Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1620 posts in this topic Last Reply

Recommended Posts

So basically, I can use the unsigned certificate then and it will still be secure?

 

Yeah, it's just warning you, because anyone can setup an unsigned certificate.  To get rid of the warning, you have to get the domain name validated by a third party to confirm you own the domain name.

Share this post


Link to post

Sweet deal, thanks man.  I am able to connect over the internet from my phone to the admin account and i have internet access so it seems like everything is working, although I cannot connect to server from the web interface.  I am not going to worry and Ill test it out from my laptop later on.  Thanks again!

Share this post


Link to post

You can only connect to the server interface from within your LAN for security reasons.

Share this post


Link to post

Wait, I see what you are saying.. I was referring to the connectivity test.  It will not work for me but everything seems to be fine other than that.

Share this post


Link to post

Hi All,

A terribly bad question I'm sure but Im trying to setup OpenVPN and wish to set it up as a CA. I've installed the container, and can access the admin page. I am following the OpenVPN setup guide here - https://openvpn.net/index.php/open-source/documentation/howto.html#install - but am unable to locate the easy-rsa directory in my Unraid server. I assume as it is installed as a docker container the instructions on the setup guide are probably not 100% accuate but I cannot seem to find any easy-rsa directory and hence cannot proceed with generating certificates etc,

 

Can anyone point me in the right directions please?

 

The version installed is 2.0.20, so I *think* easy-rsa should be included.

 

Thanks

Share this post


Link to post

Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI.

 

What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here.

Share this post


Link to post

Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI.

 

What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here.

 

Why you adding repos to Unraid, just install Community Applications and install from there... Trust me, you'll like it...  ;)

 

To answer your question, no it's not command line only.  Eth0 is the interface to bind.

 

Share this post


Link to post

Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI.

 

What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here.

 

Why you adding repos to Unraid, just install Community Applications and install from there... Trust me, you'll like it...  ;)

 

To answer your question, no it's not command line only.  Eth0 is the interface to bind.

 

Damn, good shout.. This needs more press!

Share this post


Link to post

Hi All,

Can anyone please tell me how to get easy-rsa installed to suport my openvpn-as install? I have the vpn working fine with login credientials but want to move to certificate based authentication.

 

Also for my understanding, are the certs in the WEB SERVER menu of openvpn specifically relating to the Web UI and not related to Server/Client certificates for VPN users?

 

I need to be able to issue certs for VPN users on mobile devices. Cannot seem to get easy-rsa working.

 

THanks

Simon

 

 

 

 

Share this post


Link to post

Hi Simon. I'm afraid I won't be able to help you with this as none of the ls.io team use this container that I'm aware of....

Share this post


Link to post

Hi there, do you mean no one uses easy-rsa?

I don't know if it comes as a container but it used to be a part of the openvpn install by default.

If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that?

 

Cheers

Share this post


Link to post

Hi there, do you mean no one uses easy-rsa?

I don't know if it comes as a container but it used to be a part of the openvpn install by default.

If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that?

 

Cheers

 

No I mean we don't use the container.  Personally I use the OpenVPN on my router.

Share this post


Link to post

 

Hi there, do you mean no one uses easy-rsa?

I don't know if it comes as a container but it used to be a part of the openvpn install by default.

If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that?

 

Cheers

Use the OpenVPN plugin instead. This use easyrsa to create cert for client/server

Share this post


Link to post

Not to get off topic but does openvpn docker or plugin have any advantages vs running openvpn on a router?  A decently powered router such as an asus ft-ac68.

Share this post


Link to post

Hi All,

Can anyone please tell me how to get easy-rsa installed to suport my openvpn-as install? I have the vpn working fine with login credientials but want to move to certificate based authentication.

 

Also for my understanding, are the certs in the WEB SERVER menu of openvpn specifically relating to the Web UI and not related to Server/Client certificates for VPN users?

 

I need to be able to issue certs for VPN users on mobile devices. Cannot seem to get easy-rsa working.

 

THanks

Simon

 

Can I ask why you would you "need" to use easy-rsa to support the install / use of openvpn-as?

 

It is my understanding of openvpn-as that it generates unique certificates/key files etc for you as part of setting up logging on.

 

# Automatically generated OpenVPN client config file

# Generated on Sat Jan 23 15:38:45 2016 by main

# Note: this config file contains inline private keys

#      and therefore should be kept confidential!

 

You can of course download a user locked version or not.

 

What I did was follow the guides to add a user, change the users password. Enable auto login for that user. I make sure I check "Require user permissions record for VPN access" too. Open the port I selected on my router and forward it to the server port that openvpn-as is using. Then download the *.ovpn file which contained all the key authentication details / certs etc to allow the client (iPhone, Router, iMac, MacBookAir) to auto login. The connection is secure, encrypted and safe.

 

Not to get off topic but does openvpn docker or plugin have any advantages vs running openvpn on a router?  A decently powered router such as an asus ft-ac68.

 

As I understand it openvpn-as is automated and does allot of the configuration and unique key/certificate generation for you. It also provides a nice pretty UI to configure everything. In addition - I have noticed that the connection on my unRAID server via this Docker vs the connection on my ASUS RT-AC3200 router is that this Docker on my unRAID server is faster AND can support more users without noticing a speed drop.

 

One benefit of using openvpn on your router (not openvpn-as) I believe is that you don't have to purchase licences for more than 2 users. You can of course have multiple devices using the same users connection!

 

This is all AFAIK unless someone corrects me ....

 

EDIT: See this from the openvpn-as Server GUI:

 

User Authentication

User credentials are validated using one of the three (external) user databases below or using the locally configured users on 'Users Permissions' page.

IMPORTANT NOTE: if you are using autologin profiles (selectable on the User Permissions page), bear in mind that they authenticate using a certificate only and will therefore bypass credential-based authentication using the external authentication DBs below.

 

Authenticate users using:

 

Local

PAM [i have this enabled anyway but there are no configuration settings for PAM Authentication in that section of the GUI so no one can logon using that method. It is bypassed anyway as I use auto-login]

RADIUS

LDAP

Share this post


Link to post

Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license.

Share this post


Link to post

Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license.

 

A very succinct summary of my point in my above post!

Share this post


Link to post

Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license.

 

A very succinct summary of my point in my above post!

Sorry danioj, didn't see your post above call mine the TL;DR :D

Share this post


Link to post

Looks like I'm having the Ol' can't connect to the webUI problem.

 

I installed the docker the same way I've done several others.

/mnt/user/appdata/OpenVPN/ is where I pointed the config/ files to.

from there I'm not able to access the webUI.

 

I have very limited knowledge of linux so if I'm needed to do something other than the web interface please let me know how to.

Share this post


Link to post

Looks like I'm having the Ol' can't connect to the webUI problem.

 

I installed the docker the same way I've done several others.

/mnt/user/appdata/OpenVPN/ is where I pointed the config/ files to.

from there I'm not able to access the webUI.

 

I have very limited knowledge of linux so if I'm needed to do something other than the web interface please let me know how to.

 

Can you try changing

/mnt/user/appdata/OpenVPN/

to

/mnt/cache/appdata/OpenVPN/

Share this post


Link to post

Can you try changing

/mnt/user/appdata/OpenVPN/

to

/mnt/cache/appdata/OpenVPN/

 

No luck.

 

What's showing in the logs, also if the setup is interrupted then you may need to delete the container and appdata and try pulling again.

Share this post


Link to post

Color me dumb. but which log are you requesting? the installation log or the unraid log.. (sorry for being such a nub)

Share this post


Link to post

Color me dumb. but which log are you requesting? the installation log or the unraid log.. (sorry for being such a nub)

 

The docker container log

 

The one under logs on the far right

 

r8B1T9G.jpg

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.