[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

On 6/10/2020 at 6:53 AM, splerman said:

I've had OpenVPN-AS running successfully for a while in NAT-mode except it causes Source IP address-based access control that I've used in my LetsEncrypt configurations to operate incorrectly for OpenVPN clients as it acts based upon incorrect Source IP address. Now I'm trying reconfigure OpenVPN-AS from NAT-Mode to Routing-Mode so correct Source IP Addresses will be reported to LetsEncrypt.

 

I've searched this forum as well as Reddit and Google for "unraid openvpn-as routing" and come up short on what I need to move forward.

 

In the OpenVPN-AS Admin WebUI, I've changed Configuration -> VPN Settings -> "Should VPN clients have access to private subnets (non-public networks on the server side)?" from "Yes, Using NAT" to "Yes, Use Routing".

 

I've added a new static route to my access router:

172.27.224.0/20 (i.e., OpenVPN Client Dynamic IP Range) Next Hop to 192.168.1.200 (Unraid static IP) with Hop Distance 1

 

Next, I believe that I need to build a static route in Unraid to route traffic for 172.27.224.0/20 (i.e., OpenVPN Client Dynamic IP Range) to "Somewhere", but I'm not clear how to define it. Since OpenVPN-AS uses Network Type Bridge, I don't think I can assign it a static IP Address (It is currently, however, 172.17.0.5). Can I send it to 172.17.0.1? Do I reference the bridge or the container in some other way?

 

Are there any other modifications required? Will the server and client conf files get updated automatically based on the server modification to push proper routes or do I need to add anything to the Additional OpenVPN Config Directives fields on the server?

 

Current Configuration Info provided, below. Any guidance is extremely appreciated!

 

Current OpenVPN-AS run command:


/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'

Current OpenVPN-AS Network Settings, VPN Settings and Advanced VPN Settings:

1657395370_CurrentOpenVPN-ASServerSettings_Page_1.thumb.jpg.ef9e73973dd4a74c94da96f2256ade0f.jpg

2129646130_CurrentOpenVPN-ASServerSettings_Page_2.thumb.jpg.8d97e3e155ed4cb2188f22ac2ad0e4ad.jpg

1931168366_CurrentOpenVPN-ASServerSettings_Page_3.thumb.jpg.bc5948833e8e28a512a68dfeb59ff991.jpg

5426764_CurrentOpenVPN-ASServerSettings_Page_4.thumb.jpg.5301399f5098a76018078dbf8e45c25c.jpg

1972279333_CurrentOpenVPN-ASServerSettings_Page_5.thumb.jpg.0bb1473ead394c7a7becb51be011b0bd.jpg

1495274644_CurrentOpenVPN-ASServerSettings_Page_6.thumb.jpg.9432ede26058f52e4d5f97ce400bdcc1.jpg

 

 

 

Still trying to troubleshoot my OpenVPN-AS now that I've switched from NAT to Routing. Results from ping tests, below. Also provided: OpenVPN Client log, route tables, iptables

 

Results of Ping Tests:

From OpenVPN Client (172.27.224.3)
To OpenVPN Gateway: ping 172.27.224.1 (Works)
To OpenVPN Container: ping 172.17.0.5 (Works)
To Default Bridge Gateway: ping 172.17.0.1 (TIMEOUT)
To Unraid Host: ping 192.168.1.200 (TIMEOUT)
To Unifi USG Internet Access Gateway: ping 192.168.1.1 (TIMEOUT)

From OpenVPN container (172.17.0.5):
To OpenVPN Gateway: ping 172.17.224.1 (TIMEOUT)
To OpenVPN Client: ping 172.27.224.3 (TIMEOUT)
To Default Bridge Gateway: ping 172.17.0.1 (Works)
To Unraid Host: ping 192.168.1.200 (Works)
To Unifi USG Internet Access Gateway: ping 192.168.1.1 (Works)

From Unraid Host (192.168.1.200):
To Unifi USG Internet Access Gateway: ping 192.168.1.1 (Works)
To Default Bridge Gateway: ping 172.17.0.1 (Works)
To OpenVPN Container: ping 172.17.0.5 (Works)
To OpenVPN Gateway: ping 172.27.224.1 (Works)
To OpenVPN Client: ping 172.27.224.3 (TIMEOUT)

From Unifi USG Internet Access Gateway (192.168.1.1):
To Unraid Host: ping 192.168.1.200 (Works)
To Default Bridge Gateway: ping 172.17.0.1 (Works)
To OpenVPN Container: ping 172.17.0.5 (Works)
To OpenVPN Gateway: ping 172.27.224.1 (Works)
To OpenVPN Client: ping 172.27.224.3 (TIMEOUT)

From LAN PC (192.168.1.160):
To Unifi USG Internet Access Gateway: ping 192.168.1.1 (Works)
To Unraid Host: ping 192.168.1.200 (Works)
To Default Bridge Gateway: ping 172.17.0.1 (Works)
To OpenVPN Container: ping 172.17.0.5 (Works)
To OpenVPN Gateway: ping 172.27.224.1 (Works)
To OpenVPN Client: ping 172.27.224.3 (TIMEOUT)
 

OpenVPN Client [172.27.224.3] Logs:

2020-06-15 12:40:33 1

2020-06-15 12:40:33 ----- OpenVPN Start ----- OpenVPN core 3.git::3e56f9a6 ios arm64 64-bit

2020-06-15 12:40:33 OpenVPN core 3.git::3e56f9a6 ios arm64 64-bit

2020-06-15 12:40:33 Frame=512/2048/512 mssfix-ctrl=1250

2020-06-15 12:40:33 UNUSED OPTIONS
4 [nobind]
12 [sndbuf] [0]
13 [rcvbuf] [0]
15 [verb] [3]
25 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
26 [CLI_PREF_BASIC_CLIENT] [False]
27 [CLI_PREF_ENABLE_CONNECT] [False]
28 [CLI_PREF_ENABLE_XD_PROXY] [True]
29 [WSHOST] [openvpn.mydomain.com:943]
30 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIDCjCCAfKgAwIBAgIEXuOPXjANBgkqhkiG...]
31 [IS_OPENVPN_WEB_CA] [1] 

2020-06-15 12:40:33 EVENT: RESOLVE

2020-06-15 12:40:33 Contacting [WAN PUBLIC IP]:1194/UDP via UDP

2020-06-15 12:40:33 EVENT: WAIT

2020-06-15 12:40:33 Connecting to [openvpn.mydomain.com]:1194 (WAN PUBLIC IP) via UDPv4

2020-06-15 12:40:33 EVENT: CONNECTING

2020-06-15 12:40:33 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client

2020-06-15 12:40:33 Creds: Username/PasswordEmpty

2020-06-15 12:40:33 Peer Info:
IV_VER=3.git::3e56f9a6
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_IPv6=0
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.0-3253
IV_SSO=openurl
IV_HWADDR=1178475E-099E-4FA5-8285-4F9C31760FXX
IV_SSL=OpenSSL 1.1.1g  21 Apr 2020


2020-06-15 12:40:33 VERIFY OK: depth=1, /CN=OpenVPN CA

2020-06-15 12:40:33 VERIFY OK: depth=0, /CN=OpenVPN Server

2020-06-15 12:40:33 SSL Handshake: CN=OpenVPN Server, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

2020-06-15 12:40:33 Session is ACTIVE

2020-06-15 12:40:33 EVENT: GET_CONFIG

2020-06-15 12:40:33 Sending PUSH_REQUEST to server...

2020-06-15 12:40:33 OPTIONS:
0 [explicit-exit-notify]
1 [topology] [subnet]
2 [route-delay] [5] [30]
3 [dhcp-pre-release]
4 [dhcp-renew]
5 [dhcp-release]
6 [route-metric] [101]
7 [route] [192.168.1.0] [255.255.255.0]
8 [route] [172.17.0.0] [255.255.0.0]
9 [ping] [12]
10 [ping-restart] [50]
11 [compress] [stub-v2]
12 [redirect-private] [def1]
13 [redirect-private] [bypass-dhcp]
14 [redirect-private] [autolocal]
15 [route-gateway] [172.27.224.1]
16 [route] [8.8.8.8]
17 [route] [192.168.1.0] [255.255.255.0]
18 [route] [172.17.0.0] [255.255.0.0]
19 [route] [172.18.0.0] [255.255.0.0]
20 [dhcp-option] [DNS] [192.168.1.14]
21 [dhcp-option] [DNS] [192.168.1.1]
22 [dhcp-option] [DNS] [8.8.8.8]
23 [dhcp-option] [DOMAIN] [mydomain.com]
24 [dhcp-option] [ADAPTER_DOMAIN_SUFFIX] [mydomain.com]
25 [register-dns]
26 [block-ipv6]
27 [ifconfig] [172.27.224.3] [255.255.240.0]
28 [peer-id] [2]
29 [auth-token] ...
30 [cipher] [AES-256-GCM] 


2020-06-15 12:40:33 Session token: [redacted]

2020-06-15 12:40:33 PROTOCOL OPTIONS:
  cipher: AES-256-GCM
  digest: NONE
  compress: COMP_STUBv2
  peer ID: 2

2020-06-15 12:40:33 EVENT: ASSIGN_IP

2020-06-15 12:40:33 NIP: preparing TUN network settings

2020-06-15 12:40:33 NIP: init TUN network settings with endpoint: WAN PUBLIC IP

2020-06-15 12:40:33 NIP: adding IPv4 address to network settings 172.27.224.3/255.255.240.0

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.27.224.0/20

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.0/24

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.17.0.0/16

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 8.8.8.8/32

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.0/24

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.17.0.0/16

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 172.18.0.0/16

2020-06-15 12:40:33 NIP: adding DNS 192.168.1.14

2020-06-15 12:40:33 NIP: adding DNS 192.168.1.1

2020-06-15 12:40:33 NIP: adding DNS 8.8.8.8

2020-06-15 12:40:33 NIP: adding match domain mydomain.com

2020-06-15 12:40:33 NIP: adding search domain (adapter domain suffix) mydomain.com

2020-06-15 12:40:33 NIP: blocking all IPv6 traffic

2020-06-15 12:40:33 NIP: adding DNS specific routes:

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.14/32

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 192.168.1.1/32

2020-06-15 12:40:33 NIP: adding (included) IPv4 route 8.8.8.8/32

2020-06-15 12:40:33 Connected via NetworkExtensionTUN

2020-06-15 12:40:33 Comp-stubV2 init

2020-06-15 12:40:33 EVENT: CONNECTED [email protected]:1194 (WAN PUBLIC IP) via /UDPv4 on NetworkExtensionTUN/172.27.224.3/ gw=[/]

 

On the Unraid host, I've already added a route to the OpenVPN Client network [172.27.224.0/20] via docker0 (not done on a persistent basis yet):

root@Unraid:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         USG             0.0.0.0         UG    632    0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-5ae677f41049
172.27.224.0    0.0.0.0         255.255.240.0   U     1      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.128 U     0      0        0 shim-br0
192.168.1.0     0.0.0.0         255.255.255.0   U     632    0        0 br0
192.168.1.128   0.0.0.0         255.255.255.128 U     0      0        0 shim-br0
root@Unraid:~# 

On the Unifi USG Internet Access Gateway [192.168.1.1], I've already added a route to the OpenVPN Client network [172.27.224.0/20] via the Unraid host:

user@USG:~$ sudo route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         cpe-66-74-0-1.d 0.0.0.0         UG    0      0        0 eth0
10.8.0.0        unraid          255.255.255.0   UG    0      0        0 eth1
10.253.0.0      unraid          255.255.255.0   UG    0      0        0 eth1
66.74.0.0       *               255.255.224.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
172.17.0.0      unraid          255.255.0.0     UG    0      0        0 eth1
172.18.0.0      unraid          255.255.0.0     UG    0      0        0 eth1
172.27.224.0    unraid          255.255.240.0   UG    0      0        0 eth1
172.27.240.0    unraid          255.255.240.0   UG    0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
192.168.2.0     *               255.255.255.0   U     0      0        0 eth1.2
user@USG:~$ 

In the OpenVPN Container [172.17.0.5], I've verified that IP Forwarding is enabled:

# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

On the Unraid host [192.168.1.200], I've verified that IP Forwarding is enabled:

root@Unraid:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
root@Unraid:~# 

Here are the iptables from the OpenVPN container [172.17.0.5]:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
AS0_ACCEPT  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
AS0_ACCEPT  all  --  anywhere             anywhere            
AS0_IN_PRE  all  --  anywhere             anywhere             mark match 0x2000000/0x2000000
AS0_ACCEPT  udp  --  anywhere             anywhere             state NEW udp dpt:1194
AS0_WEBACCEPT  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
AS0_WEBACCEPT  tcp  --  anywhere             anywhere             state NEW tcp dpt:943

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
AS0_ACCEPT  all  --  anywhere             anywhere             state RELATED,ESTABLISHED
AS0_IN_PRE  all  --  anywhere             anywhere             mark match 0x2000000/0x2000000
AS0_OUT_S2C  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
AS0_OUT_LOCAL  all  --  anywhere             anywhere            

Chain AS0_ACCEPT (4 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain AS0_DNS (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             dns.google          
RETURN     all  --  anywhere             anywhere            

Chain AS0_IN (4 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             172.27.224.1        
AS0_IN_POST  all  --  anywhere             anywhere            

Chain AS0_IN_NAT (0 references)
target     prot opt source               destination         
MARK       all  --  anywhere             anywhere             MARK or 0x8000000
ACCEPT     all  --  anywhere             anywhere            

Chain AS0_IN_POST (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.1.0/24      
ACCEPT     all  --  anywhere             172.17.0.0/16       
ACCEPT     all  --  anywhere             172.18.0.0/16       
AS0_OUT    all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain AS0_IN_PRE (2 references)
target     prot opt source               destination         
AS0_DNS    tcp  --  anywhere             anywhere             state NEW tcp dpt:53
AS0_DNS    udp  --  anywhere             anywhere             state NEW udp dpt:53
AS0_IN     all  --  anywhere             169.254.0.0/16      
AS0_IN     all  --  anywhere             192.168.0.0/16      
AS0_IN     all  --  anywhere             172.16.0.0/12       
AS0_IN     all  --  anywhere             10.0.0.0/8          
DROP       all  --  anywhere             anywhere            

Chain AS0_IN_ROUTE (0 references)
target     prot opt source               destination         
MARK       all  --  anywhere             anywhere             MARK or 0x4000000
ACCEPT     all  --  anywhere             anywhere            

Chain AS0_OUT (2 references)
target     prot opt source               destination         
AS0_OUT_POST  all  --  anywhere             anywhere            

Chain AS0_OUT_LOCAL (1 references)
target     prot opt source               destination         
DROP       icmp --  anywhere             anywhere             icmp redirect
ACCEPT     all  --  anywhere             anywhere            

Chain AS0_OUT_POST (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             mark match 0x2000000/0x2000000
DROP       all  --  anywhere             anywhere            

Chain AS0_OUT_S2C (1 references)
target     prot opt source               destination         
ACCEPT     all  --  192.168.1.0/24       anywhere            
ACCEPT     all  --  172.17.0.0/16        anywhere            
ACCEPT     all  --  172.18.0.0/16        anywhere            
AS0_OUT    all  --  anywhere             anywhere            

Chain AS0_WEBACCEPT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
# 

and the iptables from Unraid [192.168.1.200]:

root@Unraid:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_INP  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
LIBVIRT_FWX  all  --  anywhere             anywhere            
LIBVIRT_FWI  all  --  anywhere             anywhere            
LIBVIRT_FWO  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
WIREGUARD  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_OUT  all  --  anywhere             anywhere            

Chain DOCKER (2 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:5349
ACCEPT     udp  --  anywhere             172.17.0.2           udp dpt:5349
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:8118
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:8080
ACCEPT     tcp  --  anywhere             172.18.0.2           tcp dpt:6881
ACCEPT     udp  --  anywhere             172.18.0.2           udp dpt:6881
ACCEPT     tcp  --  anywhere             172.18.0.3           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.18.0.3           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:8086
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:8083
ACCEPT     tcp  --  anywhere             172.18.0.4           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:9300
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:9200
ACCEPT     tcp  --  anywhere             172.17.0.6           tcp dpt:6379
ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:9443
ACCEPT     udp  --  anywhere             172.17.0.5           udp dpt:openvpn
ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:943
ACCEPT     tcp  --  anywhere             172.18.0.6           tcp dpt:9897
ACCEPT     tcp  --  anywhere             172.18.0.6           tcp dpt:8989
ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.17.0.7           tcp dpt:3306
ACCEPT     tcp  --  anywhere             172.18.0.7           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.17.0.8           tcp dpt:6080
ACCEPT     tcp  --  anywhere             172.18.0.8           tcp dpt:5900
ACCEPT     tcp  --  anywhere             172.18.0.8           tcp dpt:5800
ACCEPT     tcp  --  anywhere             172.18.0.8           tcp dpt:3129
ACCEPT     tcp  --  anywhere             172.18.0.9           tcp dpt:6789
ACCEPT     tcp  --  anywhere             172.18.0.10          tcp dpt:9117
ACCEPT     tcp  --  anywhere             172.18.0.11          tcp dpt:6767
ACCEPT     tcp  --  anywhere             172.17.0.9           tcp dpt:8686
ACCEPT     tcp  --  anywhere             172.18.0.12          tcp dpt:3579
ACCEPT     tcp  --  anywhere             172.17.0.10          tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.13          tcp dpt:7878
ACCEPT     tcp  --  anywhere             172.18.0.14          tcp dpt:http
ACCEPT     tcp  --  anywhere             172.18.0.15          tcp dpt:8181

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination         

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination         

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination         

Chain WIREGUARD (1 references)
target     prot opt source               destination         
root@Unraid:~# 

 

 

 

Link to comment
On 6/11/2020 at 8:37 PM, kennelm said:

OK, I've been running this container with success for many months, and then earlier this week, I tried to VPN into my unraid server and I found the container is no longer working.  Before I keep digging, did something change? Is there a known issue?

 

Initially, I found that the WebUI doesn't work.  So I poke around and I see this in the container log:

 


[cont-init.d] 50-interface: executing...
/var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory
[cont-init.d] 50-interface: exited 127.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
[services.d] done.
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

My /config path on the host for this container is not /usr/local/openvpn-as.  It's /mnt/cache/appdata/openvpn-as/.  So that looks weird to me.

 

Since the last time I checked this container, I stood up a VM and changed the network settings, so maybe that is related?  Not sure.

 

I'm guessing this is something really silly, but so far I haven't cracked the code...

 

Diagnostics attached.  Appreciate any guidance on getting this back up and running.

 

 

tower-diagnostics-20200611-1954.zip 99.48 kB · 0 downloads

OK, I figured this out.  I had configured OpenDNS at my router to experiment with parental controls and that definitely interfered with this container.

 

Larry

Link to comment
On 6/20/2020 at 11:22 PM, kennelm said:

OK, I figured this out.  I had configured OpenDNS at my router to experiment with parental controls and that definitely interfered with this container.

 

Larry

Could you please let me know how exactly did you fix the problem. Because I'm experiencing the exact same problem.

 

It was working fine for months. Now no matter how many times I install it or change settings I cannot get to the WebUi and I'm treated with "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory"

 

Link to comment
19 hours ago, Sain said:

Could you please let me know how exactly did you fix the problem. Because I'm experiencing the exact same problem.

 

It was working fine for months. Now no matter how many times I install it or change settings I cannot get to the WebUi and I'm treated with "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory"

 

First, I reset the OpenDNS servers on my router.  In my case, I used Google's:  8.8.8.8 and 8.8.4.4.  You can also default to the one's provided by your ISP.  Then, on the Windows machine where I access the unraid console, I had to flush the DNS servers:

 

ipconfig /flushdns

After that, I reinstalled the container and it worked.  I have not taken the time to understand why, but I plan to, or if someone already knows, please weigh in.

Edited by kennelm
Link to comment
4 hours ago, kennelm said:

First, I reset the OpenDNS servers on my router.  In my case, I used Google's:  8.8.8.8 and 8.8.4.4.  You can also default to the one's provided by your ISP.  Then, on the Windows machine where I access the unraid console, I had to flush the DNS servers:

 


ipconfig /flushdns

After that, I reinstalled the container and it worked.  I have not taken the time to understand why, but I plan to, or if someone already knows, please weigh in.

I tried shutting off my PiHole and setting the router, Unraid and my machine to 8.8.8.8. I flushed the DNS. Also tried different machine. (I set up different Unraid test server and different windows machine) all that didn't help to fix the issue. I really appreciate your help Kennelm.  

Link to comment
19 hours ago, Sain said:

I tried shutting off my PiHole and setting the router, Unraid and my machine to 8.8.8.8. I flushed the DNS. Also tried different machine. (I set up different Unraid test server and different windows machine) all that didn't help to fix the issue. I really appreciate your help Kennelm.  

Assuming you had OpenDNS running and that caused your issue, and it has been turned off, check the DNS servers being used on your clients and servers: 

 

cat /etc/resolve.conf on Linux. 

ipconfig /all on Windows.

 

Maybe the OpenDNS servers are still in the cache?

 

Larry

Edited by kennelm
Link to comment
7 hours ago, kennelm said:

Assuming you had OpenDNS running and that caused your issue, and it has been turned off, check the DNS servers being used on your clients and servers: 

 

cat /etc/resolve.conf on Linux. 

ipconfig /all on Windows.

 

Maybe the OpenDNS servers are still in the cache?

 

Larry

I have never had OpenDNS running on any of machines. In fact didn't know what OpenDNS is. I thought its something like CloudFlare DNS or Google DNS. I use Google as my DNS or my local ISP. (I use Pihole but I bypassed it completely) Till now I don't know what the problem is. OpenVPN used to work fine for months Until one day it's stops working at all. no matter how many times I try to fresh install. try different machines both client and server, I still dont' have access to OpenVPN WebGui and I get this error repeated on the log "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory" 

Edited by Sain
Link to comment
8 hours ago, Sain said:

I have never had OpenDNS running on any of machines. In fact didn't know what OpenDNS is. I thought its something like CloudFlare DNS or Google DNS. I use Google as my DNS or my local ISP. (I use Pihole but I bypassed it completely) Till now I don't know what the problem is. OpenVPN used to work fine for months Until one day it's stops working at all. no matter how many times I try to fresh install. try different machines both client and server, I still dont' have access to OpenVPN WebGui and I get this error repeated on the log "./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory" 

That line alone is not helpful. All it tells you is that there was an issue with openvpn install. Post a full log if you seek assistance, and post a docker run.

 

Pihole is known to cause such issues

Link to comment

Hello,

 

My OpenVPN docker worked for a little while earlier this year.  It suddenly stopped working.  So I decided to uninstall the docker and reinstall it to see if I can get it to work.  I download the docker, install says it completes successfully.  The first time I go to access the WebGUI in the docker, I get the attached log with a number of errors in it.  The web page I get looks like the attached screen shot when I click on the WebUI selection on the docker in Unraid.

 

I have changed my DNS servers to google DNS servers 8.8.8.8 and 8.8.4.4 and flushed the DNS running the following code in the command prompt of the PC I'm using to access the web interface on: ipconfig /flushdns and received the response "successfully flushed the DNS Resolver Cache."  Then I reinstalled the docker, still same issues.  I also shutoff all my anti-virus and firewall stuff, and I am not using a proxy server.  I have also deleted the entire OpenVPN folder created in appdata before uninstalling, still does not help.  When I uninstall I select the box that says delete image file.  Is there more hidden files tucked away in different places that I need to go in and manually delete to completely remove the Docker? 

 

I have tried different web browsers as well, with no success.

 

Please help....I loved it when this thing worked, but by uninstalling and reinstalling the Docker I appear to be worse off. 

 

Thanks for your time.

WebPage_Screen_Shot.pdf OpenVPN_Error_Log.txt

Edited by Dustin
Link to comment
55 minutes ago, Dustin said:

Hello,

 

My OpenVPN docker worked for a little while earlier this year.  It suddenly stopped working.  So I decided to uninstall the docker and reinstall it to see if I can get it to work.  I download the docker, install says it completes successfully.  The first time I go to access the WebGUI in the docker, I get the attached log with a number of errors in it.  The web page I get looks like the attached screen shot when I click on the WebUI selection on the docker in Unraid.

 

I have changed my DNS servers to google DNS servers 8.8.8.8 and 8.8.4.4 and flushed the DNS running the following code in the command prompt of the PC I'm using to access the web interface on: ipconfig /flushdns and received the response "successfully flushed the DNS Resolver Cache."  Then I reinstalled the docker, still same issues.  I also shutoff all my anti-virus and firewall stuff, and I am not using a proxy server.  I have also deleted the entire OpenVPN folder created in appdata before uninstalling, still does not help.  When I uninstall I select the box that says delete image file.  Is there more hidden files tucked away in different places that I need to go in and manually delete to completely remove the Docker? 

 

I have tried different web browsers as well, with no success.

 

Please help....I loved it when this thing worked, but by uninstalling and reinstalling the Docker I appear to be worse off. 

 

Thanks for your time.

WebPage_Screen_Shot.pdf 192.36 kB · 0 downloads OpenVPN_Error_Log.txt 10.12 kB · 0 downloads

My experience was exactly like yours. I even went an extra mile and create new test unraid server and new test windows still same issue. Many people experience the same thing. If you go and look for the latest comments in Spaceinvader YouTube tatorial on Unraid OpenVPN installation, you'll see lots of users are asking how to fix this issue. I gave up on this docker. Since I'm using PFsense I create OpenVPN Server their. And it works flawlessly. Also it's better to have it on the router level.

Edited by Sain
Typo
Link to comment
59 minutes ago, Dustin said:

Hello,

 

My OpenVPN docker worked for a little while earlier this year.  It suddenly stopped working.  So I decided to uninstall the docker and reinstall it to see if I can get it to work.  I download the docker, install says it completes successfully.  The first time I go to access the WebGUI in the docker, I get the attached log with a number of errors in it.  The web page I get looks like the attached screen shot when I click on the WebUI selection on the docker in Unraid.

 

I have changed my DNS servers to google DNS servers 8.8.8.8 and 8.8.4.4 and flushed the DNS running the following code in the command prompt of the PC I'm using to access the web interface on: ipconfig /flushdns and received the response "successfully flushed the DNS Resolver Cache."  Then I reinstalled the docker, still same issues.  I also shutoff all my anti-virus and firewall stuff, and I am not using a proxy server.  I have also deleted the entire OpenVPN folder created in appdata before uninstalling, still does not help.  When I uninstall I select the box that says delete image file.  Is there more hidden files tucked away in different places that I need to go in and manually delete to completely remove the Docker? 

 

I have tried different web browsers as well, with no success.

 

Please help....I loved it when this thing worked, but by uninstalling and reinstalling the Docker I appear to be worse off. 

 

Thanks for your time.

WebPage_Screen_Shot.pdf 192.36 kB · 0 downloads OpenVPN_Error_Log.txt 10.12 kB · 0 downloads

Looks like you are forbidden to access the download server for openvpn-as.

Link to comment

Just a general comment. I'm seeing quite a few people here with the comment "followed spaceinvaderone video, it doesn't work".

 

Perhaps you should ask him for support, maybe there is an issue with the directions there.

 

If you use the default template as is, and follow the directions we provide in the readme (linked in the first post here), it works. I've been using it for years. It only once crapped out on me during an image update, I restored from a backup and it worked just fine since.

 

Also keep in mind that when you update the image, it has to connect to the openvpn-as repo to download the package. If you have networking issues (dns config, mtu issue, or something like pihole blocking it) you'll see in the logs that it is unable to connect to the repo.

 

To ask for support from us, post your docker run, and a full docker log on pastebin or the like and drop links here. Also let us know how you're trying to access it (the address) and what settings you changed in the gui. "I followed X guide and it doesn't work" is not going to get you support from us.

Link to comment
  • 2 weeks later...

Hello there, I followed SpaceInvader's 2019 guide  to setup the openvpn-as container and I have some issues...
https://www.youtube.com/watch?v=fpkLvnAKen0

Firstly, when using his guide, to the letter, I can connect to the VPN and browse the net as if I was home.

BUT, I can't connect to anything on the home network... No response (I used my phone as a hotspot to test).

 

Googling and "ducking" helped me find that the Interface should be set as HOST and the docker should be privileged.

By doing so, I lose the ability to connect through the VPN and can't login as an admin on the Web GUI... So for now, unusable.

 

Did someone else encounter similar issues and found the way to fix them?

Link to comment
3 hours ago, Normand_Nadon said:

Hello there, I followed SpaceInvader's 2019 guide  to setup the openvpn-as container and I have some issues...
https://www.youtube.com/watch?v=fpkLvnAKen0

Firstly, when using his guide, to the letter, I can connect to the VPN and browse the net as if I was home.

BUT, I can't connect to anything on the home network... No response (I used my phone as a hotspot to test).

 

Googling and "ducking" helped me find that the Interface should be set as HOST and the docker should be privileged.

By doing so, I lose the ability to connect through the VPN and can't login as an admin on the Web GUI... So for now, unusable.

 

Did someone else encounter similar issues and found the way to fix them?

You should not set it to host or use privileged. The template should have the correct settings already, so it's just the ports you need to set.

 

I have not watched the video and will not do it either, so you have to tell us what you have done.

You have set the local subnet in openvpn-as?

Link to comment
30 minutes ago, Normand_Nadon said:

Thanks for your answer... 

I added my home network to the list of subnets in the web Ui.. is that what you refer to?
 

2020-07-10_12-48.png

To be honest I don't remember which setting it is as I don't use it and it's a long time since I tested it.

Link to comment

hi, a simple question that I cannot solve...I just installed the docker on unraid 6.8.3.

how can the password of the admin be changed? I tried changing it in user permissions but it is actually not done and I can still login with default "password".

Link to comment
15 minutes ago, luca2 said:

hi, a simple question that I cannot solve...I just installed the docker on unraid 6.8.3.

how can the password of the admin be changed? I tried changing it in user permissions but it is actually not done and I can still login with default "password".

It's mentioned in the readme on GitHub.

Link to comment
30 minutes ago, saarg said:

It's mentioned in the readme on GitHub.

Thx for pointing me in the right direction.

When it says: "Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin boot_pam_users.0=kjhvkhv" ... just to be sure: "kjhvkhv" should be my new created user (with admin rights)?

thx in advance for support.

Link to comment
2 hours ago, luca2 said:

Thx for pointing me in the right direction.

When it says: "Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin boot_pam_users.0=kjhvkhv" ... just to be sure: "kjhvkhv" should be my new created user (with admin rights)?

thx in advance for support.

It's explained in the important note right under that explanation. You are disabling the pam user, so it is just random letters.

Link to comment

Hello

 

Its my first time setting up a OpenVPN server so I don't know if this is the correct way of working or I'm missing something.

I have followed the Spaceinvaders guide and my VPN is working. I have tested it with my mobile phone using 4G and it works perfect. The problem was that I was at the office this morning and want to test it but I didn't have the profile so I tried to access to mydomain:943 and It couldn't be reached. I 'opened' the port just in case and still not working. So:

 

1) Is openVPN GUI only accesible through LAN for security reasons?

2) In this way, should I keep a copy of the profile somewhere in the cloud (my nextcloud, for example) in case this happen again to me?
3) In the case OpenVPN can be accesed through wan, what I'm missing? I tried the port in a hurry, but I'm using nginxproxymanager.

Thanks in advance.

Edited by Yeyo53
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.