[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

Hello,

 

I have two problems with openvpn-as:

FIRST PROBLEM

i've also got the Error

SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

and I am at a loss of what exactly i have to do to fix it.

 

My setup:

(1) I've installed the openvpn-as container in bridge mode - i set up another user name (also with admin access), then login as said user and delete the standard admin user.

(2) I switch the network mode in the container to a custom proxynet (nginx setup from spaceinvader video)  so that i can reach my openvpn user and admin login from anywhere

(3) i edit the as.config file entry "boot_pam_users.0=" and put random characters in, so that my admin acc is not accesible if it was reset during switching of dhe network mode

(4) i go to my web interface login of openvpn: openvpn.***.* -> it opens to the user login page

-> i can login as my created user

(5) i go to openvpn.***.*/admin it opens to the admin login page

-> i get said error on login attempt with my created admin user

 

Now, people linked to this POST a couple of posts back.

There it says, regarding error solution:

"

1. iptables issues on host (either not installed or missing kernel modules)

2. you didn’t add cap-add NET_ADMIN

3. you’re using an unsupported networking method (host or macvlan)

"

1) i do not know what this means or what i have to check and possible fix

2) i've checked in advanced view, docker container is still created with "cap-add NET_ADMIN"

3) i do not know exactly what this means, is it possible that you cannot run openvpn on a custom setup unraid network (in my case "proxynet" and letsencrypt) - does it only run on "bridge" mode?

 

SECOND PROBLEM

Maybe related to first problem.

 

With my setup (as explained above) i can go on my mobile, go to my openvpn domain and download the access file for the mobile openvpn client.

BUT when i try to connect to my openvpn server the connection times out.

Openvpn is configured on UDP 1194 and i've forwarded this port to my unraid server (as per spaceinvaders video).

Any idea what could prevent it from getting a connection?

 

Thanks for the people reading this and in general developing this container.

 

 

 

 

Link to comment
4 hours ago, SeaMax said:

Hello,

 

I have two problems with openvpn-as:

FIRST PROBLEM

i've also got the Error


SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

and I am at a loss of what exactly i have to do to fix it.

 

My setup:

(1) I've installed the openvpn-as container in bridge mode - i set up another user name (also with admin access), then login as said user and delete the standard admin user.

(2) I switch the network mode in the container to a custom proxynet (nginx setup from spaceinvader video)  so that i can reach my openvpn user and admin login from anywhere

(3) i edit the as.config file entry "boot_pam_users.0=" and put random characters in, so that my admin acc is not accesible if it was reset during switching of dhe network mode

(4) i go to my web interface login of openvpn: openvpn.***.* -> it opens to the user login page

-> i can login as my created user

(5) i go to openvpn.***.*/admin it opens to the admin login page

-> i get said error on login attempt with my created admin user

 

Now, people linked to this POST a couple of posts back.

There it says, regarding error solution:

"

1. iptables issues on host (either not installed or missing kernel modules)

2. you didn’t add cap-add NET_ADMIN

3. you’re using an unsupported networking method (host or macvlan)

"

1) i do not know what this means or what i have to check and possible fix

2) i've checked in advanced view, docker container is still created with "cap-add NET_ADMIN"

3) i do not know exactly what this means, is it possible that you cannot run openvpn on a custom setup unraid network (in my case "proxynet" and letsencrypt) - does it only run on "bridge" mode?

 

SECOND PROBLEM

Maybe related to first problem.

 

With my setup (as explained above) i can go on my mobile, go to my openvpn domain and download the access file for the mobile openvpn client.

BUT when i try to connect to my openvpn server the connection times out.

Openvpn is configured on UDP 1194 and i've forwarded this port to my unraid server (as per spaceinvaders video).

Any idea what could prevent it from getting a connection?

 

Thanks for the people reading this and in general developing this container.

 

 

 

 

Try accessing on the ip directly, not via reverse proxy

Link to comment

Hi all.  I recently upgraded my server.  All new hardware.  New cache pool.  I backed up old appdata and restored on new cache drive.  All of my dockers are working except for this one.  I can not access the webui at all.  I get this recurring error in the log file. 

 

/usr/local/openvpn_as/scripts/openvpnas: No such file or directory

 

I changed the mnt/user to mnt/cache as suggested in a previous post but still not working.  It was working perfectly before I migrated everything to the new server. 

Link to comment
  • 2 weeks later...

Having issue with OpenVPN-as WebUI not working, I get a page not found error. I suspect this is an issue with bond0, I added an Interface variable for bond0 but still have same issue. Network Type is set to Bridge. I have removed and reinstalled docker always with same result. Any help would be apprecaited.

Link to comment

SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

On 2/11/2020 at 12:12 PM, uaborne said:

I just resolved my issue. From the dockers console I ran the following commands which allowed me to login. 


/usr/local/openvpn_as/scripts/sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

 

 

This worked for a while.  Just tried to log in and the same error is back:

 

Quote

SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

PIA if you ask me.

Link to comment
9 hours ago, eric.ruck said:

Having issue with OpenVPN-as WebUI not working, I get a page not found error. I suspect this is an issue with bond0, I added an Interface variable for bond0 but still have same issue. Network Type is set to Bridge. I have removed and reinstalled docker always with same result. Any help would be apprecaited.

The readme tells you not to set/change the interface in bridge

Link to comment

Thanks, I saw that but saw another post that mentioned it. It started working after I added a 3rd Key Variable called INTERFACE and set it to bond0. However didnt work initially, I stopped the array to adjust the network settings and when I restarted the array it started working perfectly.

Link to comment

Hello.  I have been trying to follow all of the connection issues folks have been having with the web ui.  I have tried several options, but with no luck.  Things I can confirm include 1194 being forwarded locally, container running in bridge mode with no additional changes to the setup.  This has all worked in the past, but for some reason no longer works.  I have also tried removing and adding the container back.  Any assistance would be appreciated.

 

Bonus issue - On the client side, getting the ns cert type deprecated issue.  Any assistance with that would too be appreciated.

 

Thanks in advance for any help.

Edited by Rojen Mcche
Link to comment
  • 2 weeks later...
On 5/3/2020 at 3:12 PM, luca2 said:

Hi, I am trying to install this docker. After I install it, when I click WebUI i cannot access the web interface:


./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

Any idea how to solve this?

So, I managed to solve it by myself. I created a new appdata2 folder>it did not work. I cleared the cache of chrome and mozilla>it works.

 

 

Edited by luca2
solved
Link to comment
On 4/17/2020 at 1:10 PM, Rojen Mcche said:

Hello.  I have been trying to follow all of the connection issues folks have been having with the web ui.  I have tried several options, but with no luck.  Things I can confirm include 1194 being forwarded locally, container running in bridge mode with no additional changes to the setup.  This has all worked in the past, but for some reason no longer works.  I have also tried removing and adding the container back.  Any assistance would be appreciated.

 

Bonus issue - On the client side, getting the ns cert type deprecated issue.  Any assistance with that would too be appreciated.

 

Thanks in advance for any help.

Same here. Docker simply does not work as is. Has anyone got working instructions?

ErrorWarningSystemArrayLogin


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...

Current default time zone: 'Europe/London'
Local time is now: Tue May 5 13:50:39 BST 2020.
Universal Time is now: Tue May 5 12:50:39 UTC 2020.

[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
installing openvpn-as for the first time
Get:1 http://as-repository.openvpn.net/as/debian bionic InRelease [3,186 B]
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:5 http://as-repository.openvpn.net/as/debian bionic/main amd64 Packages [3,156 B]
Get:6 http://archive.ubuntu.com/ubuntu bionic-updates/restricted Sources [8,212 B]
Get:7 http://archive.ubuntu.com/ubuntu bionic-updates/universe Sources [369 kB]
Get:8 http://archive.ubuntu.com/ubuntu bionic-updates/main Sources [406 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse Sources [7,157 B]
Get:10 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1,376 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [1,205 kB]
Get:12 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [19.8 kB]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [66.6 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic-security/main Sources [189 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-security/universe Sources [215 kB]
Get:16 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages [908 kB]
Get:17 http://archive.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [844 kB]
Fetched 5,797 kB in 1s (4,993 kB/s)
Reading package lists...
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
openvpn-as-bundled-clients
The following NEW packages will be installed:
openvpn-as openvpn-as-bundled-clients
0 upgraded, 2 newly installed, 0 to remove and 2 not upgraded.
Need to get 151 MB of archives.
After this operation, 202 MB of additional disk space will be used.
Get:1 http://as-repository.openvpn.net/as/debian bionic/main amd64 openvpn-as-bundled-clients all 10 [130 MB]
Get:2 http://as-repository.openvpn.net/as/debian bionic/main amd64 openvpn-as amd64 2.8.3-f28d2eae-Ubuntu18 [21.0 MB]
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76, <> line 2.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.26.1 /usr/local/share/perl/5.26.1 /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.26 /usr/share/perl/5.26 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7, <> line 2.)
debconf: falling back to frontend: Teletype
dpkg-preconfigure: unable to re-open stdin:
Fetched 151 MB in 13s (11.4 MB/s)
Selecting previously unselected package openvpn-as-bundled-clients.
Preparing to unpack .../openvpn-as-bundled-clients_10_all.deb ...
Unpacking openvpn-as-bundled-clients (10) ...
Selecting previously unselected package openvpn-as.
Preparing to unpack .../openvpn-as_2.8.3-f28d2eae-Ubuntu18_amd64.deb ...
Unpacking openvpn-as (2.8.3-f28d2eae-Ubuntu18) ...
Setting up openvpn-as-bundled-clients (10) ...
Setting up openvpn-as (2.8.3-f28d2eae-Ubuntu18) ...
Automatic configuration failed, see /usr/local/openvpn_as/init.log

You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool.
/var/lib/dpkg/info/openvpn-as.postinst: line 68: systemctl: command not found
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-openvpn-init: executing...
Detected an existing OpenVPN-AS configuration.
Continuing will delete this configuration and restart from scratch.
Please enter 'DELETE' to delete existing configuration:
OpenVPN Access Server
Initial Configuration Tool
------------------------------------------------------
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)

1. Copyright Notice: OpenVPN Access Server License;
Copyright (c) 2009-2020 OpenVPN Inc. All rights reserved.
"OpenVPN" is a trademark of OpenVPN Inc.
2. Redistribution of OpenVPN Access Server binary forms and related documents,
are permitted provided that redistributions of OpenVPN Access Server binary
forms and related documents reproduce the above copyright notice as well as
a complete copy of this EULA.
3. You agree not to reverse engineer, decompile, disassemble, modify,
translate, make any attempt to discover the source code of this software,
or create derivative works from this software.
4. The OpenVPN Access Server is bundled with other open source software
components, some of which fall under different licenses. By using OpenVPN
or any of the bundled components, you agree to be bound by the conditions
of the license for each respective component. For more information, you can
find our complete EULA (End-User License Agreement) on our website
(http://openvpn.net), and a copy of the EULA is also distributed with the
Access Server in the file /usr/local/openvpn_as/license.txt.
5. This software is provided "as is" and any expressed or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. In no event shall
OpenVPN Inc. be liable for any direct, indirect, incidental,
special, exemplary, or consequential damages (including, but not limited
to, procurement of substitute goods or services; loss of use, data, or
profits; or business interruption) however caused and on any theory of
liability, whether in contract, strict liability, or tort (including
negligence or otherwise) arising in any way out of the use of this
software, even if advised of the possibility of such damage.
6. OpenVPN Inc. is the sole distributor of OpenVPN Access Server
licenses. This agreement and licenses granted by it may not be assigned,
sublicensed, or otherwise transferred by licensee without prior written
consent of OpenVPN Inc. Any licenses violating this provision
will be subject to revocation and deactivation, and will not be eligible
for refunds.
7. A purchased license entitles you to use this software for the duration of
time denoted on your license key on any one (1) particular device, up to
the concurrent user limit specified by your license. Multiple license keys
may be activated to achieve a desired concurrency limit on this given
device. Unless otherwise prearranged with OpenVPN Inc.,
concurrency counts on license keys are not to be divided for use amongst
multiple devices. Upon activation of the first purchased license key in
this software, you agree to forego any free licenses or keys that were
given to you for demonstration purposes, and as such, the free licenses
will not appear after the activation of a purchased key. You are
responsible for the timely activation of these licenses on your desired
server of choice. Refunds on purchased license keys are only possible
within 30 days of purchase of license key, and then only if the license key
has not already been activated on a system. To request a refund, contact us
through our support ticket system using the account you have used to
purchase the license key. Exceptions to this policy may be given for
machines under failover mode, and when the feature is used as directed in
the OpenVPN Access Server user manual. In these circumstances, a user is
granted one (1) license key (per original license key) for use solely on
failover purposes free of charge. Other failover and/or load balancing use
cases will not be eligible for this exception, and a separate license key
would have to be acquired to satisfy the licensing requirements. To request
a license exception, please file a support ticket in the OpenVPN Access
Server ticketing system. A staff member will be responsible for determining
exception eligibility, and we reserve the right to decline any requests not
meeting our eligibility criteria, or requests which we believe may be
fraudulent in nature.
8. Activating a license key ties it to the specific hardware/software
combination that it was activated on, and activated license keys are
nontransferable. Substantial software and/or hardware changes may
invalidate an activated license. In case of substantial software and/or
hardware changes, caused by for example, but not limited to failure and
subsequent repair or alterations of (virtualized) hardware/software, our
software product will automatically attempt to contact our online licensing
systems to renegotiate the licensing state. On any given license key, you
are limited to three (3) automatic renegotiations within the license key
lifetime. After these renegotiations are exhausted, the license key is
considered invalid, and the activation state will be locked to the last
valid system configuration it was activated on. OpenVPN Inc.reserves the
right to grant exceptions to this policy for license holders under
extenuating circumstances, and such exceptions can be requested through a
ticket via the OpenVPN Access Server ticketing system.
9. Once an activated license key expires or becomes invalid, the concurrency
limit on our software product will decrease by the amount of concurrent
connections previously granted by the license key. If all of your purchased
license key(s) have expired, the product will revert to demonstration mode,
which allows a maximum of two (2) concurrent users to be connected to your
server. Prior to your license expiration date(s), OpenVPN Inc. will attempt
to remind you to renew your license(s) by sending periodic email messages
to the licensee email address on record. You are solely responsible for
the timely renewal of your license key(s) prior to their expiration if
continued operation is expected after the license expiration date(s).
OpenVPN Inc. will not be responsible for any misdirected and/or undeliverable
email messages, nor does it have an obligation to contact you regarding
your expiring license keys.
10. Any valid license key holder is entitled to use our ticketing system for
support questions or issues specifically related to the OpenVPN Access
Server product. To file a ticket, go to our website at http://openvpn.net/
and sign in using the account that was registered and used to purchase the
license key(s). You can then access the support ticket system through our
website and submit a support ticket. Tickets filed in the ticketing system
are answered on a best-effort basis. OpenVPN Inc. staff
reserve the right to limit responses to users of our demo / expired
licenses, as well as requests that substantively deviate from the OpenVPN
Access Server product line. Tickets related to the open source version of

OpenVPN will not be handled here.
11. Purchasing a license key does not entitle you to any special rights or
privileges, except the ones explicitly outlined in this user agreement.
Unless otherwise arranged prior to your purchase with OpenVPN,
Inc., software maintenance costs and terms are subject to change after your
initial purchase without notice. In case of price decreases or special
promotions, OpenVPN Inc. will not retrospectively apply
credits or price adjustments toward any licenses that have already been
issued. Furthermore, no discounts will be given for license maintenance
renewals unless this is specified in your contract with OpenVPN Inc.

Please enter 'yes' to indicate your agreement [no]:
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.

Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]:
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 172.17.0.19
Please enter the option number from the list above (1-2).
> Press Enter for default [1]:
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]:
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]:
Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]:
Use local authentication via internal DB?
> Press ENTER for default [yes]:
Private subnets detected: ['172.17.0.0/16']

Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]:
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).

You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.

Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]:
> Specify the username for an existing user or for the new user account: Note: This user already exists.

> Please specify your Activation key (or leave blank to specify later):


Initializing OpenVPN...
Removing Cluster Admin user login...
userdel "admin_c"
Adding new user login...
useradd -s /sbin/nologin "admin"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: 7d54f468c409
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating PAM config...
Enabling service
Error: Could not execute 'systemctl enable openvpnas' to enable startup/shutdown scripts

Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
MOD Default {'admin_ui.https.ip_address': None} {'admin_ui.https.ip_address': 'eth0'}
MOD Default {'cs.https.ip_address': None} {'cs.https.ip_address': 'eth0'}
MOD Default {'vpn.daemon.0.listen.ip_address': None} {'vpn.daemon.0.listen.ip_address': 'eth0'}
MOD Default {'vpn.daemon.0.server.ip_address': None} {'vpn.daemon.0.server.ip_address': 'eth0'}
[cont-init.d] 50-interface: exited 0.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...
usermod: no changes

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...
[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-openvpn-init: executing...
[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
MOD Default {} {}
MOD Default {} {}
MOD Default {} {}
MOD Default {} {}
[cont-init.d] 50-interface: exited 0.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

 

Link to comment

So I have a similar problem. I get the SESSION ERROR issue but it's only under the following situations when I'm trying to set up a reverse proxy:

- I use my domain name for the Server Network Settings - Hostname/IP Address

- I use a custom network rather than bridge

 

Under these situations, I can get to the admin page from my domain or from my home network url:943. However, if I try to login to the admin page, it fails with the SESSION ERROR and the vpn service does not work. If I revert to using my home IP and BRIGE, everything pretty much works (though of course I'm not using the reverse proxy.

 

The three console commands posted above did not work for me. 

 

[as an aside, using the INTERFACE variable seems to do jack and shit]

[as a further aside the fucking invalid certificate errors that seem to keep me from using chrome to access the site are annoying AF]

Link to comment

I am trying to access the WebUI but am unable to. I have deleted the docker and the appdata folder using the CA plugin and even created a new appdata folder but still end up with the same issue. When the docker starts to pull down it only brings the last two parts, I suspect the others are corrupt. is there any way to clear those so everything downloads fresh? Log from docker:

 

ErrorWarningSystemArrayLogin


[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing...
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing...

-------------------------------------
_ ()
| | ___ _ __
| | / __| | | / \
| | \__ \ | | | () |
|_| |___/ |_| \__/


Brought to you by linuxserver.io
-------------------------------------

To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid: 99
User gid: 100
-------------------------------------

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...

Current default time zone: 'America/New_York'
Local time is now: Mon May 11 06:33:07 EDT 2020.
Universal Time is now: Mon May 11 10:33:07 UTC 2020.

[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
installing openvpn-as for the first time
Get:1 http://as-repository.openvpn.net/as/debian bionic InRelease [3,186 B]
Get:2 http://as-repository.openvpn.net/as/debian bionic/main amd64 Packages [3,156 B]
Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:4 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:5 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Reading package lists...
E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease is not valid yet (invalid for another 3h 13min 28s). Updates for this repository will not be applied.
E: Release file for http://archive.ubuntu.com/ubuntu/dists/bionic-security/InRelease is not valid yet (invalid for another 3h 12min 27s). Updates for this repository will not be applied.
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
sed: can't read /usr/local/openvpn_as/etc/as_templ.conf: No such file or directory
[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-openvpn-init: executing...
find: ‘/config/etc/db’: No such file or directory
/var/run/s6/etc/cont-init.d/40-openvpn-init: line 14: /usr/local/openvpn_as/bin/ovpn-init: No such file or directory
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
/var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory
[cont-init.d] 50-interface: exited 127.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
[services.d] done.
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

 

Quote



 

 

Link to comment
On 5/11/2020 at 11:00 AM, trurl said:

Since this is your first post I wonder if you are aware that the WireGuard VPN is builtin to Unraid now:

 

Thanks for your response. I had a look at WireGuard, configuring with your guide was a snap but for some reason I could not get it to work on the client side (ubuntu). 

 

I was able to fix the OVPN-AS container issue by copying the contents of the appdata folder on a working server and pasting to the server that isn't working as there were files missing. Reconfigure and back it up. 

Link to comment
  • 2 weeks later...
7 hours ago, RIDGID said:

Came here looking for help getting to the OpenVPN-AS webui but I will probably just give WireGuard a shot instead.

If you are still interested in OpenVPN-AS....

 

After I corrected my issue I had to use: 

 

https://<yourserverip>:<port>/admin

 

http did not work for me. 

Link to comment

Hi. I'm having some issues with openVPNas, and I want to understand them. I'm going to describe a few scenarios and follow up with some questions.

 

 I have installed and configured OpenVPNas on my unraid server (6.8.3) following the latest spaceinvaderone guide here. Note: I additionally forwarded port 943 TCP, so that I could access admin/client gui from outside of my home network.

 

Scenario #1

For the initial setup, I used my WAN IP in the openVPN Server Network Settings. From here, I am able to connect to the admin gui and client gui from inside my network without issue. Next, I tested connecting to the admin/client gui from my iphone on cellular data. If I enter the address "mywanip:943" into a browser, it does not connect. However, if I try "https://mywanip:943", then it connects.

 

Scenario #2

For the initial setup, I used my DOMAIN NAME in the openVPN Server Network Settings. I have a domain registered through namecheap, which I have set up with cloudflare DNS (proxy enabled). I use the "CloudflareDDNS" CA on my unraid server to keep the IP up-to-date. Similar to scenario #1, i can access the admin/client gui internally. However, when i test connection tot he client/admin gui from my iphone, it is failing. Trying address "mydomain.com:943" and "https://mydomain.com:943" fail to connect. However, if i try "https://mywanip:943", then it connects.

 

Questions:

1. In scenario #1, why does the outside connection to the gui only work when manually adding the https:// prefix? It was my understanding that modern browsers (i was using safari) would automatically add the https:// prefix when typing in any address.

 

2. In scenario #2, why can't I connect using the domain name?

 

3. In the spaceinvaderone video, he does not forward port 943. I believe this implies that the only way to get access to the vpn would be for an admin to locally create your user and provide you with the credentials/config file. If i followed this scheme, and set up a subdomain (vpn.mydomain.com) for the openvpn server, what would the purpose of the subdomain be?

 

3a. This is what I was thinking: to grant someone access to the vpn, i'd locally create their account, then instruct them to connect to the vpn.mydomain.com client gui, where they'd log in and be able to (1) download the proper vpn client software and (2) download the config file. Is there an issue with this kind of configuration?

 

4. Ideally i wouldn't like to have to add the port numbers at the end of the web addresses (in the case that i forward 943 to allow users to connect to client gui). How can i modify my setup so that to connect to the client gui on port 943 from outside the network, they only have to type my subdomain vpn.mydomain.com?

 

I am really trying to understand how this all works, so that I can use that knowledge to help set up other dockers/services on my unraid server. I appreciate any and all help.

 

Thanks,

Link to comment
On 2/11/2020 at 11:12 AM, uaborne said:

I just resolved my issue. From the dockers console I ran the following commands which allowed me to login. 


/usr/local/openvpn_as/scripts/sacli --key "vpn.server.daemon.enable" --value "false" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.daemon.0.listen.protocol" --value "tcp" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key "vpn.server.port_share.enable" --value "true" ConfigPut
/usr/local/openvpn_as/scripts/sacli start

 

 

followed this; unable to run this command: /usr/local/openvpn_as/scripts/sacli start

error

RunStart warm None
{
  "errors": {
    "crl": [
      [
        "error", 
        "service failed to start due to unresolved dependencies: set(['user'])"
      ]
    ], 
    "iptables_live": [
      [
        "error", 
        "service failed to start due to unresolved dependencies: set(['iptables_openvpn'])"
      ]
    ], 
    "iptables_openvpn": [
      [
        "error", 
        "Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: [\"Bad argument `[unsupported'\", 'Error occurred at line: 88', \"Try `iptables-restore -h' or 'iptables-restore --help' for more information.\"]: internet/defer:654,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:385,scripts/_twistd_unix:264,application/app:399,application/app:312,internet/base:1283,internet/base:1295,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:310,internet/process:273,internet/process:934,internet/process:946,internet/process:311,internet/_baseprocess:52,internet/process:948,internet/_baseprocess:64,svc/pp:141,svc/svcnotify:32,internet/defer:460,internet/defer:568,internet/defer:654,sagent/ipts:134,sagent/ipts:51,util/error:74,util/error:55"
      ]
    ], 
    "openvpn_0": [
      [
        "error", 
        "service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])"
      ]
    ], 
    "subscription": [
      [
        "error", 
        "service failed to start due to unresolved dependencies: set(['user'])"
      ]
    ], 
    "user": [
      [
        "error", 
        "service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])"
      ]
    ]
  }, 
  "last_restarted": "Fri May 29 14:00:38 2020", 
  "service_status": {
    "api": "started", 
    "auth": "started", 
    "bridge": "started", 
    "client_query": "started", 
    "crl": "off", 
    "daemon_pre": "started", 
    "db_push": "started", 
    "ip6tables_live": "started", 
    "ip6tables_openvpn": "started", 
    "iptables_live": "off", 
    "iptables_openvpn": "off", 
    "iptables_web": "started", 
    "log": "started", 
    "openvpn_0": "off", 
    "subscription": "off", 
    "user": "off", 
    "web": "started"
  }
}
WILL_RESTART []
ERROR: restart failed (ERRBACK)

 

Link to comment
  • 2 weeks later...

I've had OpenVPN-AS running successfully for a while in NAT-mode except it causes Source IP address-based access control that I've used in my LetsEncrypt configurations to operate incorrectly for OpenVPN clients as it acts based upon incorrect Source IP address. Now I'm trying reconfigure OpenVPN-AS from NAT-Mode to Routing-Mode so correct Source IP Addresses will be reported to LetsEncrypt.

 

I've searched this forum as well as Reddit and Google for "unraid openvpn-as routing" and come up short on what I need to move forward.

 

In the OpenVPN-AS Admin WebUI, I've changed Configuration -> VPN Settings -> "Should VPN clients have access to private subnets (non-public networks on the server side)?" from "Yes, Using NAT" to "Yes, Use Routing".

 

I've added a new static route to my access router:

172.27.224.0/20 (i.e., OpenVPN Client Dynamic IP Range) Next Hop to 192.168.1.200 (Unraid static IP) with Hop Distance 1

 

Next, I believe that I need to build a static route in Unraid to route traffic for 172.27.224.0/20 (i.e., OpenVPN Client Dynamic IP Range) to "Somewhere", but I'm not clear how to define it. Since OpenVPN-AS uses Network Type Bridge, I don't think I can assign it a static IP Address (It is currently, however, 172.17.0.5). Can I send it to 172.17.0.1? Do I reference the bridge or the container in some other way?

 

Are there any other modifications required? Will the server and client conf files get updated automatically based on the server modification to push proper routes or do I need to add anything to the Additional OpenVPN Config Directives fields on the server?

 

Current Configuration Info provided, below. Any guidance is extremely appreciated!

 

Current OpenVPN-AS run command:

/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'

Current OpenVPN-AS Network Settings, VPN Settings and Advanced VPN Settings:

1657395370_CurrentOpenVPN-ASServerSettings_Page_1.thumb.jpg.ef9e73973dd4a74c94da96f2256ade0f.jpg

2129646130_CurrentOpenVPN-ASServerSettings_Page_2.thumb.jpg.8d97e3e155ed4cb2188f22ac2ad0e4ad.jpg

1931168366_CurrentOpenVPN-ASServerSettings_Page_3.thumb.jpg.bc5948833e8e28a512a68dfeb59ff991.jpg

5426764_CurrentOpenVPN-ASServerSettings_Page_4.thumb.jpg.5301399f5098a76018078dbf8e45c25c.jpg

1972279333_CurrentOpenVPN-ASServerSettings_Page_5.thumb.jpg.0bb1473ead394c7a7becb51be011b0bd.jpg

1495274644_CurrentOpenVPN-ASServerSettings_Page_6.thumb.jpg.9432ede26058f52e4d5f97ce400bdcc1.jpg

 

Edited by splerman
Link to comment

OK, I've been running this container with success for many months, and then earlier this week, I tried to VPN into my unraid server and I found the container is no longer working.  Before I keep digging, did something change? Is there a known issue?

 

Initially, I found that the WebUI doesn't work.  So I poke around and I see this in the container log:

 

[cont-init.d] 50-interface: executing...
/var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory
[cont-init.d] 50-interface: exited 127.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
[services.d] done.
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

My /config path on the host for this container is not /usr/local/openvpn-as.  It's /mnt/cache/appdata/openvpn-as/.  So that looks weird to me.

 

Since the last time I checked this container, I stood up a VM and changed the network settings, so maybe that is related?  Not sure.

 

I'm guessing this is something really silly, but so far I haven't cracked the code...

 

Diagnostics attached.  Appreciate any guidance on getting this back up and running.

 

 

tower-diagnostics-20200611-1954.zip

Edited by kennelm
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.