Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1555 posts in this topic Last Reply

Recommended Posts

Hi Guys,

 

So i had OpenVPN running smoothly until last nights update. (Have auto updating turned on).  When i tried to connect this morning it wouldn't connect.  Checked my openvpn-as appdata share and most of the contents were missing.  Not a big deal.  Just created from scratch and had the config back working about 10 mins later.

 

My problem is that now i can't connect on UDP (port 1194).  Port is still forwarded to the container it just won't connect.  I tried changing it to TCP (Port 9443, Opened it on my router) and it worked first time.  I just can't for the life of me figure out why this bugger won't connect on UDP any more.

 

Anyone else had a similar experience?

 

Below are my port mappings,  Using Bridged as my networking option.

 

172.17.0.10:1194/UDP-192.168.0.18:1194
172.17.0.10:943/TCP-192.168.0.18:943
172.17.0.10:9443/TCP-192.168.0.18:9443

Share this post


Link to post
3 hours ago, CHBMB said:

Try this from the terminal

docker exec -it openvpn-as bash
nano /config/etc/as.conf

Make your change then press ctrl & x and then type y to save and restart the container.

Sent from my Mi A1 using Tapatalk
 

No nano inside openvpn container.

 

He needs to edit it on unraid directly via "nano /mnt/user/appdata/openvpn-as/etc/as.conf"

Share this post


Link to post
No nano inside openvpn container.
 
He needs to edit it on unraid directly via "nano /mnt/user/appdata/openvpn-as/etc/as.conf"
I wondered that, but thought it was worth a try as I couldn't see what his appdata path was on mobile.

aptalca, worth us putting nano in and then documenting it on the readme? That way avoids SMB permission issues like this? Wouldn't add much to the container size. Just a thought.



Sent from my Mi A1 using Tapatalk

Share this post


Link to post
37 minutes ago, aptalca said:

No nano inside openvpn container.

 

He needs to edit it on unraid directly via "nano /mnt/user/appdata/openvpn-as/etc/as.conf"

Tnx. I sucess edit this conf. Everything now is ok, but i force update again can't connect to WEB UI. Is this normal? Can I normally update version of openvpn when it comes up.

Share this post


Link to post
7 hours ago, sauso said:

Hi Guys,

 

So i had OpenVPN running smoothly until last nights update. (Have auto updating turned on).  When i tried to connect this morning it wouldn't connect.  Checked my openvpn-as appdata share and most of the contents were missing.  Not a big deal.  Just created from scratch and had the config back working about 10 mins later.

 

My problem is that now i can't connect on UDP (port 1194).  Port is still forwarded to the container it just won't connect.  I tried changing it to TCP (Port 9443, Opened it on my router) and it worked first time.  I just can't for the life of me figure out why this bugger won't connect on UDP any more.

 

Anyone else had a similar experience?

 

Below are my port mappings,  Using Bridged as my networking option.

 

172.17.0.10:1194/UDP-192.168.0.18:1194
172.17.0.10:943/TCP-192.168.0.18:943
172.17.0.10:9443/TCP-192.168.0.18:9443

Did you forward the udp port on your router as udp?

Share this post


Link to post
6 hours ago, Kristijan said:

Tnx. I sucess edit this conf. Everything now is ok, but i force update again can't connect to WEB UI. Is this normal? Can I normally update version of openvpn when it comes up.

Your previous logs showed a lot of weird errors.

 

Post a new log with your new config

Share this post


Link to post
1 hour ago, aptalca said:

Your previous logs showed a lot of weird errors.

 

Post a new log with your new config

Now is ok, but i dont run force update, after this i can't connect to WEB UI and I must remove docker, delete open vpn folder in appdata, and start installation again.

 

 

5.PNG

Share this post


Link to post
Posted (edited)

Hmm, I went ahead and updated to the latest version and I can't connect to the VPN or the WebUI page now.  It worked fine with the workaround posted earlier (forcing it to an earlier version), but not anymore.openvpndocker.thumb.PNG.b8dbb67b889be7e004eef57c9698f404.PNG

 

I also don't see any errors in the log.

 

openvpndockerlog.PNG

 

Also, as a side note, if you try to go back to the previous version, it will tell you the command failed and create an orphaned image.  I had to remove all orphaned containers, then go to CA and re-add the docker container.  Luckily nothing happened to my settings and it all works now pointing to the older version.

Edited by Coolsaber57
1 more issue.

Share this post


Link to post
3 hours ago, aptalca said:

Did you forward the udp port on your router as udp?

yep, nothing changed.  Port was forwarded and it was working fine before the update.  If i nmap the udp port from my local PC to the server it is showing as closed.

 

 

Capture.JPG

Share this post


Link to post
yep, nothing changed.  Port was forwarded and it was working fine before the update.  If i nmap the udp port from my local PC to the server it is showing as closed.
 
 
Capture.JPG.c945501555e6695d6431ffbfff6d0226.JPG


What’s your run command Sauso?
If you run in bridge mode with privileged=off, you also need --cap-add=NET_ADMIN
This was missing for me, probably because I’ve just been updating without problems for a long time and am using a very old template. It was causing all sorts of problems until I fixed it.
Just a thought, might not be your problem.


Sent from my iPhone using Tapatalk

Share this post


Link to post
2 hours ago, Coolsaber57 said:

Hmm, I went ahead and updated to the latest version and I can't connect to the VPN or the WebUI page now.  It worked fine with the workaround posted earlier (forcing it to an earlier version), but not anymore.openvpndocker.thumb.PNG.b8dbb67b889be7e004eef57c9698f404.PNG

 

I also don't see any errors in the log.

 

openvpndockerlog.PNG

 

Also, as a side note, if you try to go back to the previous version, it will tell you the command failed and create an orphaned image.  I had to remove all orphaned containers, then go to CA and re-add the docker container.  Luckily nothing happened to my settings and it all works now pointing to the older version.

 

Change it to bridge network as in the Readme and posted many times recently. 

Share this post


Link to post

I was also having problems getting openvpn-as back up and going. 

 

Tonight I made sure everything was completely deleted and the I download the linuxserver version using the Apps tab.  This way it wouldn't be using any of the settings that I might have in my personal dockers (I don't know if this part really mattered though).

image.thumb.png.1d8f95225e2bfaf582cb67060238c2a9.png

After I first ran the docker I saw these errors in my log file:

image.thumb.png.46c12cd3cc160eb90b81359da3816960.png

...

image.thumb.png.8857bec757b81365120f532db9836145.png

 

But after that the web UI was working again.  I stopped and started the docker and everything seemed to come back fixed:

image.png.afc782879e4c61269190d8f7b895201a.png

 

The last part I had difficulty with was figuring out where I could download the connection profile.  I finally found that if I changed "https://###.###.###.###:943/admin/" to be "https://###.###.###.###:943/?src=connect", I was able to download what I needed.  I'm sure there is an easier way but this did seem to work.

 

Everything seems to be back in order!  Sorry for such a long post, but I thought it might be helpful to see what I saw.

Share this post


Link to post
14 minutes ago, scott47 said:

I was also having problems getting openvpn-as back up and going. 

 

Tonight I made sure everything was completely deleted and the I download the linuxserver version using the Apps tab.  This way it wouldn't be using any of the settings that I might have in my personal dockers (I don't know if this part really mattered though).

image.thumb.png.1d8f95225e2bfaf582cb67060238c2a9.pngimageproxy.php?img=&key=00b562fcac28e727

After I first ran the docker I saw these errors in my log file:

imageproxy.php?img=&key=00b562fcac28e727image.thumb.png.46c12cd3cc160eb90b81359da3816960.png

...

image.thumb.png.8857bec757b81365120f532db9836145.png

 

But after that the web UI was working again.  I stopped and started the docker and everything seemed to come back fixed:

image.png.afc782879e4c61269190d8f7b895201a.png

 

The last part I had difficulty with was figuring out where I could download the connection profile.  I finally found that if I changed "https://###.###.###.###:943/admin/" to be "https://###.###.###.###:943/?src=connect", I was able to download what I needed.  I'm sure there is an easier way but this did seem to work.

 

Everything seems to be back in order!  Sorry for such a long post, but I thought it might be helpful to see what I saw.

Those errors are harmless. The openvpn package is trying to start itself via systemd after install and also after init and it's failing because there is no systemd service inside the container. We manage it with s6, so you can ignore those errors.

Client/admin web pages are managed through the admin gui. By default both are served over port 943, where the naked url gets you the client ui and the /admin subfolder gets you the admin interface. They are all openvpn-as standard behavior.

Share this post


Link to post
Posted (edited)
12 hours ago, Jorgen said:

 


What’s your run command Sauso?
If you run in bridge mode with privileged=off, you also need --cap-add=NET_ADMIN
This was missing for me, probably because I’ve just been updating without problems for a long time and am using a very old template. It was causing all sorts of problems until I fixed it.
Just a thought, might not be your problem.


Sent from my iPhone using Tapatalk

 

Hey Jorgen,

 

Below is my docker run.  It already has NET_ADMIN in it so i'm at a loss.  

 

docker run -d --name='openvpn-as' --net='bridge' -e TZ="Australia/Sydney" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'

 

This is where is gets really bizarre.  If if terminal into my unraid box and run  an nmap to the container the port is open.   I can even connect to localhost, the IP of my unraid box and the ip of the container all successfully.  But as soon as i try from another device it shows as blocked.

 

Anyone else have any ideas?

Capture.JPG

 

***EDIT***

Still scratching my head so i decided to setup the openvpn appliance.  changed my port forward to the new appliance and it worked first time.

 

Could it be my Unraid server blocking the connection??

 

**FINAL EDIT**

So i'm a muppet.  Something funky must have been going on in my Unraid box.  Restarted it and it came good straight away...  I forgot rule 1 of tech support.  Have you tried turning it off and on again....

Edited by sauso
update

Share this post


Link to post
Posted (edited)

I'm finally getting around to fixing openvpn-as, and it looks like I'm a few weeks behind all the threads. My openvpn-as stopped connecting, can't get to web-ui either. I deleted the docker, image, and appdata. The new settings don't match what Spacedinvader's video has, there's no INTERFACE section. A bunch of the defaults that come up are not the same.

 

When I just do the best I can in there, and hit Apply, still no web-gui. I see that some folks posted

docker pull linuxserver/openvpn-as:2.6.1-ls11

But I can't get this command to work in either the Main ">_", or in the docker Console >_

docker pull

does return a message, so there is a "docker" command in the Main console, but it gets confused when I put the rest of the "linuxserver/openvpn-as:2.6.1-ls11" on the line, also with "double quotes".

 

I tried installing the docker, then updating the Repository in the Docker template to "linuxserver/openvpn-as:2.6.1-ls11" but I still don't get any of the correct fields.

 

Would someone spell out the steps for rolling this back correctly to make it work for the interim? Including turning off auto-update to keep it from breaking automatically during the next update?

 

whuffie in advance.

 

xzSomEom.png

 

Edited by dkerlee

Share this post


Link to post
8 hours ago, dkerlee said:

I'm finally getting around to fixing openvpn-as, and it looks like I'm a few weeks behind all the threads. My openvpn-as stopped connecting, can't get to web-ui either. I deleted the docker, image, and appdata. The new settings don't match what Spacedinvader's video has, there's no INTERFACE section. A bunch of the defaults that come up are not the same.

 

When I just do the best I can in there, and hit Apply, still no web-gui. I see that some folks posted


docker pull linuxserver/openvpn-as:2.6.1-ls11

But I can't get this command to work in either the Main ">_", or in the docker Console >_


docker pull

does return a message, so there is a "docker" command in the Main console, but it gets confused when I put the rest of the "linuxserver/openvpn-as:2.6.1-ls11" on the line, also with "double quotes".

 

I tried installing the docker, then updating the Repository in the Docker template to "linuxserver/openvpn-as:2.6.1-ls11" but I still don't get any of the correct fields.

 

Would someone spell out the steps for rolling this back correctly to make it work for the interim? Including turning off auto-update to keep it from breaking automatically during the next update?

 

whuffie in advance.

openvpn settings.png

So basically you did everything but read the official documentation?

 

See here for the most accurate info: https://hub.docker.com/r/linuxserver/openvpn-as

 

Or here: https://github.com/linuxserver/docker-openvpn-as

 

You may have missed the cap add statement.

 

If it still doesn't work after that, check the logs (both the docker log and the log folder under config folder)

Share this post


Link to post
Posted (edited)

@aptalca you are exactly right, I'm guilty of RTFM no doubt. I did try and read it, but it was beyond me.

 

[SOLVED]

I got the regular docker template, and made some changes/additions.

Repository: "linuxserver/openvpn-as:2.6.1-ls11"

Network type: Host

Privileged: ON

and had to add a couple VARIABLES, I think: INTERFACE, and one of the PGID or PUID variables too.

 

Once I muddled through those bits, it came back up. It did take a minute or two. It was tripping over something initially (something about finding an old configuration, and I should run command DELETE), but I didn't do anything, and it came up. I don't see any errors in the logs any longer.

 

Weird that I had to make additions and changes to the template. Last time, it was only a couple changes that @SpaceInvaderOne made in his video. But it's a little old now, 12/2017.

 

v19Qpedm.png

 

Edited by dkerlee

Share this post


Link to post
On 4/6/2019 at 9:46 AM, aptalca said:

Alright ladies and gents, the rewrite for openvpn has been pushed to master and there is a new build on docker hub. You should be able to return to linuxserver/openvpn-as or update to 2.7.3 safely

 

Thank You!  Updating to 2.73 using master repository worked for me after switching Network Type to bridge mode

Share this post


Link to post

I have been messing about for about 5 days trying to get this to work but finally I have it sorted (using bridging only). Because port udp 1194 is already in use on my system I have been mapping to a different external port. But after downloading the ovpn file for the client I was constantly getting the server poll time out.

 

What I have found seems to indicate the connection file you download from the gui only contains the container port for connection. If you are doing a straight 1194:1194 this makes no difference. But if for example you keep 1194 internal and map to say 1200 externally, the file will still contain 1194. If you change the internal port through the gui to match 1200, the file will contain 1200 but I don't think the container actually updates to use that port and remains using 1194.

 

What I did was leave internal port at 1194. Set an alternative external port, say 1200. Download the ovpn file. It will contain 1194 in it. Edit the file changing the 1194 to the 1200. Then import that file into client. It works!!!

Share this post


Link to post

Good afternoon, I launched the container

docker run -d --name='openvpn-as' --net='bridge' -e TZ="Australia/Sydney" -e HOST_OS="Unraid" -e 'PGID'='1000' -e 'PUID'='1000' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/home/user/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'


 Everything worked well.
But when I try to log in to the user, I get an error

Internal Server Error

Sorry, an internal server error has occurred

    CPage error in CLogin/renderHTTP

Retry Login


There is an error in the logs
 

019-04-22T18: 52: 03 + 1000 [twisted.python.log # info] "-" - - [22 / Apr / 2019: 08: 52: 02 +0000] "POST / RPC2 HTTP / 1.0" 200 201 "-" "Twisted / XMLRPClib"
2019-04-22T18: 52: 03 + 1000 [twisted.python.log # info] "-" - - [22 / Apr / 2019: 08: 52: 02 +0000] "POST / RPC2 HTTP / 1.0" 200 8597 "-" "Twisted / XMLRPClib"
2019-04-22T18: 52: 03 + 1000 [stdout # info] [WEB] OUT: "2019-04-22T18: 52: 03 + 1000 [stdout # info] CPage exception in CLogin / renderHTTP: 'hostname': connect / clogin: 147, connect / cpage: 84 (exceptions.KeyError) "
2019-04-22T18: 52: 03 + 1000 [stdout # info] [WEB] OUT: '2019-04-22T18: 52: 03 + 1000 [twisted.python.log # info] "192.168.0.14" - - [ 22 / Apr / 2019: 08: 52: 03 +0000] "GET / HTTP / 1.1" 500 798 "-" "Mozilla / 5.0 (X11; Ubuntu; Linux x86_64; rv: 66.0) Gecko / $ 2

Docker works in a virtual machine

uname -a
Linux debian 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux

df -h 
udev               1,5G            0  1,5G            0% /dev
tmpfs              302M         4,3M  297M            2% /run
/dev/sda1           15G         2,2G   12G           16% /
tmpfs              1,5G            0  1,5G            0% /dev/shm
tmpfs              5,0M            0  5,0M            0% /run/lock
tmpfs              1,5G            0  1,5G            0% /sys/fs/cgroup
tmpfs              302M            0  302M            0% /run/user/0

Unfortunately I could not find information on this error.

Screenshot_20190422_135214.png

Screenshot_20190422_135156.png

Share this post


Link to post

Above scott47 wrote, he managed to log in by changing the address to

https://ip:943?Src=connect

It helped me too.

Share this post


Link to post

So when I am in the webui, I see references to the local container ip addresses. Is this correct? Cause I can't get a network IP when I log in. Gives me the 172 range.

Share this post


Link to post

I know this is a known issue but I have attempted a solution to the problem of accessing dockers over VPN using OpenVPN-as as a docker. I follow these instructions:

 

 

Here is my network settings:

 

1735363579_2019-05-0515_59_00-unraid_NetworkSettings.thumb.png.a63c3cbe68bb16225170f45a582a196a.png

 

Docker settings:

 

1274313979_2019-05-0515_59_48-unraid_DockerSettings.thumb.png.b95938e3aba51e70f822ef0b4c989223.png

 

 

OpenVPN-as network settings:

 

1227190807_2019-05-0516_01_01-AS_unraid.thumb.png.373a7a755ace5bf70a88d7b9750ca3d9.png

 

 

What looks wrong here? I have the secondary NIC to support this as per bonienl instructions but still I am unable to access my docker IP's over VPN. unRAID GUI is fine just no dockers. 

 

Thanks

 

Share this post


Link to post
Posted (edited)

I was hoping to get some help on getting openvpn working.  I follow space invaders newest video and ran into a bunch of errors in the docker web ui.  Has this been addressed?  What should I be doing differently?  I know a bunch of the docker fields and the web ui changed since his video 1 year ago.  Below is the error I get when trying to start the server.

 

I also tried doing a fresh install and deleting the appdata.  Then left everything to defualt but changed it to bridged and privliged.  I cant even compile the docker.  I get this error.

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' --privileged=true -e TZ="America/New_York" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as' 

d027a7aea71006567e8ff9f3ae2c0ff3a1d870cb7b5af4c3672169708221bf26
/usr/bin/docker: Error response from daemon: driver failed programming external connectivity on endpoint openvpn-as (29866595123c0e45cce280fa52df797867e95307dde14bb5bdda1f46dd2c3ade): (iptables failed: iptables --wait -t filter -A DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.4 --dport 9443 -j ACCEPT: iptables: No chain/target/match by that name.
(exit status 1)).

The command failed.

 

https://imgur.com/NaMcd85 and https://imgur.com/IZGFpXY This is the docker creation page for OpenVPN I am talking about.

Here are my network settings.

https://imgur.com/mspL162 https://imgur.com/ftysL1E https://imgur.com/2AloCA9

I am running RC8.

Edited by sittingmongoose
added more detail

Share this post


Link to post
Posted (edited)

here is my findings..

  • It doesn't like using a custom IP with using br0 (refuse to connect when trying to go to webui)
  • Try changing it back to bridge0. Still wont connect. delete docker container and reinstall. still same situation. 
  • Go into terminal and force remove the folder and reinstall. works. follow Spaceinvader One instructions on deleting admin out of as.conf. then i do a force update. (refuse to connect)

this thing is more temperamental then a damn car going to a mechanic.

Edited by demonmaestro

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.