[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

Thank you for all the suggestions i managed to figure out what the problem was for whatever reason auto login needed to be enabled.

 

 as well as my local subnet being the issue they cant be identical in linux though this isnt a problem on windows

.

lastly having the (use this network only for its local resources) box enabled makes it not work (SOLVED)

Link to comment
On 5/10/2018 at 8:09 AM, Sinister said:

I believe I already know which one your talking about and it' is enabled by default I just connected through my mobile device and I can access everything with no problem

Has anyone had luck with this? Since the update my clients connect to OpenVPN-AS but I can't access any local devices. IE going to 192.168.1.1 just accesses the router at the remote site and not my router at home where UnRaid is. Similarly, I can't access the UnRaid WebUI.

Link to comment
35 minutes ago, daniel329 said:

Has anyone had luck with this? Since the update my clients connect to OpenVPN-AS but I can't access any local devices. IE going to 192.168.1.1 just accesses the router at the remote site and not my router at home where UnRaid is. Similarly, I can't access the UnRaid WebUI.

Not sure what OS your running but if it is Windows then spaceinvader one  tutorial works flawlessly. If its linux like my issue was then I'm no expert by any means but I can tell you what worked in my specific case 

Link to comment
1 hour ago, daniel329 said:

going to 192.168.1.1 just accesses the router at the remote site and not my router at home

That is a different issue. You need to make sure your home environment is a unique subnet so you won't have that type of collision. Use something unique like 192.168.210.X on your home network, that way no matter what remote network you access it from, the IP's will be unique.

 

There are ways to work around it, but changing your home network subnet is the easiest foolproof method.

Link to comment
  • 3 weeks later...

Hey all. Installed the Docker and was following Space invader's video but after disabling the admin user account and creating another account I've locked myself out of the openVPN webUI. I removed the docker and reinstalled but to no avail. Now the new docker install wont accept the default (admin/password). any idea how i can truly clear all settings on the docker and start with all default configs?

Link to comment
15 minutes ago, WarDave said:

On the unraid docker I have tried to login to the admin ui with admin/openvpn with no luck as it shows in the wiki. Whats the default password? It doesnt state it in the directions or any of the settings boxes on the unraid plugin setup.

What wiki?

 

Did you look at any of the documentation linked in the first post of this thread?

 

See the docker hub or github links

Link to comment
26 minutes ago, trurl said:

What wiki?

 

Did you look at any of the documentation linked in the first post of this thread?

 

See the docker hub or github links

Yes but for example Docker Hub: https://hub.docker.com/r/linuxserver/openvpn-as/ shows a setup guide nothing like it is for unraid, for example

 

Usage

docker create \
--name=openvpn-as \
-v <path to data>:/config \
-e PGID=<gid> -e PUID=<uid> \
-e TZ=<timezone> \
-e INTERFACE=<interface> \
--net=host --privileged \
linuxserver/openvpn-as

 

 

You dont have to do this to set it up on unraid and none of the boxes to configure it shows a password box so you can edit the default one or the txt at the top doesnt show what its set to.

 

xVBDsvt.png

Edited by WarDave
Link to comment
10 hours ago, WarDave said:

Yes but for example Docker Hub: https://hub.docker.com/r/linuxserver/openvpn-as/ shows a setup guide nothing like it is for unraid, for example

 

Usage


docker create \
--name=openvpn-as \
-v <path to data>:/config \
-e PGID=<gid> -e PUID=<uid> \
-e TZ=<timezone> \
-e INTERFACE=<interface> \
--net=host --privileged \
linuxserver/openvpn-as

 

 

You dont have to do this to set it up on unraid and none of the boxes to configure it shows a password box so you can edit the default one or the txt at the top doesnt show what its set to.

 

xVBDsvt.png

 

The page you linked to tells you what the default user pass are. 

Link to comment
On 10/7/2015 at 2:06 AM, linuxserver.io said:

linuxserver_medium.png

 

Application Name: OpenVPN-AS

Application Site: https://openvpn.net/index.php/access-server/overview.html

Docker Hub: https://hub.docker.com/r/linuxserver/openvpn-as/

Github: https://github.com/linuxserver/docker-openvpnas

 

Please post any questions/issues relating to this docker you have in this thread.

 

If you are not using Unraid (and you should be!) then please do not post here, rather use the linuxserver.io forum for support.

 

For upgrading from 2.1.9 to 2.1.12 you may need to follow the directions in this post https://forums.lime-technology.com/topic/41631-support-linuxserverio-openvpn-as/?do=findComment&comment=598988

 

Installed but when i click the webUI it says the below.

This site can’t be reached

192.168.0.120 refused to connect.

 

Link to comment
  • 2 weeks later...

I have been running this OpenVPN container without issues for a few months now.  Once I realized the option for assigning containers their own IP address was available in Unraid, I assigned most of my containers static IPs in their settings so I could use my router software to track bandwidth usage.  I did not reassign the OpenVPN container and left it running on the same IP as Unraid.

 

Internally, everything is fine.  But when I connect via OpenVPN, I cannot get to any container that has it's own IP address.  I am able to reach the Unraid webgui and any container still running off of the Unraid IP address.  I am able to get to any other resources on the network with other PCs, web sites not on Unraid, etc.  The static IPs are on the same internal subnet, 192.168.1.0/24.

 

In searching for information, I came upon this old reddit thread where the top response says "Using custom IP's (macvlan) isolates you from the host, can't remember if it also isolates you from other containers.".  Is this correct, and if so, is there any way around it or do I have to reassign the containers back to using the Unraid IP if I want to access them via OpenVPN?

Edited by Lo Key
Link to comment
3 hours ago, Lo Key said:

I have been running this OpenVPN container without issues for a few months now.  Once I realized the option for assigning containers their own IP address was available in Unraid, I assigned most of my containers static IPs in their settings so I could use my router software to track bandwidth usage.  I did not reassign the OpenVPN container and left it running on the same IP as Unraid.

 

Internally, everything is fine.  But when I connect via OpenVPN, I cannot get to any container that has it's own IP address.  I am able to reach the Unraid webgui and any container still running off of the Unraid IP address.  I am able to get to any other resources on the network with other PCs, web sites not on Unraid, etc.  The static IPs are on the same internal subnet, 192.168.1.0/24.

 

In searching for information, I came upon this old reddit thread where the top response says "Using custom IP's (macvlan) isolates you from the host, can't remember if it also isolates you from other containers.".  Is this correct, and if so, is there any way around it or do I have to reassign the containers back to using the Unraid IP if I want to access them via OpenVPN?

 

That is correct and it is a limitation (security feature) of macvlan. 

 

There was another user here who tried to put openvpn on macvlan as well but still couldn't access the containers.

 

Question though, why do you want every container to have their own ip? Most of them only need one port to interface through. Why not just map a port on the host?

Link to comment
6 minutes ago, aptalca said:

 

That is correct and it is a limitation (security feature) of macvlan. 

 

There was another user here who tried to put openvpn on macvlan as well but still couldn't access the containers.

 

Question though, why do you want every container to have their own ip? Most of them only need one port to interface through. Why not just map a port on the host?

 

 

You may have been referring to me. I'm having this issue.  It is expected behavior.  dockers with their own IP will be able to talk to each other but not other docker containers with host IP by design.  I have moved my OpenVPN docker to its own IP as well, but I'm struggling to get the VPN connected clients to talk to anything other than the br0 containers in this scenario.

 

As for why we want them on their own IP, well for me I have a few services that run the same port and I prefer to not redirect the port to something else.  And if you even have 1 docker container using its own IP your VPN connected clients cant talk to them when running as a docker.  Kind of the point of a VPN server.  Unfortunately my search thus far has been fruitless and I may have to go back to OpenVPN as a VM instead of a docker container.  

Link to comment

There are at least two ways around this depending on your server hardware. (fully supported)

Best solution: at least 2 network interfaces.

  Do not bond the interfaces.

  Do not assign an IP to the 2nd interface (eth1/br1)

  Delete the docker custom network on eth0/br0

  Setup the docker custom network on eth1/br1

  Move all containers there.

  Done - you've side stepped the security feature/limitation ov mcvlan networks

Alternate solution: have VLAN support on your network

  Create a VLAN subinterface (eth0.1/br0.1)

  Do not assign an IP to the VLAN subinterface

  Create a docker custom network on it

  Move containers there

  Done - you've side stepped the security feature/limitation ov mcvlan networks

Alternate solution (not sure if supported by the GUI)

  in the go file, add code to create a macvlan subinterface (mac0)

  remove unRAID IP from eth0/br0

  assign unRAID IP to macvlan subinterface (reset network gateway)

  Done - unRAID should be able to use the macvlan subinterface to work as if nothing has changed. conainters on docker custom networks  should be able to talk to unRAID via the macvlan subinterface which does no trigger the security feature limitation.

  • Like 3
Link to comment

@ken-ji it worked!  Thank you so much!  With everything moved over, I'm now able to get to any docker with an assigned static IP over OpenVPN.

 

I had not managed anything with docker from the command line before this.  So, in case anyone else was like me and wants to do this, here were the commands I used in the console for the steps "Delete the docker custom network on eth0/br0" and "Setup the docker custom network on eth1/br1" after I had broken the bond on the interfaces in network settings:

 

docker network ls                (this will list out what docker networks are available)

 

NETWORK ID          NAME                DRIVER              SCOPE
c152fe231096        br0                 macvlan             local
2077b50fac9e        bridge              bridge              local
c73f55312022        host                host                local
e219d9bf945e        none                null                local
 

docker network rm br0   (this will delete the br0 network used by docker when static ips are applied - be sure you're ready to do this)

 

docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=eth1 docker            (creates the new network and names it "docker".  Name it what you want.  Make sure the network settings match your own local network if you're keeping them all on the same subnet.)

 

Then, go into Docker and move each container onto the new network.

 

 

Link to comment

I am trying to use the letsencrypt certbot docker (https://lime-technology.com/forums/topic/51808-support-linuxserverio-letsencrypt-nginx/) to create/update the web server certificate for the openvpn-as docker. I mounted the directory containing the certificates in this docker, but when I try to use the command line to set the certificates for openvpn, I get an error. 

root@3d57a74c7d35:/usr/local/openvpn_as/scripts# ./sacli --key "cs.priv_key" --value_file "{PRIV_KEY_LOCATION}" ConfigPut
ERROR: [Errno 2] No such file or directory: '{PRIV_KEY_LOCATION}': util/options:79,sagent/sacli:808,util/simplefile:28,util/simplefile:20 (exceptions.IOError)

Are there any instructions on how to update the web server certificate automatically? Or can anyone tell me what is going wrong?

Link to comment
  • trurl pinned and unpinned this topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.