[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

  • 2 weeks later...

I've got a problem when i try to start the webserver. I always get this error message:
 

process started and then immediately exited: ['Fri Oct 13 23:59:16 2017 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)']
service failed to start or returned error status

 

my docker run command is this:

/plugins/dynamix.docker.manager/scripts/docker create --name="openvpn-as" --net="host" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "TCP_PORT_943"="943" -e "TCP_PORT_9443"="9443" -e "UDP_PORT_1194"="1194" -e "INTERFACE"="bond0" -e "PGID"="100" -e "PUID"="99" -v "/mnt/cache/appdata/openvpn-as":"/config":rw --cpuset-cpus=0-4,8-12 linuxserver/openvpn-as

 

i tried multiple times reinstalling the docker with removing the config folder and also removing the docker with all their images without success.

 

I hope someone can help me with this.

 

EDIT: a simple restart of the server fixed the problem....

Edited by DaLeberkasPepi
Link to comment

Hey guys,

I have successfully set everything up and it works perfectly. SSL and all. However, when a user connects and clicks "more details..." when asked "Allow VPN connection to...", the info presents the whole config file - something that doesnt feel right. Even the SSL information is there in plain sight. 

 

Is that normal? Can one edit the data that is shown in this "More information..." thing? If so, how ?

 

 

I appreciate any help !

ovpn.jpg

Link to comment
  • 2 weeks later...

i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer.

log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194

I tried restarting container, did not change.

Is there something I need to change on my end as a result of the container update?

Edited by wirenut
Link to comment
3 hours ago, wirenut said:

i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer.

log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194

I tried restarting container, did not change.

Is there something I need to change on my end as a result of the container update?

 

2 hours ago, wgstarks said:

Looks like I’m having the same issue.

 

Same issue as well 

 

version went from 2.1.9 to 2.1.12 

 

maybe we need to wait for the client app to be updated?

Edited by MowMdown
Link to comment
56 minutes ago, MowMdown said:

 

 

Same issue as well 

 

version went from 2.1.9 to 2.1.12 

 

maybe we need to wait for the client app to be updated?

No updates available yet but who knows what’s coming down the pipe. I posted about this issue in the openvpn forum. If I get an answer there I’ll forward it along.

Link to comment
6 hours ago, wirenut said:

i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer.

log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194

I tried restarting container, did not change.

Is there something I need to change on my end as a result of the container update?

 

2 hours ago, MowMdown said:

 

 

Same issue as well 

 

version went from 2.1.9 to 2.1.12 

 

maybe we need to wait for the client app to be updated?

 

From OpenVPN Support-

 



In Safari, go to the client web service - https://vpnurl here:943

Login and then click on your profile download at the bottom of that page, then choose Open in OpenVPN. You might just need a new profile due to changes in the default TLS settings of the new version.

 

I’m mobile today so I can’t check this since I’d have to do it from my local network. Maybe one of y’all can test it?

Link to comment
On 10/27/2017 at 4:00 PM, MowMdown said:

 

I did generate a new openvpn "Client.ovpn" profile and that didn't work.

 

On 10/27/2017 at 4:03 PM, wirenut said:

Same here, didnt work

 

 

Ok. New reply from OpenVPN-AS support-

It looks like the upgrade procedure you followed broke the database.

Try the following to reset the TLS settings:

Go to Advanced VPN in the Admin UI.
Disable the "Enable TLS authentication" option.
Save settings.
Update running servers.
Enable the "Enable TLS authentication" option.
Save settings.
Update running servers.

Now try again.

This fixed the problem for me. @linuxserver.io Looks like updating the docker caused an incompatibility of the local database???

Edited by wgstarks
  • Like 1
  • Upvote 3
Link to comment
2 hours ago, wgstarks said:

 

 

 

Ok. New reply from OpenVPN-AS support-


It looks like the upgrade procedure you followed broke the database.

Try the following to reset the TLS settings:

Go to Advanced VPN in the Admin UI.
Disable the "Enable TLS authentication" option.
Save settings.
Update running servers.
Enable the "Enable TLS authentication" option.
Save settings.
Update running servers.

Now try again.

This fixed the problem for me. @linuxserver.io Looks like updating the docker caused a corruption of the local database???

 

Worked for me, thanks!

Link to comment

@linuxserver.io @CHBMB @sparklyballs

After being questioned by OpenVPN tech support regarding the process I used to update OpenVPN-AS to the current version I informed them that I was running the server in a docker and that I had just updated the docker to install the updated application. I received this reply from OpenVPN-AS tech support-

Quote

 


Hello Walter,

That explains it. When the OpenVPN Access Server is updated with the installer package, it automatically makes corrections to the database to make it function on the new version. Simply yanking the databases out and putting it into a new version of Access Server will not take these steps.

In the future, this update process you have used can lead to a recurrence of problems. The recommended upgrade step is to update the package itself so that it can do its job. You are fortunate that I happen to know that that particular setting is what has been altered between 2.1.9 and 2.1.12 and was at the root of your problem. For future problems, we might not be able to provide such manual repair instructions.

This page shows you the instructions to do an in-place upgrade of Access Server:
https://docs.openvpn.net/configuration/keeping-openvpn-access-server-updated/

I think that you should be able to devise a means of upgrading now that will ensure the program has a chance to update your database before you do the docker replacement method.

I trust I have provided you with the information you were looking for. In order to keep our support system clean I will now close this support ticket. Of course, if you still have questions regarding this issue you may reopen this ticket at your convenience.



Kind regards,
Johan Draaisma
OpenVPN Technologies, Inc. 

 

I haven’t had a chance to completely review all the info they sent me, but it looks like future updates to the application may need to be applied within the application rather than pushing out an updated container??? Not quite sure if the exact process yet though?

Edited by wgstarks
Link to comment
On 28/10/2017 at 3:12 PM, wgstarks said:

 

 

 

Ok. New reply from OpenVPN-AS support-


It looks like the upgrade procedure you followed broke the database.

Try the following to reset the TLS settings:

Go to Advanced VPN in the Admin UI.
Disable the "Enable TLS authentication" option.
Save settings.
Update running servers.
Enable the "Enable TLS authentication" option.
Save settings.
Update running servers.

Now try again.

This fixed the problem for me. @linuxserver.io Looks like updating the docker caused a corruption of the local database???

 

I'm not certain that the update "corrupted" anything at all as to my knowledge this is the first time an update of the application has resulted in such a situation

I'd rather say it was a compatibility issue between versions that lead to a "broken" database

 

Gonna cite this post in the OP though

Link to comment
17 minutes ago, sparklyballs said:

 

I'm not certain that the update "corrupted" anything at all as to my knowledge this is the first time an update of the application has resulted in such a situation

I'd rather say it was a compatibility issue between versions that lead to a "broken" database

 

Gonna cite this post in the OP though

I agree, “corrupt” isn’t correct. The update required a modification of the database which didn’t occur when just pulling an updated docker.

 

Will updates work using the method recommended by tech support in a docker exec command? Not quite sure what the correct procedure should be.

Link to comment

I think the way they handle database changes is not optimal. The app itself should update the database (through proper versioning), not the installer. 

 

What if someone were to restore an older database that was backed up a few versions ago, do they have to install that old version and update through the installer? 

Link to comment
2 hours ago, aptalca said:

I think the way they handle database changes is not optimal. The app itself should update the database (through proper versioning), not the installer. 

 

What if someone were to restore an older database that was backed up a few versions ago, do they have to install that old version and update through the installer? 

I'm not even sure exactly how to create the backup? Tried using the docs supplied by tech support but I just get a segfault.

root@Brunnhilde:/mnt/cache/appdata/openvpn-as# ./bin/sqlite3 ./etc/db/config.db .dump > ./config.db.bak                                        
Segmentation fault

 

Link to comment

After receiving the info from tech support regarding updating the app from within the docker container I've been trying to work out the docker commands required to download and install the update inside the docker. Figured if I could figure out how to create the backup files they recommend that would be a good start. I believe I have finally worked that out but I keep getting a segfault error.

root@Brunnhilde:~# docker exec openvpn-as /bin/bash -c 'cd /config && ./bin/sqlite3 ./etc/db/config.db .dump > ./config.db.bak'
/bin/bash: line 1:   435 Segmentation fault      ./bin/sqlite3 ./etc/db/config.db .dump > ./config.db.bak

I'm not positive, but after googling I think this is related to the permissions set on the openvpn appdata folder-

root@Brunnhilde:~# cd /mnt/cache/appdata/openvpn-as
root@Brunnhilde:/mnt/cache/appdata/openvpn-as# ls -al
total 84
drwxr-xr-x 10 nobody users   174 Oct 30 18:48 ./
drwxrwxrwx 13 nobody users   258 Oct 30 03:00 ../
drwxr-xr-x  2 nobody users    70 Oct 27 18:17 bin/
-rw-r--r--  1 root   root      0 Oct 30 18:48 config.db.bak
drwxr-xr-x  5 nobody users   161 Oct 27 18:16 doc/
drwxr-xr-x  9 nobody users   233 Oct 27 18:17 etc/
-rw-r--r--  1 nobody users   448 Aug 30 17:34 exports
drwxr-xr-x  3 nobody users    23 Oct 27 18:16 include/
-rw-r--r--  1 nobody users 10898 Oct 27 18:17 init.log
drwxr-xr-x  6 nobody users  4096 Oct 27 18:16 lib/
-rw-r--r--  1 nobody users 54308 Oct 27 18:16 license.txt
drwxr-xr-x  2 nobody users  4096 Oct 28 09:57 log/
drwxr-xr-x  2 nobody users    79 Oct 27 18:16 sbin/
drwxr-xr-x  2 nobody users  4096 Oct 27 18:17 scripts/

I know these permissions aren't the same as any of the other docker appdata folders I have installed, but that doesn't mean they aren't correct.

 

Should I run "New Permissions" on this folder?

 

Or maybe I'm using the wrong command completely and should be using something else?

Link to comment

I followed space invader's tutorial, tested it and it works if I use the user 'admin'. I tried to set up another user but was unable to log on, says login failed? I created the user/password by telneting into the docker as shown in the video.

 

Also, since I only have the DDNS (xxxxxx.duckdns.org), does that mean I can't make use of the SSL certificate? Is it less secure then/what other downsides are there? Thanks

Link to comment
4 hours ago, puncho said:

I followed space invader's tutorial, tested it and it works if I use the user 'admin'. I tried to set up another user but was unable to log on, says login failed? I created the user/password by telneting into the docker as shown in the video.

 

Also, since I only have the DDNS (xxxxxx.duckdns.org), does that mean I can't make use of the SSL certificate? Is it less secure then/what other downsides are there? Thanks

1

 

Yeah, I followed his directions prior the upgrade and all WAS good.  After the upgrade couldn't get the 2nd user setup like you when I tried to re-setup.  

 

Ad for using duckdns, maybe you can use the other authentication methods by temporarily setting up a ftp / web site to register for a cert.  

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.