Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - OpenVPN AS

Featured Replies

Just now, CHBMB said:

NP, yeah Linux is case sensitive so Bond0 and bond0 aren't the same.

yea just notice , whats default user and password while ur here

  • Replies 2k
  • Views 462.8k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • SpaceInvaderOne
    SpaceInvaderOne

    I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

  • PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

  • Stupifier
    Stupifier

    Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

On 7/12/2017 at 5:40 AM, aptalca said:

 

You're right. I realized I'm on an older version as well. We'll look into it.

 

Thanks

 

Cheers for looking into it :)

 

Any luck so far? :D

1 hour ago, CHBMB said:

Name = Whatever you want - irrelevant

Key = INTERFACE

Value = Bond0 or bond0

 

Perfect solution. Thanks.

 
Cheers for looking into it [emoji4]
 
Any luck so far? [emoji3]


Not an easy fix. There are a few options but none are really ideal. Currently discussing internally the best recourse
3 hours ago, aptalca said:

 


Not an easy fix. There are a few options but none are really ideal. Currently discussing internally the best recourse

 

Aha I see, fair enough - I'll trust that the right solution is in the works :)

 

Thanks for the update :)

  • 2 weeks later...

Two short questions:

 

Any idea how to set up access the Web GUI (on port 943) through a reverse proxy using nginx (in the letsencrypt docker)?

 

Also, any idea on how to set up OpenVPN to use a dockerized pi-hole as the DNS (Docker by diginc; running on a host in its own Docker network as described below) - that would be neat to achieve ad-free surfing on the go

)

linuxserver.io - thanks so much for your dockers.  They are fantastic.

 

TL;DR - I am trying to setup a static return route on my LAN gateway to to the VPN subnet so my LAN devices can access devices on the VPN subnet... which I am fairly certain is my problem.  Question - if the OpenVPN-AS docker is on bond0 and shares the IP of the UnRaid server, how do I ensure my static route makes it to the docker?  Does my docker need its own unique IP?

 

I previously had OpenVPN-AS virtual appliance running in Hyper-V and moved over to this docker.  The install and configuration was fairly straight forward, I just mimicked my prior config and now my clients can connect.  It seems I only have unidirectional traffic VPN Subnet --> LAN Subnet:

 

Lan: 10.0.0.0/24

OpenVPN: 10.0.1.0/24

Unraid IP: 10.0.0.31

 

Docker interface is set to bond0

Server is up and running fine, all proper ports are exposed on my firewall and forwarded to my unraid IP (10.0.0.31)

Config in AS Admin should allow all clients (vpn and local) access bidirectionally to all resources on both subnets

 

VPN Clients connect no problem and are assigned VPN IP (10.0.1.x)   I am able to access network resources such as file shares, ping LAN IP addresses and hostnames with FQDN, even RDP into LAN boxes

 

LAN devices cannot ping anything on the VPN subnet (connected clients or the VPN default gateway (5310.0.1.161))

 

I suspect I need to setup a static return route on the LAN default gateway (10.0.0.1) which is running a linux distro.

eth0: WAN IP

eth1: LAN IP (10.0.0.0/24)

 

I have tried adding the following line to the ip table of 10.0.0.1:

 

route add -net 10.0.1.0 netmask 255.255.255.0 gw 10.0.0.31 dev eth1

 

but it doesn't seem to work even after restarting the firewall service and reboot the device.

 

Thanks in advance for any help!

  • 2 weeks later...

Edit: SOLVED

 

Solution: Seems when your in the OpenVPN webGUI, you need to enable the "Auto Login" feature for the user account that will be using the OpenVPN client. I was able to successfully log into my server that way.

 

Hello,

 

After following the Spaceinvader One YT Video, Ive setup my OpenVPN server, a DDNS tracker, and have the proper ports forwarded.

 

For some strange reason, after getting the user account setup (cmdline and on the webGUI) the client download will not connect to the VPN server but when the "userlocked" profile is downloaded to my iPhone it works using the iOS app. I have full access to my server via my mobile network.

 

Any idea why the client download doesn't connect?

Edited by MowMdown

Hi experts,

 

I have an OpenVPN Docker from linuxserver on my UNRAID machine running. Everything works fine and I can connect from outside to my local network until I update the docker container.

 

After each update I can’t connect to and login into the OpenVPN server anymore – the client says that the password is wrong. That’s why every time the docker gets updated, I need to set the password of the admin account to its old value.

 

So the problem is that after each OpenVPN docker update the password of the admin account gets somehow resetted.

 

Authentication settings in the Docker settings are as follow: under “Authenticate users using” I tried Local and PAM. In both cases the same result.

 

Has anyone noticed this behavior? How can I fix it?

Edited by gizmer

Yes. After an update the admin password is reset to the default. You can change the password using the command shown in the GitHub Readme under "Setting up the application".

2 hours ago, wgstarks said:

Yes. After an update the admin password is reset to the default. You can change the password using the command shown in the GitHub Readme under "Setting up the application".

 

OK, thanks. Is there any chance to prevent the password resetting?

25 minutes ago, gizmer said:

 

OK, thanks. Is there any chance to prevent the password resetting?

Don't run the update except when you also plan to reset the password. If I understand correctly, LSIO updates all their dockers weekly but there isn't necessarily any change. Maybe one of the LSIO members can expand on this?

 

You can use the CA User Scripts plugin to simplify the password reset process probably.

Edited by wgstarks

 
OK, thanks. Is there any chance to prevent the password resetting?
There is a pr that will provide instructions on how to fix the password resetting issue. It is currently under review and should be merged soon
17 hours ago, aptalca said:
On 8/17/2017 at 2:14 PM, gizmer said:
 
OK, thanks. Is there any chance to prevent the password resetting?

There is a pr that will provide instructions on how to fix the password resetting issue. It is currently under review and should be merged soon

I'm probably jumping the gun with this question, but what will I need to do to add this to my existing docker when it's merged? I see it's already been approved.

 

Edit: I see the readme changes. That looks simple enough, just not sure how to get the modifications to /root/etc/cont-init.d/40-openvpn-init or if I even need to?

Edited by wgstarks

6 hours ago, wgstarks said:

just not sure how to get the modifications to /root/etc/cont-init.d/40-openvpn-init or if I even need to?

Never mind. I see an update ready for the docker. Guessing I just need to run the update?

 

The rest was very simple. @aptalca BIG THANKS.

I'm probably jumping the gun with this question, but what will I need to do to add this to my existing docker when it's merged? I see it's already been approved.
 
Edit: I see the readme changes. That looks simple enough, just not sure how to get the modifications to /root/etc/cont-init.d/40-openvpn-init or if I even need to?
The instructions in the readme will apply to existing users.

The most important thing is to make sure that authentication is set to local before the other users are created.

In a nutshell, pam users don't survive container updates or reinstalls, and the admin user (a pam user) gets reset.

Local users survive updates and the admin user access (a pam user) can be deactivated in the config file once another local user is given admin privileges

Yeah. Already had authentication set to local so that wasn't any problem.

 

The only issue I had at all was deleting the user "admin" after I configured a new user with admin privileges. Did you know that if you log in as user "admin" you can't delete that user in the GUI.:$

 

Once I figured out that I needed to login as the new user the rest was a piece of cake.

 

Ran the docker update last night and then tested logging in as default admin user, which failed (as desired). Looks good.

Would like opinions.

 

Should I set my new admin user as an account separate from the one I normally use to connect from WAN? Was thinking that it might be more secure if the admin user can only connect from the local network. Not really sure about any problems this might create though.

 

Or maybe I should just throw away my tinfoil hat and not worry about it at all.:)

5 minutes ago, wgstarks said:

Should I set my new admin user as an account separate from the one I normally use to connect from WAN? Was thinking that it might be more secure if the admin user can only connect from the local network.

Yes. You shouldn't be able to admin the vpn server without authenticating into the network first.

58 minutes ago, jonathanm said:

Yes. You shouldn't be able to admin the vpn server without authenticating into the network first.

That's true. My normal user is using a certificate to authenticate. That's why I thought there may not really be a problem with letting that account have admin privileges, and setting up a "local only" account for admin might really just be over kill.

Yeah. Already had authentication set to local so that wasn't any problem.
 
The only issue I had at all was deleting the user "admin" after I configured a new user with admin privileges. Did you know that if you log in as user "admin" you can't delete that user in the GUI.[emoji5]
 
Once I figured out that I needed to login as the new user the rest was a piece of cake.
 
Ran the docker update last night and then tested logging in as default admin user, which failed (as desired). Looks good.
No need to delete the admin user. It will come back when you update the container anyway. Just follow the steps in the readme to disallow the admin user logging in.

The admin user is required for the first time login, that's why the container always creates it. But once the user sets up another account with admin privileges and disables admin user login in the config, admin will just be a useless account that doesn't do anything (and doesn't hurt anything).

If you want to tighten up security, you can create two user accounts, one an admin, specifically for management purposes, and another for users to login with. Only share the certificate for the second user account with your users. Or, you can create many user accounts, one for each real life user (or per device) so you can disable access for a specific individual if needed.

I'm the only vpn user for my server so I use the same certificate on all of my devices. The downside is, if a device is lost or stolen, I would have to generate a new cert and update it on all the other devices.

I only have one mobile device that I use to connect from WAN. I think I'll probably disable admin privileges for that one and just set up another user/password for an admin user that is only on my local network. Hadn't even thought about being able to delete the user if the phone gets lost/stolen. That's a good point.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.