[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

1 minute ago, digiblur said:

Has this container been updated to allow you to pick a better encryption method? Last time I used it my client app complained about several weak security options in the app and I didn't see an easy way to change them.

 

I changed my ciphers within the webgui itself. under advanced VPN config, I just added `cipher AES-256-CBC` to the server and client config directives

Link to comment

Hello, 

 

I posted this on linux.io's forum as well, but wanted to see if I could get a faster response here. Just started using openvpn-as, I want to be able to restrict where users can go within the Lan. right now I'm just advertising the unraid server to VPN users, but want to dial it down further to just plex ports. Don't want to give users access to the kingdom.

 

thanks in advance

Link to comment
  • 2 weeks later...

I'm having trouble getting this set up.

 

The Docker is configured correctly but i am unable to access the VPN remotely using either host or bridge on eth0.

I have bonding disabled.

I can only access the VPN remotely if i changed interface to br0 and then port forward to the new ip address  but then i have the problem of not being able to connect to the unraid webui which is the whole point of setting it up. When i switch back to eth0 and portforward to the unraid server's ip address i cannot connect

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='host' --privileged=true -e TZ="Australia/Sydney" -e HOST_OS="unRAID" -e 'TCP_PORT_943'='943' -e 'TCP_PORT_9443'='9443' -e 'UDP_PORT_1194'='1194' -e 'INTERFACE'='eth0' -e 'PGID'='100' -e 'PUID'='99' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' 'linuxserver/openvpn-as'

14838eadcaad9f357f44bf731f9a842f1f6e4faf9a31655b02020f72c3195b92

 

 

[edit] Still don't understand what the problem was, but i have fixed it by changing the port from 1194 to 1195.. can't see that anything else is using 1194 on unraid, it's a pretty stock config

 

Edited by reggierat
Link to comment
2018-03-24 18:06:48	stdout	[services.d] done.
2018-03-24 18:06:48	stdout	[services.d] starting services
2018-03-24 18:06:48	stdout	[cont-init.d] done.
2018-03-24 18:06:48	stdout	[cont-init.d] 50-interface: exited 0.
2018-03-24 18:06:48	stdout	MOD Default {} {}
2018-03-24 18:06:47	stdout	MOD Default {} {}
2018-03-24 18:06:46	stdout	MOD Default {} {}
2018-03-24 18:06:46	stdout	MOD Default {} {}
2018-03-24 18:06:45	stdout	[cont-init.d] 50-interface: executing... 
2018-03-24 18:06:45	stdout	[cont-init.d] 40-openvpn-init: exited 0.
2018-03-24 18:06:45	stdout	[cont-init.d] 40-openvpn-init: executing... 
2018-03-24 18:06:45	stdout	[cont-init.d] 30-config: exited 0.
2018-03-24 18:06:45	stdout	[cont-init.d] 30-config: executing... 
2018-03-24 18:06:45	stdout	[cont-init.d] 20-time: exited 0.
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	Universal Time is now:  Sat Mar 24 18:06:45 UTC 2018.
2018-03-24 18:06:45	stdout	Local time is now:      Sat Mar 24 18:06:45 UTC 2018.
2018-03-24 18:06:45	stdout	Current default time zone: 'Etc/UTC'
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	[cont-init.d] 20-time: executing... 
2018-03-24 18:06:45	stdout	[cont-init.d] 10-adduser: exited 0.
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	-------------------------------------
2018-03-24 18:06:45	stdout	User gid:    100
2018-03-24 18:06:45	stdout	User uid:    99
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	-------------------------------------
2018-03-24 18:06:45	stdout	GID/UID
2018-03-24 18:06:45	stdout	-------------------------------------
2018-03-24 18:06:45	stdout	https://www.linuxserver.io/donations/
2018-03-24 18:06:45	stdout	We gratefully accept donations at:
2018-03-24 18:06:45	stdout	Brought to you by linuxserver.io
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	         |_| |___/ |_|  \__/
2018-03-24 18:06:45	stdout	         | | \__ \ | | | () |
2018-03-24 18:06:45	stdout	         | | / __| | |  /  \ 
2018-03-24 18:06:45	stdout	         | |  ___   _    __
2018-03-24 18:06:45	stdout	          _         ()
2018-03-24 18:06:45	stdout	-------------------------------------
2018-03-24 18:06:45	stdout	
2018-03-24 18:06:45	stdout	[cont-init.d] 10-adduser: executing... 
2018-03-24 18:06:45	stdout	[cont-init.d] executing container initialization scripts...
2018-03-24 18:06:45	stdout	[fix-attrs.d] done.
2018-03-24 18:06:45	stdout	[fix-attrs.d] applying ownership & permissions fixes...
2018-03-24 18:06:45	stdout	[s6-init] ensuring user provided files have correct perms...exited 0.
2018-03-24 18:06:45	stdout	[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

Hey guys, 

any ideas? I'm always gettin connection refused on "192.168.1.35:1195/admin".

Also tried eth0 as INTERFACE variable.

 

I'm using Synology Docker with DDNS.

Unbenannt.PNG

Link to comment
9 minutes ago, passi0509 said:

I'm using Synology Docker with DDNS.

 

This is the unRAID forum. LinuxServerIO has another forum to support their dockers on other platforms. From first post in this thread:

 

On 10/6/2015 at 4:36 PM, linuxserver.io said:

If you are not using Unraid (and you should be!) then please do not post here, rather use the linuxserver.io forum for support.

 

Link to comment
  • 3 weeks later...

My apologies if I missed this or the answer should be obvious, but is there any way to put my VPN clients on the same subnet as the rest of my LAN pc's or assign IPs from my router's DHCP?  I have applications that look for 2 machines to be on the same LAN (or as some state...on the same WiFi <facepalm>) and they won't work over VPN in my current configuration.  Also, should I want to expand beyond 2 clients...is there a different...non-AS docker I should be using?

Link to comment
10 minutes ago, NeoMatrixJR said:

My apologies if I missed this or the answer should be obvious, but is there any way to put my VPN clients on the same subnet as the rest of my LAN pc's or assign IPs from my router's DHCP?  I have applications that look for 2 machines to be on the same LAN (or as some state...on the same WiFi <facepalm>) and they won't work over VPN in my current configuration.  Also, should I want to expand beyond 2 clients...is there a different...non-AS docker I should be using?

 

More than 2 clients and you need to buy a license from them.

 

As regards the VPN clients on the same subnet, have you looked at the settings in configuration => VPN settings?

Link to comment

I've got this running on my main server and everything's going great there. I'm planning to build a 2nd server to use for backups and have it located off-site. I'd like to install openvpn-as on it, and I'm sure that will go smoothly.

 

My question is how do I get my main server to connect via OVPN to the backup server so the backups can run through the tunnel? Is there a linux client that I would have to install on the main server? Would it have to be installed into the docker container that I'm using to run the backups from (lsio's duplicati container)? What would be my methodology here? I don't mind doing some searching, but I'm not entirely sure where to start.

Link to comment
3 hours ago, FreeMan said:

I've got this running on my main server and everything's going great there. I'm planning to build a 2nd server to use for backups and have it located off-site. I'd like to install openvpn-as on it, and I'm sure that will go smoothly.

 

My question is how do I get my main server to connect via OVPN to the backup server so the backups can run through the tunnel? Is there a linux client that I would have to install on the main server? Would it have to be installed into the docker container that I'm using to run the backups from (lsio's duplicati container)? What would be my methodology here? I don't mind doing some searching, but I'm not entirely sure where to start.

 

What is the purpose of this 2nd server, is it just for backups? If so I would just run a script which utilizes rsync over ssh. Then your backup will run over an encrypted ssh tunnel. The script will power on the server, run the backup, send you an e-mail with the log after it's done then power off the server. You can use the user script plugin to set up a cron job so it runs once a week or something. You can take a look at these threads.

https://lime-technology.com/forums/topic/52830-syncronize-servers-using-rsync-over-ssh-next-door-or-across-the-world/

https://lime-technology.com/forums/topic/68886-unraid-as-a-rsync-targetserver/

 

Link to comment

Relatively new to UnRaid, but I am following a guide from Spaceinvader One (guide linked below with timestamp for the specific step) on how to set up this docker and when I get to disabling the default admin when the docker is updated his instructions give me a rights error. I own the server, have the appdata export set to public (temporarily of course) and am running as an admin on the windows PC I am using to manipulate everything. Any insight on the subject or direction to an existing thread would be greatly appreciated.

 

Spaceinvader One - How to setup an openvpn server on unRAID for secure remote connections updated guide

https://youtu.be/EfBvvilnasU?t=8m20s

 

 

Link to comment
1 hour ago, Revrto said:

Relatively new to UnRaid, but I am following a guide from Spaceinvader One (guide linked below with timestamp for the specific step) on how to set up this docker and when I get to disabling the default admin when the docker is updated his instructions give me a rights error. I own the server, have the appdata export set to public (temporarily of course) and am running as an admin on the windows PC I am using to manipulate everything. Any insight on the subject or direction to an existing thread would be greatly appreciated.

 

Spaceinvader One - How to setup an openvpn server on unRAID for secure remote connections updated guide

https://youtu.be/EfBvvilnasU?t=8m20s

 

 

Just for clarification, did you add your new user as admin before disabling the default admin? I've used spaceinvader one's walkthrough without problems. also can you post the error

Link to comment

thanks for the quick reply.

 

Yes I added my own user as an admin. I get the error in notepad++, when I try to edit and save the file to the appdata folder, that I don't have proper permissions. Even though I have appdata set to public and am an admin on the windows system I am editing from. I am currently away from my desk so I cant send a screenshot but hopefully this gives some clarification.

Link to comment

 

4 minutes ago, Revrto said:

thanks for the quick reply.

 

Yes I added my own user as an admin. I get the error in notepad++, when I try to edit and save the file to the appdata folder, that I don't have proper permissions. Even though I have appdata set to public and am an admin on the windows system I am editing from. I am currently away from my desk so I cant send a screenshot but hopefully this gives some clarification.

OIC, for my perference, so I don't have to mess with file permissions, I would ssh as root to your unraid box, then use nano or pico (can't remember which one works ATM) to edit the file. Acutally if your on the most current version of unraid, there is a web terminal option.

Link to comment
54 minutes ago, ppunraid said:

 

OIC, for my perference, so I don't have to mess with file permissions, I would ssh as root to your unraid box, then use nano or pico (can't remember which one works ATM) to edit the file. Acutally if your on the most current version of unraid, there is a web terminal option.

 

Or you can use the Config File Editor plugin to edit the file.

  • Like 1
Link to comment
On 4/15/2018 at 5:32 PM, strike said:

 

What is the purpose of this 2nd server, is it just for backups? If so I would just run a script which utilizes rsync over ssh. Then your backup will run over an encrypted ssh tunnel. The script will power on the server, run the backup, send you an e-mail with the log after it's done then power off the server. You can use the user script plugin to set up a cron job so it runs once a week or something. You can take a look at these threads.

https://lime-technology.com/forums/topic/52830-syncronize-servers-using-rsync-over-ssh-next-door-or-across-the-world/

https://lime-technology.com/forums/topic/68886-unraid-as-a-rsync-targetserver/

 

 

Thanks very much for the links. I think that the ssh scripting is the way I'll go, but I want to use duplicati for the backups, retention periods, etc. duplicati has provision for a pre- and post-backup script, so I think this will work.

Link to comment
22 hours ago, ppunraid said:

Are you advertising routes through the vpn? Can you get to other docker apps...Can you ping your server?

 

Unfortunately I'm not familiar with what advertising routes is. I am able to ping the ip address. upon further investigation I am able to access the webui if i go directly to the IP address without a hostname. Any thoughts on how to get the hostnames working?

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.