[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

1 minute ago, wgstarks said:

If you have the docker setup correctly I don’t think you’ll be able to use the user “admin”.

 

Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. 

Link to comment
17 minutes ago, littlered said:

 

Thanks, I am not actually trying to use the system admin. I created a new user and assigned it as the new admin as per the instructions, but I have forgotten the password and can't log in. 

 

If I recall, I was able to use the command line to change the password. I don't believe that it asked me for the current pwd before asking for the new one, but don't quote me on that - I've slept since then. Also, I'd agree with wgstarks - that would be a big security hole.

 

Of course, once someone's got enough access to your machine to run "docker exec" it's really too late anyway...

Link to comment

Ok, so i am able to get it setup properly and working now but 2 things.

 

1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes.

 

2) I'm unable to see my mapped network drive while on the VPN

 

Any suggestions?

Link to comment
Ok, so i am able to get it setup properly and working now but 2 things.
 
1) it seems to disconnect from my laptop when i remote in. Say about 5min or so while searching it just searches then i get the notification that i've been disconnected. So i just re log back in and its fine for a few minutes.
 
2) I'm unable to see my mapped network drive while on the VPN
 
Any suggestions?
Never mine I realized my connection for the VPN on my laptop was set to specific IP with nothing in that field. Set to Obtain automatically and it worked. I also added another user beside root to the server
Link to comment

After weeks of trying to figure this out.  I come to you for help.  I have a weird issue that I can't seem to figure out.  I can log into OpenVPN remotely but have access to nothing inside the network.  Also when I turn on OpenVPN my dockers lose their images as if they have no external access to the net.   (Don't think they do actually.  No plex access for example.)  These are my settings below. 

 

Let's start with settings.  

Server - https://snag.gy/A7vayi.jpg

Docker Setting - https://snag.gy/4yjMoX.jpg

OpenVPN Edit - https://snag.gy/7zQJI2.jpg

 

Inside container settings 

I have 9443 forwarded.  

 

Any ideas?!  I'm at a loss.

 

 

Link to comment

My dns won't work while on the vpn. If i insert 8.8.8.8 then the dns server will work but only for public addresses. If I insert 192.168.2.1 which is my router it will not work.. Why??

Client Settings:
(yes it's german :D)

Ethernet-Adapter Ethernet 4:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : TAP Adapter OAS NDIS 6.0
   Physische Adresse . . . . . . . . : 00-FF-51-2E-D5-74
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::ed9a:e2dc:7753:198d%56(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 172.27.240.11(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.240.0
   Standardgateway . . . . . . . . . : 172.27.240.1
   DHCPv6-IAID . . . . . . . . . . . : 939589457
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1E-AC-F1-29-74-D4-35-EB-B1-FE
   DNS-Server  . . . . . . . . . . . : 192.168.2.1
   NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Router DNS-Server is 192.168.2.1


OpenVPN DNS Config
image.png.c6b348f6c4fa0a9d4b08814180e69605.png

Link to comment
2 hours ago, gridrunner said:
As promised here is an updated video tutorial for setting up this excellent container. Hope its useful
 

 


Thanks for the update. I glanced through and will definitely try this.

Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers.

 

EDIT:  Interesting. I see the TLS Auth stuff is already configured.  Have to do some digging about the key/cert generation though.

 

EDIT2: Looks like the admin cert is still in the config, might be a good idea to revoke it as well as deleting the ID.  I also noticed several messages about a weak cipher being used when connected, definitely needs some hardening and such and changed to 256bit encryption but the video should get everyone started!

 

https://community.openvpn.net/openvpn/wiki/Hardening

 

Edited by digiblur
Link to comment
1 hour ago, digiblur said:

 


Thanks for the update. I glanced through and will definitely try this.

Couple questions... Do we not have to generate our own keys and such like many other openvpn installs I have done? Thinking I will have to since I use TLS auth for extra security on my current install on my edgerouter. Then the nervous nelly in me wants to generate my own unique keys as well. Never liked the Netgear router vpn setup that takes two seconds to setup as it worried me on a security standpoint that it might be sharing the same key with other routers.

 

EDIT:  Interesting. I see the TLS Auth stuff is already configured.  Have to do some digging about the key/cert generation though.

 

If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate for that platform (windows, macOS, iOS, etc).

Edited by wgstarks
Link to comment
2 minutes ago, wgstarks said:

If I understand your question, you just need to connect to the server from LAN on your mobile device and download/install the user certificate.

 

No, that's the simple part.  I'm used to doing this step and creating my own certs (that warm and fuzzy feeling of making the connection unique to you).  https://openvpn.net/index.php/open-source/documentation/howto.html#pki

Link to comment
38 minutes ago, digiblur said:

Explain more on what you mean by this.

OpenVPN Access Server is commercial software. The docs probably have most of the details you want.

 

40 minutes ago, digiblur said:

Also , so if I install it twice there will be two different sets of keys/certs?

Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.

Link to comment
Not sure what the use case is for running two dockers on the same network. Maybe if you use the same active directory for both dockers then a single certificate would work? I just use OpenVPN-AS for accessing a single network. Perhaps someone else can give you a better answer for this.


It is OpenVPN, not sure what you are getting at.

If I installed it twice and had the same certs and keys that would mean I have the same keys/certs as the next guy. Oof... Will test this in the morning and fix the cipher version issues.
Link to comment

Hello,

I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect:

 

Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1
Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194

 

Any ideas?
 

Link to comment
34 minutes ago, Heciruam said:

Hello,

I'm having a hard time setting this thing up. I followed gridrunners video carefully, but when I try to connect via OpenVPN GUI I get the following message over and over again as it tries to connect:

 

Sun Dec 17 18:42:58 2017 TLS: Initial packet from [AF_INET](myipadress):1194, sid=f21eac15 a8b634c1
Sun Dec 17 18:42:58 2017 TLS Error: cannot locate HMAC in incoming packet from [AF_INET](myipadress):1194

 

Any ideas?
 

Did you forward the port on your router?

Link to comment

I've got this working (thanks to @gridrunner) but I can't quite see how to get it to pass proxy settings to the client so that web traffic from the client will pass through my local Privoxy (running in the DelugeVPN docker container) before going out to the web.

 

Googling for "openvpn proxy" just returns a load of results about how to access openvpn through a proxy, which isn't what I'm trying to do here, and I didn't find anything obvious in the openvpn-as WebUI…

 

Is there a way to get this to happen automatically on connect, or do I need to manually configure proxy settings each time? The client is the iOS OpenVPN Connect, if it matters…

 

Thanks!

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.