Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1371 posts in this topic Last Reply

Recommended Posts

Posted (edited)
8 hours ago, aptalca said:

Guys, it's all in the official readme on GitHub and docker hub.

 

Use bridge networking, don't set the interface variable, make sure your port mapping is correct (@syniex yours is not) and add the cap-add statement.

 

The unraid template was updated a long time ago but you may have to update it manually for existing setups. Or, you can remove the container (keep the appdata config folder) and recreate from a fresh new template from the community apps with the same appdata folder.

 

7 hours ago, dkerlee said:

@aptalca thank you very much! Almost got it working - I would like to mention that the README.md (github link) wasn't specific enough for me to follow. I'm sorry! I'm not the sharpest tool in the shed for sure. I need more concise instructions for unRaid. The Spaceinvader video is great, but it's got old info now. But thank you thank you again for all your work here - and answering the same questions again and again. I'm definitely guilty of that! I donated $5 to you guys.

 

1. use bridge networking

2. don't set interface variable (like Spaceinvaderone video)

3. make sure correct ports are forwarded and mapped

4. add the cap-add statement

 

looks like the cap_add statement is already in the command

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' --log-opt max-size='20m' --log-opt max-file='1' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'

 

Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.

 

NOW, instructions make us connect to Bridge network......so how do we access the UnRAID GUI interface if we are on the bridge network? OpenVPN dished me out a 172.27.xxx.xxx address (docker subnet).

 

Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)

Edited by Stupifier
  • Like 2
  • Upvote 1

Share this post


Link to post
Posted (edited)

After deleting openvpn-as from appdata and reinstall it seems to work,

but i can't seems to configure it so i can connect remotely,

 

anyone got a good new guide? with the new settings?

 

seems like MTU problem?

2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 TCP connection established with [AF_INET]ip.ip.ip.ip:63189'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 Socket flags: TCP_NODELAY=1 succeeded'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 Connection reset, restarting [0]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 SIGUSR1[soft,connection-reset] received, client-instance restarting'

Update: Upgrading the client fix the issue with TCP connections but UDP still didn't work.

 

How you guys protect your VPN server?

 

Edited by syniex

Share this post


Link to post
2 hours ago, syniex said:

After deleting openvpn-as from appdata and reinstall it seems to work,

but i can't seems to configure it so i can connect remotely,

 

anyone got a good new guide? with the new settings?

 

seems like MTU problem?

 


2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 TCP connection established with [AF_INET]ip.ip.ip.ip:63189'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 Socket flags: TCP_NODELAY=1 succeeded'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 Connection reset, restarting [0]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 SIGUSR1[soft,connection-reset] received, client-instance restarting'

 

Check your mtu settings on your router

Share this post


Link to post
1 minute ago, aptalca said:

Check your mtu settings on your router

while you were replaying i updated my message :)

it was solved by upgrading the client itself (UDP still doesn't work)

 

but i am wondering how to protect the vpn more,

it seems the client web has to be enabled (without it i can't connect)

Share this post


Link to post
5 hours ago, syniex said:

while you were replaying i updated my message :)

it was solved by upgrading the client itself (UDP still doesn't work)

 

but i am wondering how to protect the vpn more,

it seems the client web has to be enabled (without it i can't connect)

The webserver is published in two ways:

1. Through the admin gui port (defined in container settings)

2. On the tcp and udp connection ports.

 

You should disable the second one in the openvpn-as gui. And do not make the 943 port available on the internet. That way the gui will only be available on lan

Share this post


Link to post

After upgrade to unRAID 6.7 I get an error when starting OpenVPN service.

 

When I log on OpenVPN AS the service is stoppen, and when I try to start it again I get following error:

 

service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 153', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

 

Share this post


Link to post
2 hours ago, thostr said:

After upgrade to unRAID 6.7 I get an error when starting OpenVPN service.

 

When I log on OpenVPN AS the service is stoppen, and when I try to start it again I get following error:

 


service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 153', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

 

Read through the last few posts prior to yours and you will be up and running again in no time.

  • Like 1
  • Upvote 1

Share this post


Link to post
Posted (edited)

i got problems with the openvpn-as since i upgradet to 6.7
I was on network host.

It works all fine since update.

I read that i have to change to bridge.

Than the openvpn Server startes normal.

The think is i cant connect anymore to my vpn.

i using port tcp 8080
Portforworting works.

i just got the messing:  Transport Error: TCP connect error on "mydomain.de:8080" ([myhomeipadress]:8080/tcp): System/Connection refused

 

i just test my old linux vm with openvpn.

There it works normal.

sad that the docker dont work anymore for me..

Edited by redQs

Share this post


Link to post
Posted (edited)

I've been keeping an eye on this thread since the updates but I can't seem to find an answer for my issue. For some reason openvpn keeps pulling the docker ip address range through on eth0 (172.x.x.x) when I'm using a 192.168.1.x range. When I connect via the openvpn app on my mobile I'm dished out a 172.x.x.x address. I can use a static 192.168.1.x address via vpn settings on the openvpn web GUI, which is then used in the openvpn app on my mobile, but I can't access the unraid GUI or sabnzbz/sonarr/radarr.

 

All worked perfectly before the later releases but I'm stumped! Any help would be much appreciated.

 

Thanks!

 

Update

If i amend the Dynamic IP Address Network from 172.x.x.x to 192.168.1.0/24 I can't connect back to the openvpn webgui but i do get a 192.168.1.x address in the mobile app. However I still cant connect to the unraid GUI or any services (all on the same 192.168.1.x subnet).658788031_Annotation2019-05-14163422.thumb.png.ef4df941c0979205d72e9b0ac11c5ff4.png

Edited by sizo
update

Share this post


Link to post

@sizo try what @Stupifier mentioned above.

 

 

"Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)"

Share this post


Link to post
26 minutes ago, dkerlee said:

@sizo try what @Stupifier mentioned above.

 

 

"Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)"

I can confirm this worked.

Good Job.

Share this post


Link to post
6 hours ago, JWMutant said:

I can confirm this worked.

Good Job.

Glad I could help.......It was frustrating me too.

Share this post


Link to post
Posted (edited)

I had the same issue as everyone else. I originally set it up using spaceinvader one's video as a guide.

 

I deleted everything to start over fresh. I made sure it was set to bridge and didn't set an interface variable. Now that I'm inside, I'm stuck on what to do about the "Accepting VPN client connections on IP address:". I had bond0 when I first set this up. That is no longer an option. It's between "Listen on all interfaces" or eth0? Which should I choose?

 

***EDIT: I chose eth0 and everything seems to be working now! Still don't know if that was correct but it works.

Edited by ramblinreck47

Share this post


Link to post
23 hours ago, dkerlee said:

@sizo try what @Stupifier mentioned above.

 

 

"Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)"

tried this again but for some unknown reason this time it works!!

 

Thanks for all the help!

Share this post


Link to post

Having a weird issue with openvpn.  It works perfectly on my iphone over my work WiFi and cellular.  And it works on my desktop(not the same network as the server, server is located remotely) on my LAN, as well as my GFs laptop which is on our WiFi.

 

It won’t work on my iPad and iPhone when they are connected to my WiFi though.  Even though the laptops works over the same WiFi and my iPad and iphone work over other networks.

 

Any ideas?  Not using a custom dns on those devices.

Share this post


Link to post

Does anyone have any experience setting up ios on demand profiles?  I have my Openvpn-AS up and running, working as expected.  I can connect via my ios clients.  I now want to set up the on demand profile so that the VPN connects when I hit an unsecured network or a couple specifid wifi networks, and disconnect from the VPN whenever connected to my home wifi networks.

Share this post


Link to post

Hey guys, after that last update the server won't start with that error appearing:

 

service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 148', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

What's wrong? How can I fix it?

Share this post


Link to post
2 hours ago, Jaster said:

Hey guys, after that last update the server won't start with that error appearing:

 


service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 148', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

What's wrong? How can I fix it?

Read the last couple pages

Share this post


Link to post
On 5/12/2019 at 5:46 AM, dkerlee said:

@aptalca thank you very much! Almost got it working - I would like to mention that the README.md (github link) wasn't specific enough for me to follow. I'm sorry! I'm not the sharpest tool in the shed for sure. I need more concise instructions for unRaid. The Spaceinvader video is great, but it's got old info now. But thank you thank you again for all your work here - and answering the same questions again and again. I'm definitely guilty of that! I donated $5 to you guys.

 

1. use bridge networking

2. don't set interface variable (like Spaceinvaderone video)

3. make sure correct ports are forwarded and mapped

4. add the cap-add statement

 

looks like the cap_add statement is already in the command

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' --log-opt max-size='20m' --log-opt max-file='1' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'

 

 

Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container.

 

Share this post


Link to post
2 hours ago, Jaster said:

 

Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container.

 

Hey, 

 

Try to remove the docker container and remove the openvpnas folder under appdata. Then use the stettings from @dkerlee to set it up again. 

Share this post


Link to post
5 hours ago, Jaster said:

 

Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container.

 

Post a screenshot of your container settings

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.