[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

hi, 

i setup the docker and most of the time i can connect just fine.

Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything.

I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server...

 

any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great ;)

If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/

Link to comment
4 hours ago, Random.Name said:

hi, 

i setup the docker and most of the time i can connect just fine.

Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything.

I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server...

 

any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great ;)

If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/

 

As far as I know, there is no easy solution for that problem and it is a very common issue for people using 192.268.1.x

 

You would have to change one of the ip ranges

Link to comment
  • 2 weeks later...

I have OpenVPN working properly on my Unraid box, and can connect to it via the laptop with my configured user, so Im confident things are correct server side. What I can't do is get the OpenVPN connect page to render on my iPhone. Ive downloaded the OpenVPN client and attempted to import my profile, but the resulting page never fully renders. Trying both in Safari and Chrome all I get is the OpenVPN logo and the rest of the page is blank.

 

There's nothing in the logs server side, and Im not sure where to turn for anything more diagnostic. 

With the page not rendering I can't get my client.opvn file into the OpenVPN iOS app. Is there another way to do this? What am I missing?

Link to comment

I have used this a lot and it is ace. I do however get issues at one particular place that uses DPI to try and detect VPN traffic. Is there any interest in perhaps implementing an obfsproxy in the docker container to further hide the traffic? I know the Viscosity VPN client for Mac and Windows supports adding that layer from the client side.

Link to comment
1 hour ago, ziggie216 said:

Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. 

 

Also the web interface load very slow, normal?

 

Read the github or the docker hub page. It is all explained there

Link to comment

This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times.

 

Here's my config screen:

image.png.87106ed9ad6e5ea6c011ce90bbab5b61.png

 

Per the recommendations at Linuxserver's site, I've created a new users "localadmin":

image.png.493047ebfb3f2333b96714022e8ae612.png

I usually use KeePass to create long, complex, random passwords, but, because I've been having issues (which I thought may be related to pasting the password into the telnet session), I created a simple password for this account that I knew I could type correctly.

 

I've granted this new user admin rights:

image.png.e89bc6f60a19371e56219b5f32f6e3c9.png

 

I have authentication set to local so my users & passwords survive reinstall:

image.png.8b09fa6eadc8ad8aadf9a7df51d654df.png

 

Yet every time I try to log in as my new "localadmin" I'm told that it's an incorrect login:

image.png.aedf0fe5aa6ce62bb7e1ac3714be8932.png

 

I've attached the log after the most recent login attempt.

 

If someone would point me in the right direction, I'd be most grateful!

openvpn.log

Link to comment
2 minutes ago, FreeMan said:

This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times.

I think you’ll find that the instructions linked in the OP are much more helpful-

https://hub.docker.com/r/linuxserver/openvpn-as/

 

Scroll down to the setting up the application section.

 

 

 

@gridrunner has also released a video-

https://youtu.be/I58LTMKyeYw

Its good for reference but a little dated with regards to admin user configuration.

Link to comment
2 minutes ago, wgstarks said:

I think you’ll find that the instructions linked in the OP are much more helpful-

https://hub.docker.com/r/linuxserver/openvpn-as/

 

Scroll down to the setting up the application section.

 

Thanks, wgstarks. Seems I wasn't clear enough - those are the instructions I've been following (along with gridrunner's somewhat outdated video). I've done all these steps:



During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation).

The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons:
1) Set another user as an admin,
2) Delete the "admin" user in the gui,
3) Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin (this only has to be done once and will survive container recreation)

With the exception of #3 because the default admin account is the only one that will allow me to log in to the web interface.

 

I'd hoped that the screen shots provided would have shown that or shown where I thought I was following those steps but missed something.

 

I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message.

image.png.44b1965a0475b0d106fa71925ea9aeb0.png

Doesn't matter whether I try "Connect" or "Login". (Still not clear on the difference - I'll get that sorted once I can actually log in.)

Link to comment
11 minutes ago, wgstarks said:

Just to be sure, are you using this screen to create your local user?

 

Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line?

Link to comment
Just now, FreeMan said:

 

Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line?

IIRC, using CLI doesn't create the user in the local database. Log in with the default admin user and then add the new user in the gui as I described. Once you have verified that that user is working delete the default admin user in the gui and run step 3 from the dockerhub page to be sure the default user doesn't get recreated during updates.

 

Let me know if this works.

  • Upvote 1
Link to comment
33 minutes ago, wgstarks said:

Let me know if this works.

That did the trick!

 

I really appreciate the work @gridrunner has done with his video, but it seems that it really needs to be updated. Additionally, since so many places around here point users to that video, it would be super helpful if the linuxserver page contained a couple of notes on what's out dated and the current best methods. (hint, hint, @CHBMB :) ).

 

I've got port 943 forwarded to my server and from my phone (WiFi off) I'm able to browse to https://domain.com:943 where I can log in with my newly created user name & pwd. I downloaded the .ovpn autologin file, opened it with the Android OpenVPN client, but now it's timing out every time I try to connect. CPU load on the server ran about 25-50% with a few spikes to 60-75%. I've got decent network speed:

image.png.c907f96b4ff7ff273e2e70b05a5cd2eb.png

That's about normal for my hourly speed test runs.

 

I've attached the last 100 or so lines from the openvpn.log file. It looks like this is what's generated when I tried to connect.

 

ovpn.timeout.log

Edited by FreeMan
Link to comment

Once I get the timeout issue resolved, should I change this

image.png.dc819be0014c06631f6a45d8eb10c74a.png

by removing the 172... line since I'm only using 192.168 addresses?

 

Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network :) ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway...

Link to comment
25 minutes ago, FreeMan said:

Once I get the timeout issue resolved, should I change this

image.png.dc819be0014c06631f6a45d8eb10c74a.png

by removing the 172... line since I'm only using 192.168 addresses?

 

Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network :) ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway...

I left those settings at default and haven't had any issues. Maybe someone with better knowledge might have different suggestions.

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.