[Support] Linuxserver.io - OpenVPN AS


1950 posts in this topic Last Reply

Recommended Posts

  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

1 hour ago, puncho said:


Thanks, that worked! Is this the only way to access it? Doesn't seem like the most secure way to access it with having to allow auto allow log in and using ovpn


Sent from my iPhone using Tapatalk

 

Thats the only way I was able to get it to work on my iPhone

Link to post

hi, 

i setup the docker and most of the time i can connect just fine.

Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything.

I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server...

 

any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great ;)

If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/

Link to post
4 hours ago, Random.Name said:

hi, 

i setup the docker and most of the time i can connect just fine.

Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything.

I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server...

 

any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great ;)

If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/

 

As far as I know, there is no easy solution for that problem and it is a very common issue for people using 192.268.1.x

 

You would have to change one of the ip ranges

Link to post
  • 2 weeks later...

I have OpenVPN working properly on my Unraid box, and can connect to it via the laptop with my configured user, so Im confident things are correct server side. What I can't do is get the OpenVPN connect page to render on my iPhone. Ive downloaded the OpenVPN client and attempted to import my profile, but the resulting page never fully renders. Trying both in Safari and Chrome all I get is the OpenVPN logo and the rest of the page is blank.

 

There's nothing in the logs server side, and Im not sure where to turn for anything more diagnostic. 

With the page not rendering I can't get my client.opvn file into the OpenVPN iOS app. Is there another way to do this? What am I missing?

Link to post

I have used this a lot and it is ace. I do however get issues at one particular place that uses DPI to try and detect VPN traffic. Is there any interest in perhaps implementing an obfsproxy in the docker container to further hide the traffic? I know the Viscosity VPN client for Mac and Windows supports adding that layer from the client side.

Link to post

Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. 

 

Also the web interface load very slow, normal?

Edited by ziggie216
Link to post
1 hour ago, ziggie216 said:

Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. 

 

Also the web interface load very slow, normal?

 

Read the github or the docker hub page. It is all explained there

Link to post

This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times.

 

Here's my config screen:

image.png.87106ed9ad6e5ea6c011ce90bbab5b61.png

 

Per the recommendations at Linuxserver's site, I've created a new users "localadmin":

image.png.493047ebfb3f2333b96714022e8ae612.png

I usually use KeePass to create long, complex, random passwords, but, because I've been having issues (which I thought may be related to pasting the password into the telnet session), I created a simple password for this account that I knew I could type correctly.

 

I've granted this new user admin rights:

image.png.e89bc6f60a19371e56219b5f32f6e3c9.png

 

I have authentication set to local so my users & passwords survive reinstall:

image.png.8b09fa6eadc8ad8aadf9a7df51d654df.png

 

Yet every time I try to log in as my new "localadmin" I'm told that it's an incorrect login:

image.png.aedf0fe5aa6ce62bb7e1ac3714be8932.png

 

I've attached the log after the most recent login attempt.

 

If someone would point me in the right direction, I'd be most grateful!

openvpn.log

Link to post
2 minutes ago, FreeMan said:

This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times.

I think you’ll find that the instructions linked in the OP are much more helpful-

https://hub.docker.com/r/linuxserver/openvpn-as/

 

Scroll down to the setting up the application section.

 

 

 

@gridrunner has also released a video-

https://youtu.be/I58LTMKyeYw

Its good for reference but a little dated with regards to admin user configuration.

Link to post
2 minutes ago, wgstarks said:

I think you’ll find that the instructions linked in the OP are much more helpful-

https://hub.docker.com/r/linuxserver/openvpn-as/

 

Scroll down to the setting up the application section.

 

Thanks, wgstarks. Seems I wasn't clear enough - those are the instructions I've been following (along with gridrunner's somewhat outdated video). I've done all these steps:



During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation).

The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons:
1) Set another user as an admin,
2) Delete the "admin" user in the gui,
3) Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin (this only has to be done once and will survive container recreation)

With the exception of #3 because the default admin account is the only one that will allow me to log in to the web interface.

 

I'd hoped that the screen shots provided would have shown that or shown where I thought I was following those steps but missed something.

 

I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message.

image.png.44b1965a0475b0d106fa71925ea9aeb0.png

Doesn't matter whether I try "Connect" or "Login". (Still not clear on the difference - I'll get that sorted once I can actually log in.)

Link to post
5 minutes ago, FreeMan said:

I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message.

If you want to connect to the admin page you would use 192.168.1.5:943/admin

Link to post

Just to be sure, are you using this screen to create your local user?

 

w86nmq.jpg

 

Want to make sure you have set Authentication>General to local?

You entered a new user in the screen shown, with admin selected and a password in the proper field?

Saved the changes and updated the running server?

 

Link to post
11 minutes ago, wgstarks said:

Just to be sure, are you using this screen to create your local user?

 

Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line?

Link to post
Just now, FreeMan said:

 

Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line?

IIRC, using CLI doesn't create the user in the local database. Log in with the default admin user and then add the new user in the gui as I described. Once you have verified that that user is working delete the default admin user in the gui and run step 3 from the dockerhub page to be sure the default user doesn't get recreated during updates.

 

Let me know if this works.

Link to post
33 minutes ago, wgstarks said:

Let me know if this works.

That did the trick!

 

I really appreciate the work @gridrunner has done with his video, but it seems that it really needs to be updated. Additionally, since so many places around here point users to that video, it would be super helpful if the linuxserver page contained a couple of notes on what's out dated and the current best methods. (hint, hint, @CHBMB :) ).

 

I've got port 943 forwarded to my server and from my phone (WiFi off) I'm able to browse to https://domain.com:943 where I can log in with my newly created user name & pwd. I downloaded the .ovpn autologin file, opened it with the Android OpenVPN client, but now it's timing out every time I try to connect. CPU load on the server ran about 25-50% with a few spikes to 60-75%. I've got decent network speed:

image.png.c907f96b4ff7ff273e2e70b05a5cd2eb.png

That's about normal for my hourly speed test runs.

 

I've attached the last 100 or so lines from the openvpn.log file. It looks like this is what's generated when I tried to connect.

 

ovpn.timeout.log

Edited by FreeMan
Link to post

Once I get the timeout issue resolved, should I change this

image.png.dc819be0014c06631f6a45d8eb10c74a.png

by removing the 172... line since I'm only using 192.168 addresses?

 

Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network :) ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway...

Link to post
25 minutes ago, FreeMan said:

Once I get the timeout issue resolved, should I change this

image.png.dc819be0014c06631f6a45d8eb10c74a.png

by removing the 172... line since I'm only using 192.168 addresses?

 

Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network :) ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway...

I left those settings at default and haven't had any issues. Maybe someone with better knowledge might have different suggestions.

Link to post

I'll leave them as-is, then.

 

Thoughts on the timeout issue? It's the same thing I'm getting with my LetsEncrypt/NGINX server (I posted in that thread and never got it resolved). Everything else responds quite promptly from the WAN, but I'd like to close up all those open ports.

Link to post
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.