Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1517 posts in this topic Last Reply

Recommended Posts

oh i have no idea about anything...  i did try copying my .ovpn file to unraid  and ran command line  openvpn --config file.ovpn  it tries to connect to pfsense but gets error   is the openvpn command line i was using from openvpn-as..  or is it built in..

 

and does that mean  openvpn-as isnt what i need

 

what i want is 

script file

connect openvpn either A Unraid (Remote Site) or B  Pfsense Router (Remote Site)

run rysnc from host to Remote Site Unraid  all new Data

disconnect OpenVPN from either A or B   when rysnc is complete..

 

now my question is that what OpenVPN-As can do  or am i in the wrong forum and  i need somethong else

as i truly not sure.. so i figure i ask before i get in trouble being in wrong area 

Share this post


Link to post
49 minutes ago, comet424 said:

oh i have no idea about anything...  i did try copying my .ovpn file to unraid  and ran command line  openvpn --config file.ovpn  it tries to connect to pfsense but gets error   is the openvpn command line i was using from openvpn-as..  or is it built in..

 

and does that mean  openvpn-as isnt what i need

 

what i want is 

script file

connect openvpn either A Unraid (Remote Site) or B  Pfsense Router (Remote Site)

run rysnc from host to Remote Site Unraid  all new Data

disconnect OpenVPN from either A or B   when rysnc is complete..

 

now my question is that what OpenVPN-As can do  or am i in the wrong forum and  i need somethong else

as i truly not sure.. so i figure i ask before i get in trouble being in wrong area 

openvpn-as is just a server waiting for people to connect to it. For what you want to do, you'll need a client app. I think there are other opvenvpn versions out there for unraid that may do what you want, or you could do the opposite, have pfsense connect to unrai. From my limited knowledge of pfsense, it's pretty robust, so there shouldn't be an issue doing it that way. Infact, I may be deploying those to my inlaws place

Share this post


Link to post
On 11/14/2018 at 1:32 PM, aptalca said:

If a docker container has its own ip, the connection between that and the host will be blocked. That's a security feature of macvlan

If you install OpenVPN-as as Host without its own IP can you still connect to other dockers with their own IP? I have most of my dockers with their own IP for ease. 

Share this post


Link to post
29 minutes ago, witalit said:

I can't seem to connect to the OpenVPN web portal I get connection refused. I don't have any bonded interfaces just using eth0 in the VARIABLE field of docker config.. any ideas? imageproxy.php?img=&key=00b562fcac28e727

 

 

Openvpn-config.pngI think you need to specify an interface on network type, even if it's obvious your going to be using unraid's ip.

 

Share this post


Link to post

What the hell its working now.. I realised I had an old docker appdata folder for OpenVPN. Since wiping that and waiting around 30 minutes are re-installing docker its working. 

Share this post


Link to post

Sometimes the openvpn-as docker is fragile on upgrading. I upgraded to the most recent docker this morning and the OPENVPN server stopped working. From the openvpn.log it looks like it is missing a config item 'config_db_local':

2019-03-15 05:05:19-0400 [-] Server Shut Down.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] twist
d 17.9.0 (/config/bin/python 2.7.11) starting up.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] react
or class: twisted.internet.epollreactor.EPollReactor.
2019-03-15T05:05:41-0400 [stdout#info] *** Insecure settings found. Permissions 
for /config/etc/as.conf were set to 0666. Resetting Permissions to 0600 ***
2019-03-15T05:05:42-0400 [-] Unhandled Error
        Traceback (most recent call last):
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 396, in startReactor
            self.config, oldstdout, oldstderr, self.profiler, reactor)
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 311, in runReactorWithLogging
            reactor.run()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run
            self.mainLoop()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop
            self.runUntilCurrent()
        --- <exception caught here> ---
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 878, in runUntilCurrent
            call.func(*call.args, **call.kw)
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 203, in server_agent_init
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 58, in get_active_config_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/confdb.py", line 811, in get_active_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/dbwrap.py", line 87, in db
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 56, in <lambda>
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 260, in get_req
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 303, in get_type
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 478, in log
            
        pyovpn.util.error.SimpleError: "ConfigDict: required config-key 'config_db_local' is not defined": util/cdict:285,util/cdict:257,util/cdict:521,util/cdict:550 (exceptions.KeyError)

Anyone have an idea of what it should be and in what config file?

Share this post


Link to post
4 hours ago, witalit said:

If you install OpenVPN-as as Host without its own IP can you still connect to other dockers with their own IP? I have most of my dockers with their own IP for ease. 

There are 3 types, host, bridge, and macvlan. Macvlan is the only one with that restriction.

Share this post


Link to post
22 minutes ago, shaunsund said:

Sometimes the openvpn-as docker is fragile on upgrading. I upgraded to the most recent docker this morning and the OPENVPN server stopped working. From the openvpn.log it looks like it is missing a config item 'config_db_local':


2019-03-15 05:05:19-0400 [-] Server Shut Down.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] twist
d 17.9.0 (/config/bin/python 2.7.11) starting up.
2019-03-15T05:05:41-0400 [twisted.scripts._twistd_unix.UnixAppLogger#info] react
or class: twisted.internet.epollreactor.EPollReactor.
2019-03-15T05:05:41-0400 [stdout#info] *** Insecure settings found. Permissions 
for /config/etc/as.conf were set to 0666. Resetting Permissions to 0600 ***
2019-03-15T05:05:42-0400 [-] Unhandled Error
        Traceback (most recent call last):
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 396, in startReactor
            self.config, oldstdout, oldstderr, self.profiler, reactor)
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x
86_64.egg/twisted/application/app.py", line 311, in runReactorWithLogging
            reactor.run()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1243, in run
            self.mainLoop()
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 1252, in mainLoop
            self.runUntilCurrent()
        --- <exception caught here> ---
          File "/config/lib/python2.7/site-packages/Twisted-17.9.0-py2.7-linux-x86_64.egg/twisted/internet/base.py", line 878, in runUntilCurrent
            call.func(*call.args, **call.kw)
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 203, in server_agent_init
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 58, in get_active_config_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/confdb.py", line 811, in get_active_profile
            
          File "build/bdist.linux-x86_64/egg/pyovpn/db/dbwrap.py", line 87, in db
            
          File "build/bdist.linux-x86_64/egg/pyovpn/sagent/svcset.py", line 56, in <lambda>
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 260, in get_req
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 303, in get_type
            
          File "build/bdist.linux-x86_64/egg/pyovpn/util/cdict.py", line 478, in log
            
        pyovpn.util.error.SimpleError: "ConfigDict: required config-key 'config_db_local' is not defined": util/cdict:285,util/cdict:257,util/cdict:521,util/cdict:550 (exceptions.KeyError)

Anyone have an idea of what it should be and in what config file?

Openvpn-as devops is a bit of a mess, really.

 

They like to make significant (breaking) changes to their db and data through their package updates, but not during service start.

 

With this docker image, we don't do in place package updates, we replace the package along with the docker image. So the changes within their package updater need to be made manually. That happened about a year ago as well.

 

Essentially, you're seeing a version mismatch between the app and its data and unfortunately it's not something we can easily prevent in the future

Share this post


Link to post

Dear All.

firstly sorry for my english. I've succed create the VPN server on my unraid, and it's run perfectly, but i want to connect from my other Home network to unraid. because i use the Camera IP with USB 4g, connect directly to Buffalo router- running DD-WRT,

1. Can i connect from buffalo router to unraid server?

2. how can i setup using file client.opvn?

3. if not. are there anyway to do that. ?

i search for two day to do that. i use the client files. download from my unraid. and use the info do fill in the openVPN client on router. but can not connect.

please help me.

thanks you all.

Share this post


Link to post
4 hours ago, aptalca said:

There are 3 types, host, bridge, and macvlan. Macvlan is the only one with that restriction.

What about if I run OpenVPN on Host and the other dockers on macvlan can I connect to them? I setup OpenVPN earlier and was only able to connect to unRAID Gui but not other docker IP's.

Share this post


Link to post
6 hours ago, aptalca said:

Openvpn-as devops is a bit of a mess, really.

 

They like to make significant (breaking) changes to their db and data through their package updates, but not during service start.

 

With this docker image, we don't do in place package updates, we replace the package along with the docker image. So the changes within their package updater need to be made manually. That happened about a year ago as well.

 

Essentially, you're seeing a version mismatch between the app and its data and unfortunately it's not something we can easily prevent in the future

Spent about an hour digging through their scripts and their post install of their package to see what could be missing. Wasted time. Openvpn pulled the 2.7.2 release. We pushed an update to set latest back to 2.6.1. If you updated to 2.7.2 today, update again to go back to 2.6.1 and things should go back to normal.

  • Like 1
  • Upvote 1

Share this post


Link to post
2 hours ago, witalit said:

What about if I run OpenVPN on Host and the other dockers on macvlan can I connect to them? I setup OpenVPN earlier and was only able to connect to unRAID Gui but not other docker IP's.

No. Nothing on the host ip can connect to macvlan.

 

One user here tried putting openvpn on macvlan as well, in order to be able to connect to other containers on macvlan but he had other issues I believe. Don't recall the details, it was beyond my networking knowledge.

Share this post


Link to post

Last 2 updates broke my access to OpenVPN, had to delete container and delete directory then reinstall before i could access webgui again

 

Share this post


Link to post

hey guys is there any way to use this instead of pfsense on one side so i can do a site to site openvpn?  i want to be able to connect two houses and see shares on both sides of the tunnel.

Share this post


Link to post
3 hours ago, xman111 said:

hey guys is there any way to use this instead of pfsense on one side so i can do a site to site openvpn?  i want to be able to connect two houses and see shares on both sides of the tunnel.

You need a client on one side and a server on the other.  This is a server and you can configure pfsense as a client.

Share this post


Link to post

with 2 pfsense boxes, you can to server/client or peer to peer.  I am looking to do peer to peer.  That way everything on my network is available to everything on the other network.  Right now i can access the server admin page and the shares but none of the other computers on the other side of the tunnel.  Also, when i am connected to the tunnel, i can no longer see my own unraid on my side of the tunnel.  I think i am just going to buy another pfsense router and do it that way.

Share this post


Link to post
with 2 pfsense boxes, you can to server/client or peer to peer.  I am looking to do peer to peer.  That way everything on my network is available to everything on the other network.  Right now i can access the server admin page and the shares but none of the other computers on the other side of the tunnel.  Also, when i am connected to the tunnel, i can no longer see my own unraid on my side of the tunnel.  I think i am just going to buy another pfsense router and do it that way.
Makes more sense, I use my pfsense box for OpenVPN as then I can restart my server via IPMI without too much trouble.

Sent from my Mi A1 using Tapatalk

Share this post


Link to post

Just started having issues with openvpn-as. I noticed first that I was unable to connect and when I returned home, the web ui was not comming up. I have had issues in the past after an update so I deleted the container and the appdata config folder, then recreated the container. This did not help. As you will see in the logs. The container starts but the web ui fails to come up.

 

Logs: https://pastebin.com/6tFC05r5

Config:

image.thumb.png.d9e533fa5ba9d811433f82ed7838201e.png

 

Any ideas on what the issue is?

Share this post


Link to post
6 hours ago, cheesemarathon said:

Just started having issues with openvpn-as. I noticed first that I was unable to connect and when I returned home, the web ui was not comming up. I have had issues in the past after an update so I deleted the container and the appdata config folder, then recreated the container. This did not help. As you will see in the logs. The container starts but the web ui fails to come up.

 

Logs: https://pastebin.com/6tFC05r5

Config:

image.thumb.png.d9e533fa5ba9d811433f82ed7838201e.png

 

Any ideas on what the issue is?

Is it using host networking or bridge?

 

Nothing wrong in the docker log

Share this post


Link to post
Posted (edited)

Sorry this Post will not be a lot of help @cheesemarathon but I expierienced also problems after the last update and wanted to notify persons here over my expierience.

I noticed it just today because the WebGUI didn't came up but i didn't change anything on the Container for weeks.
I got a "Connection Refused" on the GUI and I got curious. After that i had done a "netstat -tulpn" on the unraid server itself and nothing showed up. Bot no Errors in the Docker log.


But a deletion from GUI (with active "also remove image"), a "rm -rf openvpn-as" from the Appdata over the console and reinstall of the Template from the WebGUI worked. I just had no internal config of the Container anymore.

@aptalca
On my Side it works with the Setup "eth0" on INTERFACE and also HOST Networking as Containerconfig

Edit:
But this didn't happend with my 2nd Server where the exact same configuration is running... Strange...

Edited by Stroker
Info 2nd Server

Share this post


Link to post
8 hours ago, aptalca said:

Is it using host networking or bridge?

 

Nothing wrong in the docker log

Currently host but I have tried both. No luck with either 

Share this post


Link to post

I'm not sure I'm asking this in the right place so apologies if it belongs elsewhere..

 

I have opnevpn docker setup and working perfectly, I have the open vpn client on my android phone setup and conecting as it should. What I would like to do if possible is have the openvpn server connect to either my privoxy or to my private internet access socks5 proxy. I'm trying to achieve the situation where I can connect the android openvpn client to my home server, browse and use the local network as it works at present, but also then forward any other web pages/searches to the provoxy or private internet access. This is to avoid having to disconnect and reconect my openvpn connection.

 

I don't know how to go about this, or if it is even possible. Any advice is much appreciated

Share this post


Link to post
Posted (edited)

so i got the server setup  and i downloaded the locked user client.ovpn file

 

and i copied to my 2nd unraid box

and using  Peter_MS OpenVPN Client for Unraid

when for now i need to type in user name and password...   and it cannot connect to dns name says it cant be found

yet on host side i have pfsense port forward udp port   as i wanna do  unraid to unraid for rsync transfer

 

i get the cant resolve host namebut it should be able too   system error i get 

 

Fri Mar 22 10:36:06 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Fri Mar 22 10:36:06 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 22 10:36:06 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Mar 22 10:36:06 2019 RESOLVE: Cannot resolve host address: <dnsaddress>:1200 (System error)
Fri Mar 22 10:36:06 2019 RESOLVE: Cannot resolve host address: <dnsaddress>:1200 (System error)
Fri Mar 22 10:36:06 2019 Could not determine IPv4/IPv6 protocol
Fri Mar 22 10:36:06 2019 SIGUSR1[soft,init_instance] received, process restarting
Fri Mar 22 10:36:06 2019 Restart pause, 10 second(s)

 

Edited by comet424

Share this post


Link to post
Posted (edited)

ok i found 2 bugs in this software

when you first install OpenServer AS

and you get the intitial settings   it has 1194  port i set it to 1200

and then when i logged into the server admin  it still kept the port  1194...so i re changed it to 1200 udp

 

but i just noticed the docker still points 1194 not 1200... so i guess there is a bug its not saving 

 

as you can see 2 out of 3  images show Port 1200  yet docker keeps it at 1194  no matter what you do

reboots  stop start does nothing..  its like Webgui..  the Docker  and the Docker Setting Of Openvpn -as  save 3 different locations for the Port  and not loading the same location

 

unraid1.JPG

unraid2.JPG

Edited by comet424

Share this post


Link to post

i edited config.json  and changed 1194 to 1200   but didnt help

in next 2 photos...

i first did a reboot...  then did a FORCE UPDATE  then a screen shot after it

and no change still forced 1194 not 1200 like its supposed to be

 

unraid3.JPG

unraid4.JPG

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.