[Support] Linuxserver.io - OpenVPN AS


1950 posts in this topic Last Reply

Recommended Posts

So basically, I can use the unsigned certificate then and it will still be secure?

 

Yeah, it's just warning you, because anyone can setup an unsigned certificate.  To get rid of the warning, you have to get the domain name validated by a third party to confirm you own the domain name.

Link to post
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

Sweet deal, thanks man.  I am able to connect over the internet from my phone to the admin account and i have internet access so it seems like everything is working, although I cannot connect to server from the web interface.  I am not going to worry and Ill test it out from my laptop later on.  Thanks again!

Link to post

Hi All,

A terribly bad question I'm sure but Im trying to setup OpenVPN and wish to set it up as a CA. I've installed the container, and can access the admin page. I am following the OpenVPN setup guide here - https://openvpn.net/index.php/open-source/documentation/howto.html#install - but am unable to locate the easy-rsa directory in my Unraid server. I assume as it is installed as a docker container the instructions on the setup guide are probably not 100% accuate but I cannot seem to find any easy-rsa directory and hence cannot proceed with generating certificates etc,

 

Can anyone point me in the right directions please?

 

The version installed is 2.0.20, so I *think* easy-rsa should be included.

 

Thanks

Link to post

Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI.

 

What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here.

Link to post

Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI.

 

What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here.

 

Why you adding repos to Unraid, just install Community Applications and install from there... Trust me, you'll like it...  ;)

 

To answer your question, no it's not command line only.  Eth0 is the interface to bind.

 

Link to post

Adding your repo to unraid isn't showing me any available dockers in the list, these aren't command line only are they as it looks like others managed to add them via GUI.

 

What interface should I be binding, the one with my local IP? Or do i need to create an virtual IF per docker? Struggling to get onto the web gui here.

 

Why you adding repos to Unraid, just install Community Applications and install from there... Trust me, you'll like it...  ;)

 

To answer your question, no it's not command line only.  Eth0 is the interface to bind.

 

Damn, good shout.. This needs more press!

Link to post

Hi All,

Can anyone please tell me how to get easy-rsa installed to suport my openvpn-as install? I have the vpn working fine with login credientials but want to move to certificate based authentication.

 

Also for my understanding, are the certs in the WEB SERVER menu of openvpn specifically relating to the Web UI and not related to Server/Client certificates for VPN users?

 

I need to be able to issue certs for VPN users on mobile devices. Cannot seem to get easy-rsa working.

 

THanks

Simon

 

 

 

 

Link to post

Hi there, do you mean no one uses easy-rsa?

I don't know if it comes as a container but it used to be a part of the openvpn install by default.

If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that?

 

Cheers

Link to post

Hi there, do you mean no one uses easy-rsa?

I don't know if it comes as a container but it used to be a part of the openvpn install by default.

If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that?

 

Cheers

 

No I mean we don't use the container.  Personally I use the OpenVPN on my router.

Link to post

 

Hi there, do you mean no one uses easy-rsa?

I don't know if it comes as a container but it used to be a part of the openvpn install by default.

If there is another way to achieve certificate based authentication via openvpn I'd more than happy to go with that?

 

Cheers

Use the OpenVPN plugin instead. This use easyrsa to create cert for client/server

Link to post

Hi All,

Can anyone please tell me how to get easy-rsa installed to suport my openvpn-as install? I have the vpn working fine with login credientials but want to move to certificate based authentication.

 

Also for my understanding, are the certs in the WEB SERVER menu of openvpn specifically relating to the Web UI and not related to Server/Client certificates for VPN users?

 

I need to be able to issue certs for VPN users on mobile devices. Cannot seem to get easy-rsa working.

 

THanks

Simon

 

Can I ask why you would you "need" to use easy-rsa to support the install / use of openvpn-as?

 

It is my understanding of openvpn-as that it generates unique certificates/key files etc for you as part of setting up logging on.

 

# Automatically generated OpenVPN client config file

# Generated on Sat Jan 23 15:38:45 2016 by main

# Note: this config file contains inline private keys

#      and therefore should be kept confidential!

 

You can of course download a user locked version or not.

 

What I did was follow the guides to add a user, change the users password. Enable auto login for that user. I make sure I check "Require user permissions record for VPN access" too. Open the port I selected on my router and forward it to the server port that openvpn-as is using. Then download the *.ovpn file which contained all the key authentication details / certs etc to allow the client (iPhone, Router, iMac, MacBookAir) to auto login. The connection is secure, encrypted and safe.

 

Not to get off topic but does openvpn docker or plugin have any advantages vs running openvpn on a router?  A decently powered router such as an asus ft-ac68.

 

As I understand it openvpn-as is automated and does allot of the configuration and unique key/certificate generation for you. It also provides a nice pretty UI to configure everything. In addition - I have noticed that the connection on my unRAID server via this Docker vs the connection on my ASUS RT-AC3200 router is that this Docker on my unRAID server is faster AND can support more users without noticing a speed drop.

 

One benefit of using openvpn on your router (not openvpn-as) I believe is that you don't have to purchase licences for more than 2 users. You can of course have multiple devices using the same users connection!

 

This is all AFAIK unless someone corrects me ....

 

EDIT: See this from the openvpn-as Server GUI:

 

User Authentication

User credentials are validated using one of the three (external) user databases below or using the locally configured users on 'Users Permissions' page.

IMPORTANT NOTE: if you are using autologin profiles (selectable on the User Permissions page), bear in mind that they authenticate using a certificate only and will therefore bypass credential-based authentication using the external authentication DBs below.

 

Authenticate users using:

 

Local

PAM [i have this enabled anyway but there are no configuration settings for PAM Authentication in that section of the GUI so no one can logon using that method. It is bypassed anyway as I use auto-login]

RADIUS

LDAP

Link to post

Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license.

 

A very succinct summary of my point in my above post!

Link to post

Please don't get this confused with the normal openvpn. This is OpenVPN-AS which is more of a streamlined package and administrated via the webui. Note that if you want more than 2 concurrent connections, you need to purchase a license.

 

A very succinct summary of my point in my above post!

Sorry danioj, didn't see your post above call mine the TL;DR :D

Link to post

Looks like I'm having the Ol' can't connect to the webUI problem.

 

I installed the docker the same way I've done several others.

/mnt/user/appdata/OpenVPN/ is where I pointed the config/ files to.

from there I'm not able to access the webUI.

 

I have very limited knowledge of linux so if I'm needed to do something other than the web interface please let me know how to.

Link to post

Looks like I'm having the Ol' can't connect to the webUI problem.

 

I installed the docker the same way I've done several others.

/mnt/user/appdata/OpenVPN/ is where I pointed the config/ files to.

from there I'm not able to access the webUI.

 

I have very limited knowledge of linux so if I'm needed to do something other than the web interface please let me know how to.

 

Can you try changing

/mnt/user/appdata/OpenVPN/

to

/mnt/cache/appdata/OpenVPN/

Link to post

Can you try changing

/mnt/user/appdata/OpenVPN/

to

/mnt/cache/appdata/OpenVPN/

 

No luck.

 

What's showing in the logs, also if the setup is interrupted then you may need to delete the container and appdata and try pulling again.

Link to post
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.