Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Linuxserver.io - OpenVPN AS

Featured Replies

14 hours ago, FraxTech said:

I'm following the video from Spaceinvader One

The video is very good but a little outdated. Probably a good idea to also take a look at the instructions linked in the OP since they are updated as needed.

https://hub.docker.com/r/linuxserver/openvpn-as/

Scroll down to the "Setting up the application" section.

  • Replies 2k
  • Views 462.9k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • SpaceInvaderOne
    SpaceInvaderOne

    I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

  • PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

  • Stupifier
    Stupifier

    Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

 
Try the "Auto-Login" Profile.

Thanks, that worked! Is this the only way to access it? Doesn't seem like the most secure way to access it with having to allow auto allow log in and using ovpn


Sent from my iPhone using Tapatalk
1 hour ago, puncho said:


Thanks, that worked! Is this the only way to access it? Doesn't seem like the most secure way to access it with having to allow auto allow log in and using ovpn


Sent from my iPhone using Tapatalk

 

Thats the only way I was able to get it to work on my iPhone

On 11/11/2017 at 1:08 PM, MowMdown said:

 

Thats the only way I was able to get it to work on my iPhone

Sorry, meant on a laptop/desktop.

11 hours ago, puncho said:

Sorry, meant on a laptop/desktop.

 

Unfortunately I'm not aware of any other way to get it to properly connect without the auto-login profile.

 

None of my devices will connect without it.

 

 

hi, 

i setup the docker and most of the time i can connect just fine.

Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything.

I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server...

 

any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great ;)

If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/

4 hours ago, Random.Name said:

hi, 

i setup the docker and most of the time i can connect just fine.

Bt when i am on a network that is using the same local ip range (192.168.178.XXX) as my own network (where de vpn server lives) i can not connect to anything.

I guess this has to do with the network trying to route me to the currently local ips not the ips from the vpn server...

 

any tips how to fix this...since i am away from my server and can not access anything right now a remote solution would be great ;)

If i have to fix this on my server i guess i can create a mobil hotspot and vpn through there....:/

 

As far as I know, there is no easy solution for that problem and it is a very common issue for people using 192.268.1.x

 

You would have to change one of the ip ranges

Hey Guys, 

 

I must be missing something really basic here, I have installed this on my unraid box today, I can get to the admin interface but when i try to log in for the first time, it says incorrect login. I have used the one mentioned on the setup page.

 

Any ideas?

 

Thanks.

  • 2 weeks later...

I have OpenVPN working properly on my Unraid box, and can connect to it via the laptop with my configured user, so Im confident things are correct server side. What I can't do is get the OpenVPN connect page to render on my iPhone. Ive downloaded the OpenVPN client and attempted to import my profile, but the resulting page never fully renders. Trying both in Safari and Chrome all I get is the OpenVPN logo and the rest of the page is blank.

 

There's nothing in the logs server side, and Im not sure where to turn for anything more diagnostic. 

With the page not rendering I can't get my client.opvn file into the OpenVPN iOS app. Is there another way to do this? What am I missing?

I have used this a lot and it is ace. I do however get issues at one particular place that uses DPI to try and detect VPN traffic. Is there any interest in perhaps implementing an obfsproxy in the docker container to further hide the traffic? I know the Viscosity VPN client for Mac and Windows supports adding that layer from the client side.

Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. 

 

Also the web interface load very slow, normal?

Edited by ziggie216

1 hour ago, ziggie216 said:

Is /etc/passwd and /etc/group suppose to get reset back to default after every update? Seems like I have to reset the admin password and readd the user account back in every time. 

 

Also the web interface load very slow, normal?

 

Read the github or the docker hub page. It is all explained there

This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times.

 

Here's my config screen:

image.png.87106ed9ad6e5ea6c011ce90bbab5b61.png

 

Per the recommendations at Linuxserver's site, I've created a new users "localadmin":

image.png.493047ebfb3f2333b96714022e8ae612.png

I usually use KeePass to create long, complex, random passwords, but, because I've been having issues (which I thought may be related to pasting the password into the telnet session), I created a simple password for this account that I knew I could type correctly.

 

I've granted this new user admin rights:

image.png.e89bc6f60a19371e56219b5f32f6e3c9.png

 

I have authentication set to local so my users & passwords survive reinstall:

image.png.8b09fa6eadc8ad8aadf9a7df51d654df.png

 

Yet every time I try to log in as my new "localadmin" I'm told that it's an incorrect login:

image.png.aedf0fe5aa6ce62bb7e1ac3714be8932.png

 

I've attached the log after the most recent login attempt.

 

If someone would point me in the right direction, I'd be most grateful!

openvpn.log

2 minutes ago, FreeMan said:

This is the 2nd time I've tried installing OpenVPN-AS, and I've had trouble logging in as any user other than default admin both times.

I think you’ll find that the instructions linked in the OP are much more helpful-

https://hub.docker.com/r/linuxserver/openvpn-as/

 

Scroll down to the setting up the application section.

 

 

 

@gridrunner has also released a video-

https://youtu.be/I58LTMKyeYw

Its good for reference but a little dated with regards to admin user configuration.

2 minutes ago, wgstarks said:

I think you’ll find that the instructions linked in the OP are much more helpful-

https://hub.docker.com/r/linuxserver/openvpn-as/

 

Scroll down to the setting up the application section.

 

Thanks, wgstarks. Seems I wasn't clear enough - those are the instructions I've been following (along with gridrunner's somewhat outdated video). I've done all these steps:



During first login, make sure that the "Authentication" in the webui is set to "Local" instead of "PAM". Then set up the user accounts with their passwords (user accounts created under PAM do not survive container update or recreation).

The "admin" account is a system (PAM) account and after container update or recreation, its password reverts back to the default. It is highly recommended to block this user's access for security reasons:
1) Set another user as an admin,
2) Delete the "admin" user in the gui,
3) Modify the as.conf file under config/etc and replace the line boot_pam_users.0=admin with #boot_pam_users.0=admin (this only has to be done once and will survive container recreation)

With the exception of #3 because the default admin account is the only one that will allow me to log in to the web interface.

 

I'd hoped that the screen shots provided would have shown that or shown where I thought I was following those steps but missed something.

 

I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message.

image.png.44b1965a0475b0d106fa71925ea9aeb0.png

Doesn't matter whether I try "Connect" or "Login". (Still not clear on the difference - I'll get that sorted once I can actually log in.)

5 minutes ago, FreeMan said:

I've created another user for me to use, but when I go to 192.168.1.5:943 to login using my user name and the password I created, I get a "Login Failed" message.

If you want to connect to the admin page you would use 192.168.1.5:943/admin

I tried that but it won't let me log in with my "localadmin" user:

image.png.0ac21268fda17214f1b658ac676425d4.png

Just to be sure, are you using this screen to create your local user?

 

w86nmq.jpg

 

Want to make sure you have set Authentication>General to local?

You entered a new user in the screen shown, with admin selected and a password in the proper field?

Saved the changes and updated the running server?

 

11 minutes ago, wgstarks said:

Just to be sure, are you using this screen to create your local user?

 

Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line?

Just now, FreeMan said:

 

Nope, created the user from the command line as demonstrated in gridrunner's video. Nothing contradictory to that in the LinuxServer page, so I ran with it. Is it now preferred to create the users in the admin console instead of at the command line?

IIRC, using CLI doesn't create the user in the local database. Log in with the default admin user and then add the new user in the gui as I described. Once you have verified that that user is working delete the default admin user in the gui and run step 3 from the dockerhub page to be sure the default user doesn't get recreated during updates.

 

Let me know if this works.

33 minutes ago, wgstarks said:

Let me know if this works.

That did the trick!

 

I really appreciate the work @gridrunner has done with his video, but it seems that it really needs to be updated. Additionally, since so many places around here point users to that video, it would be super helpful if the linuxserver page contained a couple of notes on what's out dated and the current best methods. (hint, hint, @CHBMB :) ).

 

I've got port 943 forwarded to my server and from my phone (WiFi off) I'm able to browse to https://domain.com:943 where I can log in with my newly created user name & pwd. I downloaded the .ovpn autologin file, opened it with the Android OpenVPN client, but now it's timing out every time I try to connect. CPU load on the server ran about 25-50% with a few spikes to 60-75%. I've got decent network speed:

image.png.c907f96b4ff7ff273e2e70b05a5cd2eb.png

That's about normal for my hourly speed test runs.

 

I've attached the last 100 or so lines from the openvpn.log file. It looks like this is what's generated when I tried to connect.

 

ovpn.timeout.log

Edited by FreeMan

Once I get the timeout issue resolved, should I change this

image.png.dc819be0014c06631f6a45d8eb10c74a.png

by removing the 172... line since I'm only using 192.168 addresses?

 

Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network :) ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway...

25 minutes ago, FreeMan said:

Once I get the timeout issue resolved, should I change this

image.png.dc819be0014c06631f6a45d8eb10c74a.png

by removing the 172... line since I'm only using 192.168 addresses?

 

Also, should I be dynamically assigning addresses to VPN users in the 172 range? Is that a reasonable thing to do since all my PPN (Physical private network :) ) addresses are in 192.168? I'll only have a half-dozen or so people who will have accounts, so I don't actually mind statically assigning them (in the 192.168 range) - I've got most other machines on the network assigned static IPs anyway...

I left those settings at default and haven't had any issues. Maybe someone with better knowledge might have different suggestions.

I'll leave them as-is, then.

 

Thoughts on the timeout issue? It's the same thing I'm getting with my LetsEncrypt/NGINX server (I posted in that thread and never got it resolved). Everything else responds quite promptly from the WAN, but I'd like to close up all those open ports.

3 minutes ago, FreeMan said:

Thoughts on the timeout issue?

Not really. I don't use Android.

Might try the openvpn forum.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.