[Support] Linuxserver.io - OpenVPN AS


1906 posts in this topic Last Reply

Recommended Posts

After deleting openvpn-as from appdata and reinstall it seems to work,

but i can't seems to configure it so i can connect remotely,

 

anyone got a good new guide? with the new settings?

 

seems like MTU problem?

2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 TCP connection established with [AF_INET]ip.ip.ip.ip:63189'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 Socket flags: TCP_NODELAY=1 succeeded'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 Connection reset, restarting [0]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 SIGUSR1[soft,connection-reset] received, client-instance restarting'

Update: Upgrading the client fix the issue with TCP connections but UDP still didn't work.

 

How you guys protect your VPN server?

 

Edited by syniex
Link to post
  • Replies 1.9k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I have made un updated video guide for setting up this great container. It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cel

PSA. It seems openvpn pushed another broken bin, tagged 2.7.3 I get the same error with it as I did with the previously pulled 2.7.2   While they/us try to figure it out, you can change

Ok, I used to be able to connect to Host network with this before the update....that allowed me to be assigned an IP on my WiFi subnet, which then allowed me to access the UnRAID GUI interface.  

Posted Images

2 hours ago, syniex said:

After deleting openvpn-as from appdata and reinstall it seems to work,

but i can't seems to configure it so i can connect remotely,

 

anyone got a good new guide? with the new settings?

 

seems like MTU problem?

 


2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 TCP connection established with [AF_INET]ip.ip.ip.ip:63189'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 Socket flags: TCP_NODELAY=1 succeeded'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 Connection reset, restarting [0]'
2019-05-12T18:00:27+0300 [stdout#info] [OVPN 0] OUT: 'Sun May 12 18:00:27 2019 ip.ip.ip.ip:63189 SIGUSR1[soft,connection-reset] received, client-instance restarting'

 

Check your mtu settings on your router

Link to post
1 minute ago, aptalca said:

Check your mtu settings on your router

while you were replaying i updated my message :)

it was solved by upgrading the client itself (UDP still doesn't work)

 

but i am wondering how to protect the vpn more,

it seems the client web has to be enabled (without it i can't connect)

Link to post
5 hours ago, syniex said:

while you were replaying i updated my message :)

it was solved by upgrading the client itself (UDP still doesn't work)

 

but i am wondering how to protect the vpn more,

it seems the client web has to be enabled (without it i can't connect)

The webserver is published in two ways:

1. Through the admin gui port (defined in container settings)

2. On the tcp and udp connection ports.

 

You should disable the second one in the openvpn-as gui. And do not make the 943 port available on the internet. That way the gui will only be available on lan

Link to post

After upgrade to unRAID 6.7 I get an error when starting OpenVPN service.

 

When I log on OpenVPN AS the service is stoppen, and when I try to start it again I get following error:

 

service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 153', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

 

Link to post
2 hours ago, thostr said:

After upgrade to unRAID 6.7 I get an error when starting OpenVPN service.

 

When I log on OpenVPN AS the service is stoppen, and when I try to start it again I get following error:

 


service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 153', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:133,sagent/ipts:50,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

 

Read through the last few posts prior to yours and you will be up and running again in no time.

Link to post

i got problems with the openvpn-as since i upgradet to 6.7
I was on network host.

It works all fine since update.

I read that i have to change to bridge.

Than the openvpn Server startes normal.

The think is i cant connect anymore to my vpn.

i using port tcp 8080
Portforworting works.

i just got the messing:  Transport Error: TCP connect error on "mydomain.de:8080" ([myhomeipadress]:8080/tcp): System/Connection refused

 

i just test my old linux vm with openvpn.

There it works normal.

sad that the docker dont work anymore for me..

Edited by redQs
Link to post

I've been keeping an eye on this thread since the updates but I can't seem to find an answer for my issue. For some reason openvpn keeps pulling the docker ip address range through on eth0 (172.x.x.x) when I'm using a 192.168.1.x range. When I connect via the openvpn app on my mobile I'm dished out a 172.x.x.x address. I can use a static 192.168.1.x address via vpn settings on the openvpn web GUI, which is then used in the openvpn app on my mobile, but I can't access the unraid GUI or sabnzbz/sonarr/radarr.

 

All worked perfectly before the later releases but I'm stumped! Any help would be much appreciated.

 

Thanks!

 

Update

If i amend the Dynamic IP Address Network from 172.x.x.x to 192.168.1.0/24 I can't connect back to the openvpn webgui but i do get a 192.168.1.x address in the mobile app. However I still cant connect to the unraid GUI or any services (all on the same 192.168.1.x subnet).658788031_Annotation2019-05-14163422.thumb.png.ef4df941c0979205d72e9b0ac11c5ff4.png

Edited by sizo
update
Link to post

@sizo try what @Stupifier mentioned above.

 

 

"Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)"

Link to post
26 minutes ago, dkerlee said:

@sizo try what @Stupifier mentioned above.

 

 

"Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)"

I can confirm this worked.

Good Job.

Link to post

I had the same issue as everyone else. I originally set it up using spaceinvader one's video as a guide.

 

I deleted everything to start over fresh. I made sure it was set to bridge and didn't set an interface variable. Now that I'm inside, I'm stuck on what to do about the "Accepting VPN client connections on IP address:". I had bond0 when I first set this up. That is no longer an option. It's between "Listen on all interfaces" or eth0? Which should I choose?

 

***EDIT: I chose eth0 and everything seems to be working now! Still don't know if that was correct but it works.

Edited by ramblinreck47
Link to post
23 hours ago, dkerlee said:

@sizo try what @Stupifier mentioned above.

 

 

"Update:
Figured out how to access UnRAID GUI. Did NOT figure out how to be assigned a local address on my primary WiFi subnet though.

In Admin Page ----> VPN Settings go to Routing section and add a line for the subnet you want your clients to have access to (for example, I added 192.168.1.0/24 which is my primary WiFi subnet and where I can access my UnRAID GUI locally)"

tried this again but for some unknown reason this time it works!!

 

Thanks for all the help!

Link to post

Having a weird issue with openvpn.  It works perfectly on my iphone over my work WiFi and cellular.  And it works on my desktop(not the same network as the server, server is located remotely) on my LAN, as well as my GFs laptop which is on our WiFi.

 

It won’t work on my iPad and iPhone when they are connected to my WiFi though.  Even though the laptops works over the same WiFi and my iPad and iphone work over other networks.

 

Any ideas?  Not using a custom dns on those devices.

Link to post

Does anyone have any experience setting up ios on demand profiles?  I have my Openvpn-AS up and running, working as expected.  I can connect via my ios clients.  I now want to set up the on demand profile so that the VPN connects when I hit an unsecured network or a couple specifid wifi networks, and disconnect from the VPN whenever connected to my home wifi networks.

Link to post

Hey guys, after that last update the server won't start with that error appearing:

 

service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 148', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

What's wrong? How can I fix it?

Link to post
2 hours ago, Jaster said:

Hey guys, after that last update the server won't start with that error appearing:

 


service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 148', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

What's wrong? How can I fix it?

Read the last couple pages

Link to post
On 5/12/2019 at 5:46 AM, dkerlee said:

@aptalca thank you very much! Almost got it working - I would like to mention that the README.md (github link) wasn't specific enough for me to follow. I'm sorry! I'm not the sharpest tool in the shed for sure. I need more concise instructions for unRaid. The Spaceinvader video is great, but it's got old info now. But thank you thank you again for all your work here - and answering the same questions again and again. I'm definitely guilty of that! I donated $5 to you guys.

 

1. use bridge networking

2. don't set interface variable (like Spaceinvaderone video)

3. make sure correct ports are forwarded and mapped

4. add the cap-add statement

 

looks like the cap_add statement is already in the command

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' --log-opt max-size='20m' --log-opt max-file='1' --privileged=true -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as'

 

 

Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container.

 

Link to post
2 hours ago, Jaster said:

 

Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container.

 

Hey, 

 

Try to remove the docker container and remove the openvpnas folder under appdata. Then use the stettings from @dkerlee to set it up again. 

Link to post
5 hours ago, Jaster said:

 

Did it, but nothing changed. Keep getting the same error while trying to start the server inside the container.

 

Post a screenshot of your container settings

Link to post

Getting pretty frustrated now. I have been trying to get this to work for about 4 days. I think I have followed all the settings but I'm obviously missing something. I can connect to the WebUI and I've added my users and my duckdns address. I have forwarded port 1194 in my router (both UDP and TCP just in case). But I can't get any of my devices to actually connect to the VPN. In my connection log I'm seeing these two errors:

 

WARNING: --ns-cert-type is DEPRECIATED.  Use --remote-cert-tls instead

TLS Error: cannot locate HMAC in incoming packet from [AF_INET]76.x.x.x:1194

 

Let me know what logs/screen shots needed to to help me trouble shoot this. Thank you in advance.

Link to post
19 hours ago, eb3k said:

Getting pretty frustrated now. I have been trying to get this to work for about 4 days. I think I have followed all the settings but I'm obviously missing something. I can connect to the WebUI and I've added my users and my duckdns address. I have forwarded port 1194 in my router (both UDP and TCP just in case). But I can't get any of my devices to actually connect to the VPN. In my connection log I'm seeing these two errors:

 

WARNING: --ns-cert-type is DEPRECIATED.  Use --remote-cert-tls instead

TLS Error: cannot locate HMAC in incoming packet from [AF_INET]76.x.x.x:1194

 

Let me know what logs/screen shots needed to to help me trouble shoot this. Thank you in advance.

I assume u downloaded the new cert files after you reinstalled the docker and use those too connect? Or are you trying with the old ones?

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.