[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

1 minute ago, baldfox said:

Got it. As I am typing this, i just successfully managed to login with the openvpn plugin. Worked relatively quickly. Will sort this when I get a chance. 

Thanks again for your help.

Sounds awsome :) A side note, when you are done and the docker works as planned, take a backup. So if you in the future mess things up or an update crashes anything, you can revert back ;) 

Link to comment

Hey Everybody,

 

I'm hit with these problems as well after upgrading to 6.7. Using the instructions here I got the connection to work again, however I'm using a layer 2 link to connect directly to my local subnet so I can use Bonjour and all that. Now when I connect the connection is successful but I get a random IP address outside of my subnet instead a DHCP-assigned ip on my 10.0.0.0/24 subnet. I'm guessing switching from host to bridge is preventing docker from talking to my network including the DHCP server? I'm not 100% sure what's happening.

 

Am I basically out of luck here? Or is there way to maintain compatibility with layer 2 connections? 

Edited by aartr
Link to comment
21 hours ago, CHBMB said:

But that shows it running? Can you not get to the webui.

Sent from my Mi A1 using Tapatalk
 

Ah yes it's working now, I guess I tried it while it was still loading up.

 

I just realise that it's limited for 2 connections? I remember it was totally free and open source?

Link to comment
1 hour ago, uldise said:

this was the reason i switched to pfsense with openvpn in it..

Yeah, but it's good to have a backup, in case you can't connect to one for some reason.

 

I have my pfsense one with udp on the standard port, the container on unraid that is tcp stream proxied by letsencrypt on port 80 and wireguard on an rpi3.

 

Some public wifi block all outgoing udp connections and tcp over non-http/s so the port 80 one saved my a$$ quite a few times

Edited by aptalca
Link to comment

How do we connect to the docker from iOS OpenVPN Connect app? I selected Access Server and put in the details but it isnt working. Edit: needed to provide 9443 in port field.

 

Edit 2: why is it connecting to my docker internal ip 172.17.x.x:1194?

Edited by CyberMew
help required
Link to comment
7 hours ago, CyberMew said:

How do we connect to the docker from iOS OpenVPN Connect app? I selected Access Server and put in the details but it isnt working. Edit: needed to provide 9443 in port field.

 

Edit 2: why is it connecting to my docker internal ip 172.17.x.x:1194?

Provide more clarification

Link to comment

I'm so confused on the docker network mapping stuff, when I try to connect to the AS from an external client the client is trying to connect to the docker network IP which is 172.12.0.5 which obviously won't resolve on a completely different private network behind another internet connection. Shouldn't the config be attempting to connect to my public IP? What is the 'fix' for this? The container is setup with all of the most recent defaults.

Link to comment
11 minutes ago, dajinn said:

I'm so confused on the docker network mapping stuff, when I try to connect to the AS from an external client the client is trying to connect to the docker network IP which is

172.12.0.5

which obviously won't resolve on a completely different private network behind another internet connection. Shouldn't the config be attempting to connect to my public IP? What is the 'fix' for this? The container is setup with all of the most recent defaults.

 

This has been gone over several times in the last few pages. You need to add your subnet in the settings page under routing :)

 

Link to comment
1 hour ago, ProZac said:

This has been gone over several times in the last few pages. You need to add your subnet in the settings page under routing :)

 

I believe you misunderstood, the issue was not with routing. I probably left some keywords out.

 

I resolved my issue by changing the hostname of my vpn server in the Access Server settings from the bridge network to my public IP. I felt like this was an obvious thing but for some reason was thinking that however it came configured out of the box was just 'how it was supposed to be'. But alas after making the change my third party clients are able to connect to the VPN. 

 

Dank.

Link to comment
18 hours ago, CyberMew said:

How do we connect to the docker from iOS OpenVPN Connect app? I selected Access Server and put in the details but it isnt working. Edit: needed to provide 9443 in port field.

 

Edit 2: why is it connecting to my docker internal ip 172.17.x.x:1194?

Go into your Access Server settings and change the hostname from the docker IP to your public IP/hostname.

  • Like 1
Link to comment
6 hours ago, dajinn said:

Go into your Access Server settings and change the hostname from the docker IP to your public IP/hostname.

Thanks! Working fine, able to connect now! Now I just need to find out why my new nonadmin users don't have a cert (client cert revoked) and fix it.. edit: worked by itself after a while. all good

Edited by CyberMew
Link to comment
On 6/7/2019 at 4:26 AM, dajinn said:

Go into your Access Server settings and change the hostname from the docker IP to your public IP/hostname.

I thought I had the answer with this as well but this is not working for me. I have my Dynamic DNS hostname in place which I use for other services so I know it's resolving properly. However, when I try to connect from my phone I see it trying to connect to the Docker Containers IP address which is 172.12.0.5. I should mention that the Open Port Checker at https://www.yougetsignal.com/tools/open-ports/ shows that 9443 is open. So I know it's got to be an issue with the app config. Here are a few screen grabs of my network config for OpenVPN-AS. I temporarily masked my Dynamic DNS address for the grab.

 

image.thumb.png.361de57586ea050eb4eb06aa8852be43.png

 

image.thumb.png.1426f071c45e6be698a1cdf0a13a7da2.png

 

Here is the log file from the OpenVPN client app on my iPhone where I have the Dynamic DNS address set as the hostname and port 9443 as the port:

2019-07-09 07:07:47 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2019-07-09 07:07:47 Frame=512/2048/512 mssfix-ctrl=1250

2019-07-09 07:07:47 UNUSED OPTIONS
11 [sndbuf] [0] 
12 [rcvbuf] [0] 
15 [verb] [3] 
24 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 
25 [CLI_PREF_BASIC_CLIENT] [False] 
26 [CLI_PREF_ENABLE_CONNECT] [True] 
27 [CLI_PREF_ENABLE_XD_PROXY] [True] 
28 [WSHOST] [172.17.0.5:9443] 
29 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- [Certificate Masked]...] 
30 [IS_OPENVPN_WEB_CA] [1] 
31 [ORGANIZATION] [OpenVPN Inc] 

2019-07-09 07:07:47 EVENT: RESOLVE

2019-07-09 07:07:47 Contacting [172.17.0.5]:9443/TCP via TCP

2019-07-09 07:07:47 EVENT: WAIT

2019-07-09 07:07:58 Server poll timeout, trying next remote entry...

2019-07-09 07:07:58 EVENT: RECONNECTING

2019-07-09 07:07:58 EVENT: RESOLVE

2019-07-09 07:07:58 Contacting [172.17.0.5]:9443/TCP via TCP

2019-07-09 07:07:58 EVENT: WAIT

2019-08-09 07:08:09 Server poll timeout, trying next remote entry...

2019-08-09 07:08:09 EVENT: RECONNECTING

2019-08-09 07:08:09 EVENT: RESOLVE

2019-08-09 07:08:09 Contacting [172.17.0.5]:9443/TCP via TCP

2019-08-09 07:08:09 EVENT: WAIT

2019-08-09 07:08:19 EVENT: CONNECTION_TIMEOUT [ERR]

2019-08-09 07:08:19 Raw stats on disconnect:
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 2

2019-08-09 07:08:19 Performance stats on disconnect:
  CPU usage (microseconds): 49938
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

2019-08-09 07:08:19 EVENT: DISCONNECTED

2019-08-09 07:08:19 Raw stats on disconnect:
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 2

2019-08-09 07:08:19 Performance stats on disconnect:
  CPU usage (microseconds): 51440
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

Any assistance is greatly appreciated.

Link to comment
3 hours ago, Riotz said:

I thought I had the answer with this as well but this is not working for me. I have my Dynamic DNS hostname in place which I use for other services so I know it's resolving properly. However, when I try to connect from my phone I see it trying to connect to the Docker Containers IP address which is 172.12.0.5. I should mention that the Open Port Checker at https://www.yougetsignal.com/tools/open-ports/ shows that 9443 is open. So I know it's got to be an issue with the app config. Here are a few screen grabs of my network config for OpenVPN-AS. I temporarily masked my Dynamic DNS address for the grab.

 

image.thumb.png.361de57586ea050eb4eb06aa8852be43.png

 

image.thumb.png.1426f071c45e6be698a1cdf0a13a7da2.png

 

Here is the log file from the OpenVPN client app on my iPhone where I have the Dynamic DNS address set as the hostname and port 9443 as the port:


2019-07-09 07:07:47 ----- OpenVPN Start -----
OpenVPN core 3.2 ios arm64 64-bit PT_PROXY built on Oct  3 2018 06:35:04

2019-07-09 07:07:47 Frame=512/2048/512 mssfix-ctrl=1250

2019-07-09 07:07:47 UNUSED OPTIONS
11 [sndbuf] [0] 
12 [rcvbuf] [0] 
15 [verb] [3] 
24 [CLI_PREF_ALLOW_WEB_IMPORT] [True] 
25 [CLI_PREF_BASIC_CLIENT] [False] 
26 [CLI_PREF_ENABLE_CONNECT] [True] 
27 [CLI_PREF_ENABLE_XD_PROXY] [True] 
28 [WSHOST] [172.17.0.5:9443] 
29 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- [Certificate Masked]...] 
30 [IS_OPENVPN_WEB_CA] [1] 
31 [ORGANIZATION] [OpenVPN Inc] 

2019-07-09 07:07:47 EVENT: RESOLVE

2019-07-09 07:07:47 Contacting [172.17.0.5]:9443/TCP via TCP

2019-07-09 07:07:47 EVENT: WAIT

2019-07-09 07:07:58 Server poll timeout, trying next remote entry...

2019-07-09 07:07:58 EVENT: RECONNECTING

2019-07-09 07:07:58 EVENT: RESOLVE

2019-07-09 07:07:58 Contacting [172.17.0.5]:9443/TCP via TCP

2019-07-09 07:07:58 EVENT: WAIT

2019-08-09 07:08:09 Server poll timeout, trying next remote entry...

2019-08-09 07:08:09 EVENT: RECONNECTING

2019-08-09 07:08:09 EVENT: RESOLVE

2019-08-09 07:08:09 Contacting [172.17.0.5]:9443/TCP via TCP

2019-08-09 07:08:09 EVENT: WAIT

2019-08-09 07:08:19 EVENT: CONNECTION_TIMEOUT [ERR]

2019-08-09 07:08:19 Raw stats on disconnect:
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 2

2019-08-09 07:08:19 Performance stats on disconnect:
  CPU usage (microseconds): 49938
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

2019-08-09 07:08:19 EVENT: DISCONNECTED

2019-08-09 07:08:19 Raw stats on disconnect:
  CONNECTION_TIMEOUT : 1
  N_RECONNECT : 2

2019-08-09 07:08:19 Performance stats on disconnect:
  CPU usage (microseconds): 51440
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

Any assistance is greatly appreciated.

Download a new client config. Your current config was generated before you fixed the hostname on your server.

Link to comment

Hi guys, 

looking for some advice I am on the latest version of Unraid using PFSENSE VM as my firewall/router. 

 

When I install the openvpn-as non of the options i select allows me to connect to the openVPN management gui

Has anyone else got this setup working and have the time to point me in the right direction 

 

Thanks 

 

Ant 

Link to comment
13 hours ago, jonathanm said:

Why are you trying to use the OpenVPN AS docker? Pfsense has OpenVPN functionality pretty much out of the box.

Hi yeah, after playing around i figured out I can configure OpenVPn directly onto the PFsense VM :) 

It's almost ready just have a few issues still 

 

1 - once i connect via openvpn I am unable to reach my internal subnet of 192.168.1.0/24 not sure why the automatic NAT rules are failing 

Link to comment
2 hours ago, antohind said:

Hi yeah, after playing around i figured out I can configure OpenVPn directly onto the PFsense VM :) 

It's almost ready just have a few issues still 

 

1 - once i connect via openvpn I am unable to reach my internal subnet of 192.168.1.0/24 not sure why the automatic NAT rules are failing 

Not to sound like a brokren record, but did you add your subnet in the routing info in the server, as the new ovpn spits out an ip in the subnet of the docker as default.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.