[Support] Linuxserver.io - OpenVPN AS


1950 posts in this topic Last Reply

Recommended Posts

1 minute ago, wgstarks said:

If you have the docker setup correctly I don’t think you’ll be able to use the user “admin”.

 

Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. 

Link to post
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

17 minutes ago, littlered said:

 

Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. 

 

If I recall, I was able to use the command line to change the password. I don't believe that it asked me for the current pwd before asking for the new one, but don't quote me on that - I've slept since then. Also, I'd agree with wgstarks - that would be a big security hole.

 

Of course, once someone's got enough access to your machine to run "docker exec" it's really too late anyway...

Link to post

Ok, so i am able to get it setup properly and working now but 2 things.

 

1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes.

 

2) I'm unable to see my mapped network drive while on the VPN

 

Any suggestions?

Link to post
Ok, so i am able to get it setup properly and working now but 2 things.
 
1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes.
 
2) I'm unable to see my mapped network drive while on the VPN
 
Any suggestions?
Never mine I realized my connection for the VPN on my laptop was set to specific IP with nothing in that field. Set to Obtain automatically and it worked. I also added another user beside root to the server
Link to post

After weeks of trying to figure this out.  I come to you for help.  I have a weird issue that I can't seem to figure out.  I can log into OpenVPN remotely but have access to nothing inside the network.  Also when I turn on OpenVPN my dockers lose their images as if they have no external access to the net.   (Don't think they do actually.  No plex access for example.)  These are my settings below. 

 

Let's start with settings.  

Server - https://snag.gy/A7vayi.jpg

Docker Setting - https://snag.gy/4yjMoX.jpg

OpenVPN Edit - https://snag.gy/7zQJI2.jpg

 

Inside container settings 

I have 9443 forwarded.  

 

Any ideas?!  I'm at a loss.

 

 

Link to post

My dns won't work while on the vpn. If i insert 8.8.8.8 then the dns server will work but only for public addresses. If I insert 192.168.2.1 which is my router it will not work.. Why??

Client Settings:
(yes it's german :D)

Ethernet-Adapter Ethernet 4:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : TAP Adapter OAS NDIS 6.0
   Physische Adresse . . . . . . . . : 00-FF-51-2E-D5-74
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::ed9a:e2dc:7753:198d%56(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 172.27.240.11(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.240.0
   Standardgateway . . . . . . . . . : 172.27.240.1
   DHCPv6-IAID . . . . . . . . . . . : 939589457
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1E-AC-F1-29-74-D4-35-EB-B1-FE
   DNS-Server  . . . . . . . . . . . : 192.168.2.1
   NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Router DNS-Server is 192.168.2.1


OpenVPN DNS Config
image.png.c6b348f6c4fa0a9d4b08814180e69605.png

Link to post
2 hours ago, gridrunner said:
As promised here is an updated video tutorial for setting up this excellent container. Hope its useful
 

 


Thanks for the update. I glanced through and will definitely try this.

Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers.

 

EDIT:  Interesting. I see the TLS Auth stuff is already configured.  Have to do some digging about the key/cert generation though.

 

EDIT2: Looks like the admin cert is still in the config, might be a good idea to revoke it as well as deleting the ID.  I also noticed several messages about a weak cipher being used when connected, definitely needs some hardening and such and changed to 256bit encryption but the video should get everyone started!

 

https://community.openvpn.net/openvpn/wiki/Hardening

 

Edited by digiblur
Link to post
1 hour ago, digiblur said:

 


Thanks for the update. I glanced through and will definitely try this.

Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers.

 

EDIT:  Interesting. I see the TLS Auth stuff is already configured.  Have to do some digging about the key/cert generation though.

 

If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate for that platform (windows, macOS, iOS, etc).

Edited by wgstarks
Link to post
2 minutes ago, wgstarks said:

If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate.

 

No, that's the simple part.  I'm used to doing this step and creating my own certs (that warm and fuzzy feeling of making the connection unique to you).  https://openvpn.net/index.php/open-source/documentation/howto.html#pki

Link to post
38 minutes ago, digiblur said:

Explain more on what you mean by this.

OpenVPN Access Server is commercial software. The docs probably have most of the details you want.

 

40 minutes ago, digiblur said:

Also , so if I install it twice there will be two different sets of keys/certs?

Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.

Link to post
Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.


It is OpenVPN, not sure what you are getting at.

If I installed it twice and had the same certs and keys that would mean I have the same keys/certs as the next guy. Oof... Will test this in the morning and fix the cipher version issues.
Link to post

Hello,

I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect:

 

Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1
Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194

 

Any ideas?
 

Link to post
34 minutes ago, Heciruam said:

Hello,

I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect:

 

Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1
Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194

 

Any ideas?
 

Did you forward the port on your router?

Link to post

Since i have tvheadend and embyserver in a docker (before they was installed in a ubuntu vm) i can't connect them when i have a vpn-connection. Not the webgui nor through e.g. tvhclient.

 

Anybody knows how i have to configure openvpn-as that i can connect them again?

Link to post

I've got this working (thanks to @gridrunner) but I can't quite see how to get it to pass proxy settings to the client so that web traffic from the client will pass through my local Privoxy (running in the DelugeVPN docker container) before going out to the web.

 

Googling for "openvpn proxy" just returns a load of results about how to access openvpn through a proxy, which isn't what I'm trying to do here, and I didn't find anything obvious in the openvpn-as WebUI…

 

Is there a way to get this to happen automatically on connect, or do I need to manually configure proxy settings each time? The client is the iOS OpenVPN Connect, if it matters…

 

Thanks!

Link to post
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.