the team has a paid license so we can't test.

 

Thanks

Link to comment
8 hours ago, aptalca said:

Can you confirm that the license remains valid through container recreation? We had a couple people ask in the past but they never confirmed. No one on the team has a paid license so we can't test.

 

Thanks

Hi, unfortunately the licence did not, they use a few reference points to authenticate the server, including mac addresses etc...

 

 I was able to force the previous hostname successfully, which is what i asked for in the thread, but since the other information has changed across the containers, they replced the key.

 

One of the key point is the Mac address of the main network adapter.

 

What i suggest is if you need to reinstall the container, backup your container config files to try and keep the new version as close to the original as possible.

 

I had uninstalled, choosing to clear the appdata with it, which is most likely why i could not activate as the new container was created from scratch and the hostname, mac address, etc... all changed because of it.

 

Would you happen to have the parameter to pass a MAC address to the container config?

 

Link to comment
1 hour ago, sneak2k said:

Hi, unfortunately the licence did not, they use a few reference points to authenticate the server, including mac addresses etc...

 

 I was able to force the previous hostname successfully, which is what i asked for in the thread, but since the other information has changed across the containers, they replced the key.

 

One of the key point is the Mac address of the main network adapter.

 

What i suggest is if you need to reinstall the container, backup your container config files to try and keep the new version as close to the original as possible.

 

I had uninstalled, choosing to clear the appdata with it, which is most likely why i could not activate as the new container was created from scratch and the hostname, mac address, etc... all changed because of it.

 

Would you happen to have the parameter to pass a MAC address to the container config?

 

Yeah, if you nuke the appdata, the license won't be valid anymore. What we need tested is, recreating the container with the same appdata.

 

Openvpn-as won't tell us what parameters they use to check. I'm not sure if mac address is one of them. But you can indeed set a custom one for your docker container: https://stackoverflow.com/questions/42946453/how-does-the-docker-assign-mac-addresses-to-containers

Link to comment

Do: 

"During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation)"

 

mean that "admin" should be removed in the url logon?:

 

https://XX.XX.XX.XX:943/admin/

 

If so I arrive here:

534663038_Screenshot2020-03-13at18_23_30.thumb.png.4c7c09c7755beed668e524c6a37b3838.png

 

 

Going to "Admin" I get this url:

 

https://XX.XX.XX.XX:943/admin/

 

Loggin in with default PAM I get this annoying guy:

1204226653_Screenshot2020-03-13at18_27_47.thumb.png.3e1870baedd70666dab87da0f19e7a3c.png

 

I have a feeling I am doing something wrong (after 2 hours)...........

 

Can it be port forwarding? 1194 to 943 on server ip. 

 

 

Anyone?

 

 

//Frode

 

 

 

 

 

 

 

logfile.rtf

  • Like 1
Link to comment
33 minutes ago, frodr said:

Do: 

"During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation)"

 

mean that "admin" should be removed in the url logon?:

 

https://XX.XX.XX.XX:943/admin/

 

If so I arrive here:

534663038_Screenshot2020-03-13at18_23_30.thumb.png.4c7c09c7755beed668e524c6a37b3838.png

 

 

Going to "Admin" I get this url:

 

https://XX.XX.XX.XX:943/admin/

 

Loggin in with default PAM I get this annoying guy:

1204226653_Screenshot2020-03-13at18_27_47.thumb.png.3e1870baedd70666dab87da0f19e7a3c.png

 

I have a feeling I am doing something wrong (after 2 hours)...........

 

Can it be port forwarding? 1194 to 943 on server ip. 

 

 

Anyone?

 

 

//Frode

 

 

 

 

 

 

 

logfile.rtf 1.95 kB · 0 downloads

This seems to be a common problem now, multiple people have this issue lately. I've switched to WireGuard and it's 1000x easier to setup and use 

Link to comment
On 3/13/2020 at 2:16 PM, kayjay010101 said:

This seems to be a common problem now, multiple people have this issue lately. I've switched to WireGuard and it's 1000x easier to setup and use 

Recommending a completely different protocol is not very productive in a thread dedicated to openvpn-as. Plus, wireguard is more of an alternative to vanilla openvpn, not openvpn-as as it requires manual config via cli.

 

Also, I happen to use wireguard and openvpn side by side as one acts as a backup to the other.

Link to comment
On 3/13/2020 at 1:41 PM, frodr said:

Do: 

"During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation)"

 

mean that "admin" should be removed in the url logon?:

 

https://XX.XX.XX.XX:943/admin/

 

If so I arrive here:

534663038_Screenshot2020-03-13at18_23_30.thumb.png.4c7c09c7755beed668e524c6a37b3838.png

 

 

Going to "Admin" I get this url:

 

https://XX.XX.XX.XX:943/admin/

 

Loggin in with default PAM I get this annoying guy:

1204226653_Screenshot2020-03-13at18_27_47.thumb.png.3e1870baedd70666dab87da0f19e7a3c.png

 

I have a feeling I am doing something wrong (after 2 hours)...........

 

Can it be port forwarding? 1194 to 943 on server ip. 

 

 

Anyone?

 

 

//Frode

 

 

 

 

 

 

 

logfile.rtf 1.95 kB · 0 downloads

See here: https://discourse.linuxserver.io/t/just-installed-openvpn-as-cant-login-as-admin/1162/5

Link to comment
  • 2 weeks later...

Has anybody figured out the SESSION ERROR problem? I am another of those affected by this.

 

I can log in the initial front end page, but only if I use my external domain name. It won't work if I refer to the site using the IP address. It also fails when I try to connect to the admin page, either using IP address or domain name.

 

I think that it is probably related to my LetsEncrypt proxy configuration, but I don't understand why it broke at the last update. It worked fine until then.

 

I looked at the link kindly provided by aptalca, but none of the suggested issues seem to belong to my configuration. I already had default and admin locations in my proxy configuration.

Link to comment
19 hours ago, jjthacker said:

Has anybody figured out the SESSION ERROR problem? I am another of those affected by this.

 

I can log in the initial front end page, but only if I use my external domain name. It won't work if I refer to the site using the IP address. It also fails when I try to connect to the admin page, either using IP address or domain name.

 

I think that it is probably related to my LetsEncrypt proxy configuration, but I don't understand why it broke at the last update. It worked fine until then.

 

I looked at the link kindly provided by aptalca, but none of the suggested issues seem to belong to my configuration. I already had default and admin locations in my proxy configuration.

I'm getting this on a fresh install. Fresh because the update wiped out my config folder: https://github.com/linuxserver/docker-openvpn-as/issues/108

 

Getting this in container log

 

Unpacking openvpn-as (2.8.3-f28d2eae-Ubuntu18) ...
Setting up openvpn-as-bundled-clients (7) ...
Setting up openvpn-as (2.8.3-f28d2eae-Ubuntu18) ...
Automatic configuration failed, see /usr/local/openvpn_as/init.log
You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool.
/var/lib/dpkg/info/openvpn-as.postinst: line 68: systemctl: command not found
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Edited by d2dyno
Link to comment
3 hours ago, d2dyno said:

I'm getting this on a fresh install. Fresh because the update wiped out my config folder: https://github.com/linuxserver/docker-openvpn-as/issues/108

 

Getting this in container log

 

Unpacking openvpn-as (2.8.3-f28d2eae-Ubuntu18) ...
Setting up openvpn-as-bundled-clients (7) ...
Setting up openvpn-as (2.8.3-f28d2eae-Ubuntu18) ...
Automatic configuration failed, see /usr/local/openvpn_as/init.log
You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool.
/var/lib/dpkg/info/openvpn-as.postinst: line 68: systemctl: command not found
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

Did you read my linked thread above?

Post a full log, post your docker run and check the openvpn log in the config folder

Link to comment
6 hours ago, aptalca said:

Did you read my linked thread above?

Post a full log, post your docker run and check the openvpn log in the config folder

Yes I did. Using bridge as always, tried adding NET_ADMIN via extra arguments, did not change any behaviour.

 

/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' --cpuset-cpus='5,6,37,38' --privileged=true -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'INTERFACE'='eth0' -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '11194:11194/udp' -v '/mnt/disks/nvmepool/appdata/openvpn-as':'/config':'rw,slave' --cap-add=NET_ADMIN --label="traefik.protocol=https" --label="traefik.enable=true" --label="traefik.port=943" --label="traefik.frontend.rule=Host:ovpn.example.nl" --restart unless-stopped 'linuxserver/openvpn-as:latest' 

 

log-docker.txt openvpn.log

Link to comment
On 2/11/2020 at 12:12 PM, uaborne said:

I just resolved my issue. From the dockers console I ran the following commands which allowed me to login. 


/usr/local/openvpn_as/scripts/sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

 

i love you smart person this worked for me

  • Like 1
Link to comment
On 2/11/2020 at 9:12 AM, uaborne said:

I just resolved my issue. From the dockers console I ran the following commands which allowed me to login. 


/usr/local/openvpn_as/scripts/sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

 

Bless you kind sir. I was pulling my hair out trying to find out what I had screwed up on a docker that had been working fine for months.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.