splerman Posted June 15, 2020 Share Posted June 15, 2020 On 6/10/2020 at 6:53 AM, splerman said: I've had OpenVPN-AS running successfully for a while in NAT-mode except it causes Source IP address-based access control that I've used in my LetsEncrypt configurations to operate incorrectly for OpenVPN clients as it acts based upon incorrect Source IP address. Now I'm trying reconfigure OpenVPN-AS from NAT-Mode to Routing-Mode so correct Source IP Addresses will be reported to LetsEncrypt. I've searched this forum as well as Reddit and Google for "unraid openvpn-as routing" and come up short on what I need to move forward. In the OpenVPN-AS Admin WebUI, I've changed Configuration -> VPN Settings -> "Should VPN clients have access to private subnets (non-public networks on the server side)?" from "Yes, Using NAT" to "Yes, Use Routing". I've added a new static route to my access router: 172.27.224.0/20 (i.e., OpenVPN Client Dynamic IP Range) Next Hop to 192.168.1.200 (Unraid static IP) with Hop Distance 1 Next, I believe that I need to build a static route in Unraid to route traffic for 172.27.224.0/20 (i.e., OpenVPN Client Dynamic IP Range) to "Somewhere", but I'm not clear how to define it. Since OpenVPN-AS uses Network Type Bridge, I don't think I can assign it a static IP Address (It is currently, however, 172.17.0.5). Can I send it to 172.17.0.1? Do I reference the bridge or the container in some other way? Are there any other modifications required? Will the server and client conf files get updated automatically based on the server modification to push proper routes or do I need to add anything to the Additional OpenVPN Config Directives fields on the server? Current Configuration Info provided, below. Any guidance is extremely appreciated! Current OpenVPN-AS run command: /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as' Current OpenVPN-AS Network Settings, VPN Settings and Advanced VPN Settings: Still trying to troubleshoot my OpenVPN-AS now that I've switched from NAT to Routing. Results from ping tests, below. Also provided: OpenVPN Client log, route tables, iptables Results of Ping Tests: From OpenVPN Client (172.27.224.3) To OpenVPN Gateway: ping 172.27.224.1 (Works) To OpenVPN Container: ping 172.17.0.5 (Works) To Default Bridge Gateway: ping 172.17.0.1 (TIMEOUT) To Unraid Host: ping 192.168.1.200 (TIMEOUT) To Unifi USG Internet Access Gateway: ping 192.168.1.1 (TIMEOUT) From OpenVPN container (172.17.0.5): To OpenVPN Gateway: ping 172.17.224.1 (TIMEOUT) To OpenVPN Client: ping 172.27.224.3 (TIMEOUT) To Default Bridge Gateway: ping 172.17.0.1 (Works) To Unraid Host: ping 192.168.1.200 (Works) To Unifi USG Internet Access Gateway: ping 192.168.1.1 (Works) From Unraid Host (192.168.1.200): To Unifi USG Internet Access Gateway: ping 192.168.1.1 (Works) To Default Bridge Gateway: ping 172.17.0.1 (Works) To OpenVPN Container: ping 172.17.0.5 (Works) To OpenVPN Gateway: ping 172.27.224.1 (Works) To OpenVPN Client: ping 172.27.224.3 (TIMEOUT) From Unifi USG Internet Access Gateway (192.168.1.1): To Unraid Host: ping 192.168.1.200 (Works) To Default Bridge Gateway: ping 172.17.0.1 (Works) To OpenVPN Container: ping 172.17.0.5 (Works) To OpenVPN Gateway: ping 172.27.224.1 (Works) To OpenVPN Client: ping 172.27.224.3 (TIMEOUT) From LAN PC (192.168.1.160): To Unifi USG Internet Access Gateway: ping 192.168.1.1 (Works) To Unraid Host: ping 192.168.1.200 (Works) To Default Bridge Gateway: ping 172.17.0.1 (Works) To OpenVPN Container: ping 172.17.0.5 (Works) To OpenVPN Gateway: ping 172.27.224.1 (Works) To OpenVPN Client: ping 172.27.224.3 (TIMEOUT) OpenVPN Client [172.27.224.3] Logs: 2020-06-15 12:40:33 1 2020-06-15 12:40:33 ----- OpenVPN Start ----- OpenVPN core 3.git::3e56f9a6 ios arm64 64-bit 2020-06-15 12:40:33 OpenVPN core 3.git::3e56f9a6 ios arm64 64-bit 2020-06-15 12:40:33 Frame=512/2048/512 mssfix-ctrl=1250 2020-06-15 12:40:33 UNUSED OPTIONS 4 [nobind] 12 [sndbuf] [0] 13 [rcvbuf] [0] 15 [verb] [3] 25 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 26 [CLI_PREF_BASIC_CLIENT] [False] 27 [CLI_PREF_ENABLE_CONNECT] [False] 28 [CLI_PREF_ENABLE_XD_PROXY] [True] 29 [WSHOST] [openvpn.mydomain.com:943] 30 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDCjCCAfKgAwIBAgIEXuOPXjANBgkqhkiG...] 31 [IS_OPENVPN_WEB_CA] [1] 2020-06-15 12:40:33 EVENT: RESOLVE 2020-06-15 12:40:33 Contacting [WAN PUBLIC IP]:1194/UDP via UDP 2020-06-15 12:40:33 EVENT: WAIT 2020-06-15 12:40:33 Connecting to [openvpn.mydomain.com]:1194 (WAN PUBLIC IP) via UDPv4 2020-06-15 12:40:33 EVENT: CONNECTING 2020-06-15 12:40:33 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client 2020-06-15 12:40:33 Creds: Username/PasswordEmpty 2020-06-15 12:40:33 Peer Info: IV_VER=3.git::3e56f9a6 IV_PLAT=ios IV_NCP=2 IV_TCPNL=1 IV_PROTO=2 IV_LZO=1 IV_LZO_SWAP=1 IV_LZ4=1 IV_LZ4v2=1 IV_COMP_STUB=1 IV_COMP_STUBv2=1 IV_IPv6=0 IV_AUTO_SESS=1 IV_GUI_VER=net.openvpn.connect.ios_3.2.0-3253 IV_SSO=openurl IV_HWADDR=1178475E-099E-4FA5-8285-4F9C31760FXX IV_SSL=OpenSSL 1.1.1g 21 Apr 2020 2020-06-15 12:40:33 VERIFY OK: depth=1, /CN=OpenVPN CA 2020-06-15 12:40:33 VERIFY OK: depth=0, /CN=OpenVPN Server 2020-06-15 12:40:33 SSL Handshake: CN=OpenVPN Server, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA 2020-06-15 12:40:33 Session is ACTIVE 2020-06-15 12:40:33 EVENT: GET_CONFIG 2020-06-15 12:40:33 Sending PUSH_REQUEST to server... 2020-06-15 12:40:33 OPTIONS: 0 [explicit-exit-notify] 1 [topology] [subnet] 2 [route-delay] [5] [30] 3 [dhcp-pre-release] 4 [dhcp-renew] 5 [dhcp-release] 6 [route-metric] [101] 7 [route] [192.168.1.0] [255.255.255.0] 8 [route] [172.17.0.0] [255.255.0.0] 9 [ping] [12] 10 [ping-restart] [50] 11 [compress] [stub-v2] 12 [redirect-private] [def1] 13 [redirect-private] [bypass-dhcp] 14 [redirect-private] [autolocal] 15 [route-gateway] [172.27.224.1] 16 [route] [8.8.8.8] 17 [route] [192.168.1.0] [255.255.255.0] 18 [route] [172.17.0.0] [255.255.0.0] 19 [route] [172.18.0.0] [255.255.0.0] 20 [dhcp-option] [DNS] [192.168.1.14] 21 [dhcp-option] [DNS] [192.168.1.1] 22 [dhcp-option] [DNS] [8.8.8.8] 23 [dhcp-option] [DOMAIN] [mydomain.com] 24 [dhcp-option] [ADAPTER_DOMAIN_SUFFIX] [mydomain.com] 25 [register-dns] 26 [block-ipv6] 27 [ifconfig] [172.27.224.3] [255.255.240.0] 28 [peer-id] [2] 29 [auth-token] ... 30 [cipher] [AES-256-GCM] 2020-06-15 12:40:33 Session token: [redacted] 2020-06-15 12:40:33 PROTOCOL OPTIONS: cipher: AES-256-GCM digest: NONE compress: COMP_STUBv2 peer ID: 2 2020-06-15 12:40:33 EVENT: ASSIGN_IP 2020-06-15 12:40:33 NIP: preparing TUN network settings 2020-06-15 12:40:33 NIP: init TUN network settings with endpoint: WAN PUBLIC IP 2020-06-15 12:40:33 NIP: adding IPv4 address to network settings 172.27.224.3/255.255.240.0 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.27.224.0/20 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.0/24 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.17.0.0/16 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 8.8.8.8/32 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.0/24 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.17.0.0/16 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.18.0.0/16 2020-06-15 12:40:33 NIP: adding DNS 192.168.1.14 2020-06-15 12:40:33 NIP: adding DNS 192.168.1.1 2020-06-15 12:40:33 NIP: adding DNS 8.8.8.8 2020-06-15 12:40:33 NIP: adding match domain mydomain.com 2020-06-15 12:40:33 NIP: adding search domain (adapter domain suffix) mydomain.com 2020-06-15 12:40:33 NIP: blocking all IPv6 traffic 2020-06-15 12:40:33 NIP: adding DNS specific routes: 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.14/32 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.1/32 2020-06-15 12:40:33 NIP: adding (included) IPv4 route 8.8.8.8/32 2020-06-15 12:40:33 Connected via NetworkExtensionTUN 2020-06-15 12:40:33 Comp-stubV2 init 2020-06-15 12:40:33 EVENT: CONNECTED [email protected]:1194 (WAN PUBLIC IP) via /UDPv4 on NetworkExtensionTUN/172.27.224.3/ gw=[/] On the Unraid host, I've already added a route to the OpenVPN Client network [172.27.224.0/20] via docker0 (not done on a persistent basis yet): root@Unraid:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default USG 0.0.0.0 UG 632 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-5ae677f41049 172.27.224.0 0.0.0.0 255.255.240.0 U 1 0 0 docker0 192.168.1.0 0.0.0.0 255.255.255.128 U 0 0 0 shim-br0 192.168.1.0 0.0.0.0 255.255.255.0 U 632 0 0 br0 192.168.1.128 0.0.0.0 255.255.255.128 U 0 0 0 shim-br0 root@Unraid:~# On the Unifi USG Internet Access Gateway [192.168.1.1], I've already added a route to the OpenVPN Client network [172.27.224.0/20] via the Unraid host: user@USG:~$ sudo route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default cpe-66-74-0-1.d 0.0.0.0 UG 0 0 0 eth0 10.8.0.0 unraid 255.255.255.0 UG 0 0 0 eth1 10.253.0.0 unraid 255.255.255.0 UG 0 0 0 eth1 66.74.0.0 * 255.255.224.0 U 0 0 0 eth0 loopback * 255.0.0.0 U 0 0 0 lo 172.17.0.0 unraid 255.255.0.0 UG 0 0 0 eth1 172.18.0.0 unraid 255.255.0.0 UG 0 0 0 eth1 172.27.224.0 unraid 255.255.240.0 UG 0 0 0 eth1 172.27.240.0 unraid 255.255.240.0 UG 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1.2 user@USG:~$ In the OpenVPN Container [172.17.0.5], I've verified that IP Forwarding is enabled: # sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 On the Unraid host [192.168.1.200], I've verified that IP Forwarding is enabled: root@Unraid:~# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 root@Unraid:~# Here are the iptables from the OpenVPN container [172.17.0.5]: # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_ACCEPT all -- anywhere anywhere AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000 AS0_ACCEPT udp -- anywhere anywhere state NEW udp dpt:1194 AS0_WEBACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_WEBACCEPT tcp -- anywhere anywhere state NEW tcp dpt:943 Chain FORWARD (policy ACCEPT) target prot opt source destination AS0_ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED AS0_IN_PRE all -- anywhere anywhere mark match 0x2000000/0x2000000 AS0_OUT_S2C all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination AS0_OUT_LOCAL all -- anywhere anywhere Chain AS0_ACCEPT (4 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain AS0_DNS (2 references) target prot opt source destination ACCEPT all -- anywhere dns.google RETURN all -- anywhere anywhere Chain AS0_IN (4 references) target prot opt source destination ACCEPT all -- anywhere 172.27.224.1 AS0_IN_POST all -- anywhere anywhere Chain AS0_IN_NAT (0 references) target prot opt source destination MARK all -- anywhere anywhere MARK or 0x8000000 ACCEPT all -- anywhere anywhere Chain AS0_IN_POST (1 references) target prot opt source destination ACCEPT all -- anywhere 192.168.1.0/24 ACCEPT all -- anywhere 172.17.0.0/16 ACCEPT all -- anywhere 172.18.0.0/16 AS0_OUT all -- anywhere anywhere DROP all -- anywhere anywhere Chain AS0_IN_PRE (2 references) target prot opt source destination AS0_DNS tcp -- anywhere anywhere state NEW tcp dpt:53 AS0_DNS udp -- anywhere anywhere state NEW udp dpt:53 AS0_IN all -- anywhere 169.254.0.0/16 AS0_IN all -- anywhere 192.168.0.0/16 AS0_IN all -- anywhere 172.16.0.0/12 AS0_IN all -- anywhere 10.0.0.0/8 DROP all -- anywhere anywhere Chain AS0_IN_ROUTE (0 references) target prot opt source destination MARK all -- anywhere anywhere MARK or 0x4000000 ACCEPT all -- anywhere anywhere Chain AS0_OUT (2 references) target prot opt source destination AS0_OUT_POST all -- anywhere anywhere Chain AS0_OUT_LOCAL (1 references) target prot opt source destination DROP icmp -- anywhere anywhere icmp redirect ACCEPT all -- anywhere anywhere Chain AS0_OUT_POST (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere mark match 0x2000000/0x2000000 DROP all -- anywhere anywhere Chain AS0_OUT_S2C (1 references) target prot opt source destination ACCEPT all -- 192.168.1.0/24 anywhere ACCEPT all -- 172.17.0.0/16 anywhere ACCEPT all -- 172.18.0.0/16 anywhere AS0_OUT all -- anywhere anywhere Chain AS0_WEBACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere # and the iptables from Unraid [192.168.1.200]: root@Unraid:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination LIBVIRT_INP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere LIBVIRT_FWX all -- anywhere anywhere LIBVIRT_FWI all -- anywhere anywhere LIBVIRT_FWO all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere WIREGUARD all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination LIBVIRT_OUT all -- anywhere anywhere Chain DOCKER (2 references) target prot opt source destination ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:5349 ACCEPT udp -- anywhere 172.17.0.2 udp dpt:5349 ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:8118 ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:8080 ACCEPT tcp -- anywhere 172.18.0.2 tcp dpt:6881 ACCEPT udp -- anywhere 172.18.0.2 udp dpt:6881 ACCEPT tcp -- anywhere 172.18.0.3 tcp dpt:https ACCEPT tcp -- anywhere 172.18.0.3 tcp dpt:http ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:8086 ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:8083 ACCEPT tcp -- anywhere 172.18.0.4 tcp dpt:http ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:9300 ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:9200 ACCEPT tcp -- anywhere 172.17.0.6 tcp dpt:6379 ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:9443 ACCEPT udp -- anywhere 172.17.0.5 udp dpt:openvpn ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:943 ACCEPT tcp -- anywhere 172.18.0.6 tcp dpt:9897 ACCEPT tcp -- anywhere 172.18.0.6 tcp dpt:8989 ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:http ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:https ACCEPT tcp -- anywhere 172.17.0.7 tcp dpt:3306 ACCEPT tcp -- anywhere 172.18.0.7 tcp dpt:https ACCEPT tcp -- anywhere 172.17.0.8 tcp dpt:6080 ACCEPT tcp -- anywhere 172.18.0.8 tcp dpt:5900 ACCEPT tcp -- anywhere 172.18.0.8 tcp dpt:5800 ACCEPT tcp -- anywhere 172.18.0.8 tcp dpt:3129 ACCEPT tcp -- anywhere 172.18.0.9 tcp dpt:6789 ACCEPT tcp -- anywhere 172.18.0.10 tcp dpt:9117 ACCEPT tcp -- anywhere 172.18.0.11 tcp dpt:6767 ACCEPT tcp -- anywhere 172.17.0.9 tcp dpt:8686 ACCEPT tcp -- anywhere 172.18.0.12 tcp dpt:3579 ACCEPT tcp -- anywhere 172.17.0.10 tcp dpt:http ACCEPT tcp -- anywhere 172.18.0.13 tcp dpt:7878 ACCEPT tcp -- anywhere 172.18.0.14 tcp dpt:http ACCEPT tcp -- anywhere 172.18.0.15 tcp dpt:8181 Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (2 references) target prot opt source destination DROP all -- anywhere anywhere DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain LIBVIRT_FWI (1 references) target prot opt source destination Chain LIBVIRT_FWO (1 references) target prot opt source destination Chain LIBVIRT_FWX (1 references) target prot opt source destination Chain LIBVIRT_INP (1 references) target prot opt source destination Chain LIBVIRT_OUT (1 references) target prot opt source destination Chain WIREGUARD (1 references) target prot opt source destination root@Unraid:~# Quote Link to comment
kennelm Posted June 20, 2020 Share Posted June 20, 2020 On 6/11/2020 at 8:37 PM, kennelm said: OK, I've been running this container with success for many months, and then earlier this week, I tried to VPN into my unraid server and I found the container is no longer working. Before I keep digging, did something change? Is there a known issue? Initially, I found that the WebUI doesn't work. So I poke around and I see this in the container log: [cont-init.d] 50-interface: executing... /var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory /var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory /var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory /var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory [cont-init.d] 50-interface: exited 127. [cont-init.d] 99-custom-scripts: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-scripts: exited 0. [cont-init.d] done. [services.d] starting services ./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory [services.d] done. ./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory My /config path on the host for this container is not /usr/local/openvpn-as. It's /mnt/cache/appdata/openvpn-as/. So that looks weird to me. Since the last time I checked this container, I stood up a VM and changed the network settings, so maybe that is related? Not sure. I'm guessing this is something really silly, but so far I haven't cracked the code... Diagnostics attached. Appreciate any guidance on getting this back up and running. tower-diagnostics-20200611-1954.zip 99.48 kB · 0 downloads OK, I figured this out. I had configured OpenDNS at my router to experiment with parental controls and that definitely interfered with this container. Larry Quote Link to comment
Sain Posted June 22, 2020 Share Posted June 22, 2020 On 6/20/2020 at 11:22 PM, kennelm said: OK, I figured this out. I had configured OpenDNS at my router to experiment with parental controls and that definitely interfered with this container. Larry Could you please let me know how exactly did you fix the problem. Because I'm experiencing the exact same problem. It was working fine for months. Now no matter how many times I install it or change settings I cannot get to the WebUi and I'm treated with "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory" Quote Link to comment
kennelm Posted June 23, 2020 Share Posted June 23, 2020 (edited) 19 hours ago, Sain said: Could you please let me know how exactly did you fix the problem. Because I'm experiencing the exact same problem. It was working fine for months. Now no matter how many times I install it or change settings I cannot get to the WebUi and I'm treated with "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory" First, I reset the OpenDNS servers on my router. In my case, I used Google's: 8.8.8.8 and 8.8.4.4. You can also default to the one's provided by your ISP. Then, on the Windows machine where I access the unraid console, I had to flush the DNS servers: ipconfig /flushdns After that, I reinstalled the container and it worked. I have not taken the time to understand why, but I plan to, or if someone already knows, please weigh in. Edited June 23, 2020 by kennelm Quote Link to comment
Sain Posted June 23, 2020 Share Posted June 23, 2020 4 hours ago, kennelm said: First, I reset the OpenDNS servers on my router. In my case, I used Google's: 8.8.8.8 and 8.8.4.4. You can also default to the one's provided by your ISP. Then, on the Windows machine where I access the unraid console, I had to flush the DNS servers: ipconfig /flushdns After that, I reinstalled the container and it worked. I have not taken the time to understand why, but I plan to, or if someone already knows, please weigh in. I tried shutting off my PiHole and setting the router, Unraid and my machine to 8.8.8.8. I flushed the DNS. Also tried different machine. (I set up different Unraid test server and different windows machine) all that didn't help to fix the issue. I really appreciate your help Kennelm. Quote Link to comment
kennelm Posted June 23, 2020 Share Posted June 23, 2020 (edited) 19 hours ago, Sain said: I tried shutting off my PiHole and setting the router, Unraid and my machine to 8.8.8.8. I flushed the DNS. Also tried different machine. (I set up different Unraid test server and different windows machine) all that didn't help to fix the issue. I really appreciate your help Kennelm. Assuming you had OpenDNS running and that caused your issue, and it has been turned off, check the DNS servers being used on your clients and servers: cat /etc/resolve.conf on Linux. ipconfig /all on Windows. Maybe the OpenDNS servers are still in the cache? Larry Edited June 24, 2020 by kennelm Quote Link to comment
Sain Posted June 24, 2020 Share Posted June 24, 2020 (edited) 7 hours ago, kennelm said: Assuming you had OpenDNS running and that caused your issue, and it has been turned off, check the DNS servers being used on your clients and servers: cat /etc/resolve.conf on Linux. ipconfig /all on Windows. Maybe the OpenDNS servers are still in the cache? Larry I have never had OpenDNS running on any of machines. In fact didn't know what OpenDNS is. I thought its something like CloudFlare DNS or Google DNS. I use Google as my DNS or my local ISP. (I use Pihole but I bypassed it completely) Till now I don't know what the problem is. OpenVPN used to work fine for months Until one day it's stops working at all. no matter how many times I try to fresh install. try different machines both client and server, I still dont' have access to OpenVPN WebGui and I get this error repeated on the log "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory" Edited June 24, 2020 by Sain Quote Link to comment
aptalca Posted June 24, 2020 Share Posted June 24, 2020 8 hours ago, Sain said: I have never had OpenDNS running on any of machines. In fact didn't know what OpenDNS is. I thought its something like CloudFlare DNS or Google DNS. I use Google as my DNS or my local ISP. (I use Pihole but I bypassed it completely) Till now I don't know what the problem is. OpenVPN used to work fine for months Until one day it's stops working at all. no matter how many times I try to fresh install. try different machines both client and server, I still dont' have access to OpenVPN WebGui and I get this error repeated on the log "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory" That line alone is not helpful. All it tells you is that there was an issue with openvpn install. Post a full log if you seek assistance, and post a docker run. Pihole is known to cause such issues Quote Link to comment
rcmpayne Posted June 25, 2020 Share Posted June 25, 2020 Hey folks. I cant figure out how to create two dockers for openvpn-as. Even if I rename the config folder and the name it takes over the previous one. Sent from my SM-N970U1 using Tapatalk Quote Link to comment
Dustin Posted June 27, 2020 Share Posted June 27, 2020 (edited) Hello, My OpenVPN docker worked for a little while earlier this year. It suddenly stopped working. So I decided to uninstall the docker and reinstall it to see if I can get it to work. I download the docker, install says it completes successfully. The first time I go to access the WebGUI in the docker, I get the attached log with a number of errors in it. The web page I get looks like the attached screen shot when I click on the WebUI selection on the docker in Unraid. I have changed my DNS servers to google DNS servers 8.8.8.8 and 8.8.4.4 and flushed the DNS running the following code in the command prompt of the PC I'm using to access the web interface on: ipconfig /flushdns and received the response "successfully flushed the DNS Resolver Cache." Then I reinstalled the docker, still same issues. I also shutoff all my anti-virus and firewall stuff, and I am not using a proxy server. I have also deleted the entire OpenVPN folder created in appdata before uninstalling, still does not help. When I uninstall I select the box that says delete image file. Is there more hidden files tucked away in different places that I need to go in and manually delete to completely remove the Docker? I have tried different web browsers as well, with no success. Please help....I loved it when this thing worked, but by uninstalling and reinstalling the Docker I appear to be worse off. Thanks for your time. WebPage_Screen_Shot.pdf OpenVPN_Error_Log.txt Edited June 27, 2020 by Dustin Quote Link to comment
Sain Posted June 27, 2020 Share Posted June 27, 2020 (edited) 55 minutes ago, Dustin said: Hello, My OpenVPN docker worked for a little while earlier this year. It suddenly stopped working. So I decided to uninstall the docker and reinstall it to see if I can get it to work. I download the docker, install says it completes successfully. The first time I go to access the WebGUI in the docker, I get the attached log with a number of errors in it. The web page I get looks like the attached screen shot when I click on the WebUI selection on the docker in Unraid. I have changed my DNS servers to google DNS servers 8.8.8.8 and 8.8.4.4 and flushed the DNS running the following code in the command prompt of the PC I'm using to access the web interface on: ipconfig /flushdns and received the response "successfully flushed the DNS Resolver Cache." Then I reinstalled the docker, still same issues. I also shutoff all my anti-virus and firewall stuff, and I am not using a proxy server. I have also deleted the entire OpenVPN folder created in appdata before uninstalling, still does not help. When I uninstall I select the box that says delete image file. Is there more hidden files tucked away in different places that I need to go in and manually delete to completely remove the Docker? I have tried different web browsers as well, with no success. Please help....I loved it when this thing worked, but by uninstalling and reinstalling the Docker I appear to be worse off. Thanks for your time. WebPage_Screen_Shot.pdf 192.36 kB · 0 downloads OpenVPN_Error_Log.txt 10.12 kB · 0 downloads My experience was exactly like yours. I even went an extra mile and create new test unraid server and new test windows still same issue. Many people experience the same thing. If you go and look for the latest comments in Spaceinvader YouTube tatorial on Unraid OpenVPN installation, you'll see lots of users are asking how to fix this issue. I gave up on this docker. Since I'm using PFsense I create OpenVPN Server their. And it works flawlessly. Also it's better to have it on the router level. Edited June 27, 2020 by Sain Typo Quote Link to comment
saarg Posted June 27, 2020 Share Posted June 27, 2020 59 minutes ago, Dustin said: Hello, My OpenVPN docker worked for a little while earlier this year. It suddenly stopped working. So I decided to uninstall the docker and reinstall it to see if I can get it to work. I download the docker, install says it completes successfully. The first time I go to access the WebGUI in the docker, I get the attached log with a number of errors in it. The web page I get looks like the attached screen shot when I click on the WebUI selection on the docker in Unraid. I have changed my DNS servers to google DNS servers 8.8.8.8 and 8.8.4.4 and flushed the DNS running the following code in the command prompt of the PC I'm using to access the web interface on: ipconfig /flushdns and received the response "successfully flushed the DNS Resolver Cache." Then I reinstalled the docker, still same issues. I also shutoff all my anti-virus and firewall stuff, and I am not using a proxy server. I have also deleted the entire OpenVPN folder created in appdata before uninstalling, still does not help. When I uninstall I select the box that says delete image file. Is there more hidden files tucked away in different places that I need to go in and manually delete to completely remove the Docker? I have tried different web browsers as well, with no success. Please help....I loved it when this thing worked, but by uninstalling and reinstalling the Docker I appear to be worse off. Thanks for your time. WebPage_Screen_Shot.pdf 192.36 kB · 0 downloads OpenVPN_Error_Log.txt 10.12 kB · 0 downloads Looks like you are forbidden to access the download server for openvpn-as. Quote Link to comment
aptalca Posted June 28, 2020 Share Posted June 28, 2020 Just a general comment. I'm seeing quite a few people here with the comment "followed spaceinvaderone video, it doesn't work". Perhaps you should ask him for support, maybe there is an issue with the directions there. If you use the default template as is, and follow the directions we provide in the readme (linked in the first post here), it works. I've been using it for years. It only once crapped out on me during an image update, I restored from a backup and it worked just fine since. Also keep in mind that when you update the image, it has to connect to the openvpn-as repo to download the package. If you have networking issues (dns config, mtu issue, or something like pihole blocking it) you'll see in the logs that it is unable to connect to the repo. To ask for support from us, post your docker run, and a full docker log on pastebin or the like and drop links here. Also let us know how you're trying to access it (the address) and what settings you changed in the gui. "I followed X guide and it doesn't work" is not going to get you support from us. Quote Link to comment
Normand_Nadon Posted July 7, 2020 Share Posted July 7, 2020 Hello there, I followed SpaceInvader's 2019 guide to setup the openvpn-as container and I have some issues... https://www.youtube.com/watch?v=fpkLvnAKen0 Firstly, when using his guide, to the letter, I can connect to the VPN and browse the net as if I was home. BUT, I can't connect to anything on the home network... No response (I used my phone as a hotspot to test). Googling and "ducking" helped me find that the Interface should be set as HOST and the docker should be privileged. By doing so, I lose the ability to connect through the VPN and can't login as an admin on the Web GUI... So for now, unusable. Did someone else encounter similar issues and found the way to fix them? Quote Link to comment
saarg Posted July 7, 2020 Share Posted July 7, 2020 3 hours ago, Normand_Nadon said: Hello there, I followed SpaceInvader's 2019 guide to setup the openvpn-as container and I have some issues... https://www.youtube.com/watch?v=fpkLvnAKen0 Firstly, when using his guide, to the letter, I can connect to the VPN and browse the net as if I was home. BUT, I can't connect to anything on the home network... No response (I used my phone as a hotspot to test). Googling and "ducking" helped me find that the Interface should be set as HOST and the docker should be privileged. By doing so, I lose the ability to connect through the VPN and can't login as an admin on the Web GUI... So for now, unusable. Did someone else encounter similar issues and found the way to fix them? You should not set it to host or use privileged. The template should have the correct settings already, so it's just the ports you need to set. I have not watched the video and will not do it either, so you have to tell us what you have done. You have set the local subnet in openvpn-as? Quote Link to comment
Normand_Nadon Posted July 10, 2020 Share Posted July 10, 2020 Thanks for your answer... I added my home network to the list of subnets in the web Ui.. is that what you refer to? Quote Link to comment
saarg Posted July 10, 2020 Share Posted July 10, 2020 30 minutes ago, Normand_Nadon said: Thanks for your answer... I added my home network to the list of subnets in the web Ui.. is that what you refer to? To be honest I don't remember which setting it is as I don't use it and it's a long time since I tested it. Quote Link to comment
Normand_Nadon Posted July 11, 2020 Share Posted July 11, 2020 21 hours ago, saarg said: To be honest I don't remember which setting it is as I don't use it and it's a long time since I tested it. Okay, but do you use a VPN on UNRAID? and if so, how did you set it up? Quote Link to comment
saarg Posted July 11, 2020 Share Posted July 11, 2020 3 hours ago, Normand_Nadon said: Okay, but do you use a VPN on UNRAID? and if so, how did you set it up? I don't use a VPN on unraid. Quote Link to comment
luca2 Posted July 14, 2020 Share Posted July 14, 2020 hi, a simple question that I cannot solve...I just installed the docker on unraid 6.8.3. how can the password of the admin be changed? I tried changing it in user permissions but it is actually not done and I can still login with default "password". Quote Link to comment
saarg Posted July 14, 2020 Share Posted July 14, 2020 15 minutes ago, luca2 said: hi, a simple question that I cannot solve...I just installed the docker on unraid 6.8.3. how can the password of the admin be changed? I tried changing it in user permissions but it is actually not done and I can still login with default "password". It's mentioned in the readme on GitHub. Quote Link to comment
luca2 Posted July 14, 2020 Share Posted July 14, 2020 30 minutes ago, saarg said: It's mentioned in the readme on GitHub. Thx for pointing me in the right direction. When it says: "Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin boot_pam_users.0=kjhvkhv" ... just to be sure: "kjhvkhv" should be my new created user (with admin rights)? thx in advance for support. Quote Link to comment
saarg Posted July 14, 2020 Share Posted July 14, 2020 2 hours ago, luca2 said: Thx for pointing me in the right direction. When it says: "Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin boot_pam_users.0=kjhvkhv" ... just to be sure: "kjhvkhv" should be my new created user (with admin rights)? thx in advance for support. It's explained in the important note right under that explanation. You are disabling the pam user, so it is just random letters. Quote Link to comment
Yeyo53 Posted July 21, 2020 Share Posted July 21, 2020 (edited) Hello Its my first time setting up a OpenVPN server so I don't know if this is the correct way of working or I'm missing something. I have followed the Spaceinvaders guide and my VPN is working. I have tested it with my mobile phone using 4G and it works perfect. The problem was that I was at the office this morning and want to test it but I didn't have the profile so I tried to access to mydomain:943 and It couldn't be reached. I 'opened' the port just in case and still not working. So: 1) Is openVPN GUI only accesible through LAN for security reasons? 2) In this way, should I keep a copy of the profile somewhere in the cloud (my nextcloud, for example) in case this happen again to me? 3) In the case OpenVPN can be accesed through wan, what I'm missing? I tried the port in a hurry, but I'm using nginxproxymanager. Thanks in advance. Edited July 21, 2020 by Yeyo53 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.