Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1519 posts in this topic Last Reply

Recommended Posts

19 hours ago, eb3k said:

Getting pretty frustrated now. I have been trying to get this to work for about 4 days. I think I have followed all the settings but I'm obviously missing something. I can connect to the WebUI and I've added my users and my duckdns address. I have forwarded port 1194 in my router (both UDP and TCP just in case). But I can't get any of my devices to actually connect to the VPN. In my connection log I'm seeing these two errors:

 

WARNING: --ns-cert-type is DEPRECIATED.  Use --remote-cert-tls instead

TLS Error: cannot locate HMAC in incoming packet from [AF_INET]76.x.x.x:1194

 

Let me know what logs/screen shots needed to to help me trouble shoot this. Thank you in advance.

I assume u downloaded the new cert files after you reinstalled the docker and use those too connect? Or are you trying with the old ones?

Share this post


Link to post
3 hours ago, ProZac said:

I assume u downloaded the new cert files after you reinstalled the docker and use those too connect? Or are you trying with the old ones?

Yes, I download new cert files after each edit I make to the server.

Share this post


Link to post

Hello, I stopped using this docker for awhile because I couldn't do what I wanted to do w/ it, but with all the updates I thought I would crack at it again:

 

Vlan 5 - Main network

Vlan 15 - Docker network for Sabnzbd, Sonarr, Radarr, etc.

 

If i run this container in bridge mode (Vlan 5), I cannot access Vlan 15 because of the macvlan driver (expected behavior)

I cant get the OpenVPN server to start if I run in host, br1.5, br1.15, etc.

 

So how can I run this in bridge mode and be able to access the Vlan15 network? Do I need a static route on my router? (using pfSense)

Share this post


Link to post
6 hours ago, CrimsonTyphoon said:

Hello, I stopped using this docker for awhile because I couldn't do what I wanted to do w/ it, but with all the updates I thought I would crack at it again:

 

Vlan 5 - Main network

Vlan 15 - Docker network for Sabnzbd, Sonarr, Radarr, etc.

 

If i run this container in bridge mode (Vlan 5), I cannot access Vlan 15 because of the macvlan driver (expected behavior)

I cant get the OpenVPN server to start if I run in host, br1.5, br1.15, etc.

 

So how can I run this in bridge mode and be able to access the Vlan15 network? Do I need a static route on my router? (using pfSense)

Docker blocks connection between host and macvlan. Not much you can do about it

Share this post


Link to post

I'm not sure if this belongs here, but otherwise I hope you guys point me somewhere else if I'm wrong here :)

 

What I would like to do, is create a VM on unraid and have a user connect to it via vpn (which works so far). Now I would like the vm to be restricted so it can access the internet, but nothing else on the network, especially not anything on the array or the unraid ui.

My current config is like this:
192.168.1.0/24 (my lan)

192.168.2.0/24 (vpn network)

 

VM runs on my lan and the vpn clinet can connect using the IP (not the name...). Both, client and vm have quite full access to my lan.

I'd like to be able to manage the vm somehow (vnc or something simmilar) once I "locked it out".

 

Share this post


Link to post
12 hours ago, Jaster said:

I'm not sure if this belongs here, but otherwise I hope you guys point me somewhere else if I'm wrong here :)

 

What I would like to do, is create a VM on unraid and have a user connect to it via vpn (which works so far). Now I would like the vm to be restricted so it can access the internet, but nothing else on the network, especially not anything on the array or the unraid ui.

My current config is like this:
192.168.1.0/24 (my lan)

192.168.2.0/24 (vpn network)

 

VM runs on my lan and the vpn clinet can connect using the IP (not the name...). Both, client and vm have quite full access to my lan.

I'd like to be able to manage the vm somehow (vnc or something simmilar) once I "locked it out".

 

Since you run it on a VM, I'm assuming it's a linux VM? If so, you can install CSF/LFD on it and use that to only allow access to your gateway (and WAN).

For those looking into installing OpenVPN on a VM, try this on a minimal debian server VM;

https://github.com/Nyr/openvpn-install

Share this post


Link to post

I got a ddns set up from my asus router and port 1194 forwarded to the servers local ip. i can connect from my mobile on the opevpn -as but cant access the unraid gui or any dockers.  settings are as follows: docker settings, bridged, privileged, host port 3 1194. in the openvpn network settings i entered my hostname and set protocol to udp and port 1194. under vpn settings/routing i added my local subnet 192.168.1.0/24

 

no matter what i else i try it says connection refused on my mobiles browser. ive been struggling with this for days

Share this post


Link to post
On 5/15/2019 at 2:54 PM, sizo said:

tried this again but for some unknown reason this time it works!!

 

Thanks for all the help!

 

Question are you using Host or Bridge as network type?

 

For some reason I can’t access the web GUI for OpenVPN-AS or connect via OpenVPN if it’s set to Bridge, only works for host.

 

Also, using Host and adding my IP 192.168.1.0/24 to router settings my main issue is that I can now connect to my network and access low number ports (192.168.1.xxx:80 for unraid GUI) and even other IP address for VM that I have on my network. What I can’t seem to access or any GUI that are port 7000 or greater (192.168.1.xxx:8989, 192.168.1.xxx:9091 or any other docker container address).

 

any help is appreciated thanks

Share this post


Link to post

So I've got a whole slew of problems and I have no idea whats the issue. I am just going to list everything and see if they are all related or if they are separate issues i need to handle. 

 

Number one.

 

In the docker logs I am getting this 

 

Automatic configuration failed, see /usr/local/openvpn_as/init.log

You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool

 

Not too sure how to run this tool or if I even have to... I got the service to work without doing it but not without issues

 

Second Issue. 

Service is intermittent one second I can connect and the next I can't. Checking my ports it seems that the UDP port is not staying open. If I get connected its fine but if I disconnect it sometimes closes again and I have to fiddle with it to get them open again. Not sure if this is a ISP issue or a issue on my end. I've tested disabling all my firewalls to my router and no change. 

 

Third Issue. 

 

When everything is connected and working I am able to connect to the internet from outside my network through my home internet connection but unable to see any devices on my home network. I tested this at a friends house and I was able to log in and see my IP show up as at home but wasn't able to access my unraid server GUI. I have a basic understanding of networking and tried changing the VPN settings to match my home network but that made no difference. 

 

I have tried almost every combinations of settings to get this docker working but alas it seems like there is something I am missing or something wrong I am just not seeing. 

 

Share this post


Link to post
3 hours ago, Toothpaste said:

So I've got a whole slew of problems and I have no idea whats the issue. I am just going to list everything and see if they are all related or if they are separate issues i need to handle. 

 

Number one.

 

In the docker logs I am getting this 

 

Automatic configuration failed, see /usr/local/openvpn_as/init.log

You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool

 

Not too sure how to run this tool or if I even have to... I got the service to work without doing it but not without issues

 

Second Issue. 

Service is intermittent one second I can connect and the next I can't. Checking my ports it seems that the UDP port is not staying open. If I get connected its fine but if I disconnect it sometimes closes again and I have to fiddle with it to get them open again. Not sure if this is a ISP issue or a issue on my end. I've tested disabling all my firewalls to my router and no change. 

 

Third Issue. 

 

When everything is connected and working I am able to connect to the internet from outside my network through my home internet connection but unable to see any devices on my home network. I tested this at a friends house and I was able to log in and see my IP show up as at home but wasn't able to access my unraid server GUI. I have a basic understanding of networking and tried changing the VPN settings to match my home network but that made no difference. 

 

I have tried almost every combinations of settings to get this docker working but alas it seems like there is something I am missing or something wrong I am just not seeing. 

 

1. Ignore that error. Openvpn tries to start itself via systemd but our image uses s6 instead. We start it later.

 

2. No ideas about intermittent connectivity

 

3. Don't set it to match your lan config, they will clash. Make sure it has different subnets used for the openvpn network (leave those as is). Just add your network's subnet into vpn settings/routing. And make sure routing is set to to nat and the other 2 questions are answered yes.

 

What kind of networking are you using?

Share this post


Link to post
5 hours ago, aptalca said:

1. Ignore that error. Openvpn tries to start itself via systemd but our image uses s6 instead. We start it later.

 

2. No ideas about intermittent connectivity

 

3. Don't set it to match your lan config, they will clash. Make sure it has different subnets used for the openvpn network (leave those as is). Just add your network's subnet into vpn settings/routing. And make sure routing is set to to nat and the other 2 questions are answered yes.

 

What kind of networking are you using?

 

1. sweet I thought I could ignore it but had to check

 

2. It has something to do with how its trying to connect Via UDP, right now I can't get any UDP ports open before something happens and they close.

 

Not sure what kind of networking I am using. I'm using my ISP provided router and that could be why I am experiencing these problems. Lets-encrypt and all the connected services work just fine though.  

Share this post


Link to post
40 minutes ago, Toothpaste said:

 

1. sweet I thought I could ignore it but had to check

 

2. It has something to do with how its trying to connect Via UDP, right now I can't get any UDP ports open before something happens and they close.

 

Not sure what kind of networking I am using. I'm using my ISP provided router and that could be why I am experiencing these problems. Lets-encrypt and all the connected services work just fine though.  

Post a screenshot of your container settings. Your networking is selected in there

Share this post


Link to post

I still cant get things working. openvpn connects but browser window shows error connection refused whenever i try to assess unraid gui or any docker

Share this post


Link to post
1 hour ago, aptalca said:

Post a screenshot of your container settings. Your networking is selected in there

Ah its on bridge mode. I set it up based off of the read me everything is exactly how it should be set up, except I've changed some ports around a few times to see if that port was just being blocked by my isp. 

Share this post


Link to post
17 hours ago, Critica1Err0r said:

I still cant get things working. openvpn connects but browser window shows error connection refused whenever i try to assess unraid gui or any docker

From your last post it seems you did what is needed, as I did exactly the same thing and it worked. Might be some configuration error somewhere, are you sure the 192.168.1.0/24 is correct? As you can connect to the VPN the main configuration should be ok.

Share this post


Link to post

I have setup this with spaceinvaders video and some other tips but I can't figure out how to download the premade openvpn connect client. It should appear when you login to the webui but I can't find it in 2.7.4

Share this post


Link to post
1 hour ago, FlyGuy94 said:

I have setup this with spaceinvaders video and some other tips but I can't figure out how to download the premade openvpn connect client. It should appear when you login to the webui but I can't find it in 2.7.4

Huh, the client isn't included in the image.  Have you searched for the appropriate client you require on the internet?

 

Or are you referring to the client configs?  In which case post the exact URL you're using to try and find them.

Share this post


Link to post
37 minutes ago, CHBMB said:

Huh, the client isn't included in the image.  Have you searched for the appropriate client you require on the internet?

 

Or are you referring to the client configs?  In which case post the exact URL you're using to try and find them.

Nevermind I had to connect from outside the lan to prompt me to install the client. Now I can connect but I have another problem because I had to change it to bridged to work my ip is now not in my lan range. How do you fix that?

Share this post


Link to post
On 6/2/2019 at 6:14 PM, FlyGuy94 said:

I have setup this with spaceinvaders video and some other tips but I can't figure out how to download the premade openvpn connect client. It should appear when you login to the webui but I can't find it in 2.7.4

i had the same issue, if you set up a user say James... then when you login to the webpage, instead of 192.YOUR.IP.HERE/admin you need to change to 192.YOUR.IP.HERE/james

 

Then you can download the OVPN from there.

Share this post


Link to post
Posted (edited)

Ok, so managed to get as far as OpenVPN client attempting to connect, but failing. I get this error:

WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

I did see a post earlier which referred me to another page but to be honest it was already a step too far. Anyone able to explain in a nutshell what the issue is?

I can confirm that the openvpn connection is hitting (or at least showing the correct internal docker and port that i set up i.e. 172.X.X.X:1194 so my NOIP docker is working. Pastebin doesn't allow me to connect in my country unfortunately, and i am not sure what to send and what not to (sensitivities).

 

Appreciate any pointers... The status even shows me as a current user with my real IP address (where I am typing from), so some how it's going through, but not properly.

thx

 

 

p.s. Network is set to Bridge / Privileged, default ports. Server 2.7.4

Edited by baldfox
added network details

Share this post


Link to post
Posted (edited)
15 hours ago, baldfox said:

Ok, so managed to get as far as OpenVPN client attempting to connect, but failing. I get this error:

WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

I did see a post earlier which referred me to another page but to be honest it was already a step too far. Anyone able to explain in a nutshell what the issue is?

I can confirm that the openvpn connection is hitting (or at least showing the correct internal docker and port that i set up i.e. 172.X.X.X:1194 so my NOIP docker is working. Pastebin doesn't allow me to connect in my country unfortunately, and i am not sure what to send and what not to (sensitivities).

 

Appreciate any pointers... The status even shows me as a current user with my real IP address (where I am typing from), so some how it's going through, but not properly.

thx

 

 

p.s. Network is set to Bridge / Privileged, default ports. Server 2.7.4

Actually am not sure what I did or if anything changed, but now it connects without issue. I can complete the connection. The only thing I need to do now is change something so that I am able to visit the 192.168.X.X range of IP addresses, as it looks like I can't access them. I am connecting to 172.X.X.X which is the internal address of my docker container. Any ideas?

 

InkedInkedinitial vpn settings_LI2.jpg

Edited by baldfox
added a picture.

Share this post


Link to post
15 hours ago, baldfox said:

Actually am not sure what I did or if anything changed, but now it connects without issue. I can complete the connection. The only thing I need to do now is change something so that I am able to visit the 192.168.X.X range of IP addresses, as it looks like I can't access them. I am connecting to 172.X.X.X which is the internal address of my docker container. Any ideas?

 

InkedInkedinitial vpn settings_LI2.jpg

This is talked about alot in the last two pages, you just need to add your subnet in the routing list. It's just below the image you posted. If you run 192.168.0.x ip's just add the subnet 192.168.0.0/24.

Share this post


Link to post
20 minutes ago, ProZac said:

This is talked about alot in the last two pages, you just need to add your subnet in the routing list. It's just below the image you posted. If you run 192.168.0.x ip's just add the subnet 192.168.0.0/24.

Thanks Prozac. The bigger issue i have now is that I cannot even connect to the webpage GUI of the docker, as I inadvertently copied over the wrong fields. i.e. where I've indicated on the diagram. I need to somehow manually amend a conf or something to try and get back into it. I kept a copy of the original entries, but now need to find a way to restore them.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.