Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1603 posts in this topic Last Reply

Recommended Posts

1 hour ago, boragthung said:

To get to the user (non-admin) interface you need to use this address:

https://unraidipaddress:943/?src=connect

I would then bookmark this.

Or just open the gui from docker page, then change out /admin for /client in the adr bar :)

Share this post


Link to post
5 hours ago, boragthung said:

To get to the user (non-admin) interface you need to use this address:

https://unraidipaddress:943/?src=connect

I would then bookmark this.

Just the naked domain will suffice, without /admin at the end

 

This is all in official openvpn-as documentation by the way

Share this post


Link to post

I have made un updated video guide for setting up this great container.

It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cell phone - Android and IOS.

Hope this guide helps people new to this setting up OpenVPN :)

 

 

Share this post


Link to post
2 hours ago, SpaceInvaderOne said:

I have made un updated video guide for setting up this great container.

It covers setting up the container, port forwarding and setting up clients on Windows, macOS Linux (ubuntu Mate) and on cell phone - Android and IOS.

Hope this guide helps people new to this setting up OpenVPN :)

 

 

Wow great work as always @SpaceInvaderOne :D

Share this post


Link to post

@SpaceInvaderOne Thank you for the updated Tutorial

 

But how would one solve the following problem: I need to route the openVPN traffic through TCP port 443, otherwise i can't use openVPN. But i already have a letsencrypt docker configured as SpaceInvaderOne explained in his ReserveProxy/Nextcloud guide. So i'm basically forwarding TCP Port 443 -> 1443. How can i use this port with openVPN?

 

On 6/23/2019 at 10:29 PM, Squid said:

Been quite awhile since I've used this app (have switched to a different method of connecting remotely), but after you set up the user etc via the admin login, don't you just login locally as the appropriate user and then download the .ovpn file there and then move it to the applicable device?

What method are you using? A Wireguard docker would be awesome

Share this post


Link to post

I have this all setup and I have the letsencrypt reverse proxy setup and I tried using one of those to point to my WAN IP and it did not work, I did get it working just using my WAN IP without anything pointing to it and it connected, otherwise it did not work.  Is there something I need to setup to use my reverse proxy for that? 

Share this post


Link to post
11 hours ago, suRe said:

What method are you using? A Wireguard docker would be awesome

Top secret

Share this post


Link to post

Hi All,

 

I've had this docker working fine for a few years now and it seems to have stopped working, presumably since upgrading to 6.7.

 

I can access the web ui, but cannot start the server. I get the following error in the web ui:

 

Quote

service failed to start due to unresolved dependencies: set(['user'])

service failed to start due to unresolved dependencies: set(['iptables_openvpn'])

Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ['iptables-restore v1.6.0: Bad IP address ""', '', 'Error occurred at line: 143', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:142,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:66,util/error:47

service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])

service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

Has anyone got any ideas for that? I've read the last few pages of this thread but couldn't see anything relevent.

 

Cheers,

 

Tom

Share this post


Link to post
3 hours ago, giantkingsquid said:

Hi All,

 

I've had this docker working fine for a few years now and it seems to have stopped working, presumably since upgrading to 6.7.

 

I can access the web ui, but cannot start the server. I get the following error in the web ui:

 

Has anyone got any ideas for that? I've read the last few pages of this thread but couldn't see anything relevent.

 

Cheers,

 

Tom

Switch to bridge networking and some other changes.

 

See the GitHub or docker hub pages for specific info (links on the first page)

Share this post


Link to post
On 6/25/2019 at 11:34 AM, suRe said:

@SpaceInvaderOne Thank you for the updated Tutorial

 

But how would one solve the following problem: I need to route the openVPN traffic through TCP port 443, otherwise i can't use openVPN. But i already have a letsencrypt docker configured as SpaceInvaderOne explained in his ReserveProxy/Nextcloud guide. So i'm basically forwarding TCP Port 443 -> 1443. How can i use this port with openVPN?

 

What method are you using? A Wireguard docker would be awesome

Not sure what you mean here. I am running the same docker, only port forwarded is 1194. Just set it to udp port 1194 (it's the default port) Works great with openVPN :)

 

 

Share this post


Link to post
14 hours ago, ProZac said:

Not sure what you mean here. I am running the same docker, only port forwarded is 1194. Just set it to udp port 1194 (it's the default port) Works great with openVPN :)

 

 

Yes, it works great in pretty much every country. But i got relatives living in egypt, and apparently egypt seems to be able to block the vpn traffic (started two weeks ago, before it worked perfect with udp 1194). I've read somewhere, that for example people living in china use TCP port 443 for VPN, since only on this port the VPN seem to be working. I hope it is more understandable now.

Share this post


Link to post
Posted (edited)
2 hours ago, suRe said:

Yes, it works great in pretty much every country. But i got relatives living in egypt, and apparently egypt seems to be able to block the vpn traffic (started two weeks ago, before it worked perfect with udp 1194). I've read somewhere, that for example people living in china use TCP port 443 for VPN, since only on this port the VPN seem to be working. I hope it is more understandable now.

How about port 80 tcp?

 

A lot of public wifi also block vpns (mainly block all udp connections as well as tcp except for 80 and 443) so I use port 80 for mine

Edited by aptalca

Share this post


Link to post
Posted (edited)

Followed the tutorial, but can't get it working... forwarded 1194 to my unraid server on pfsense, added A records so my domain is correct (the same way i've been using it for nextcloud, which works perfectly) but for some reason none of my devices connect. They always timeout. What am i missing? The ip adress in the logging below (removed) matches the domain. Port forwarding should be ok as well, docker is running in bridged mode, priviliged. Added a user like in the video. Should that user match an existing user on the unraid server maybe?


Fri Jun 28 10:17:10 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019

Fri Jun 28 10:17:10 2019 Windows version 6.2 (Windows 8 or greater) 64bit

Fri Jun 28 10:17:10 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10

Fri Jun 28 10:17:10 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

Fri Jun 28 10:17:10 2019 Need hold release from management interface, waiting...

Fri Jun 28 10:17:10 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

Fri Jun 28 10:17:11 2019 MANAGEMENT: CMD 'state on'

Fri Jun 28 10:17:11 2019 MANAGEMENT: CMD 'log all on'

Fri Jun 28 10:17:11 2019 MANAGEMENT: CMD 'echo all on'

Fri Jun 28 10:17:11 2019 MANAGEMENT: CMD 'bytecount 5'

Fri Jun 28 10:17:11 2019 MANAGEMENT: CMD 'hold off'

Fri Jun 28 10:17:11 2019 MANAGEMENT: CMD 'hold release'

Fri Jun 28 10:17:11 2019 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Fri Jun 28 10:17:11 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Jun 28 10:17:11 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Jun 28 10:17:11 2019 MANAGEMENT: >STATE:1561709831,RESOLVE,,,,,,

Fri Jun 28 10:17:11 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194

Fri Jun 28 10:17:11 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]

Fri Jun 28 10:17:11 2019 UDP link local: (not bound)

Fri Jun 28 10:17:11 2019 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194

Fri Jun 28 10:17:11 2019 MANAGEMENT: >STATE:1561709831,WAIT,,,,,,

Fri Jun 28 10:18:11 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Fri Jun 28 10:18:11 2019 TLS Error: TLS handshake failed

Fri Jun 28 10:18:11 2019 SIGUSR1[soft,tls-error] received, process restarting

Fri Jun 28 10:18:11 2019 MANAGEMENT: >STATE:1561709891,RECONNECTING,tls-error,,,,,

Fri Jun 28 10:18:11 2019 Restart pause, 5 second(s)

...etc

Edited by jowi

Share this post


Link to post
Posted (edited)

Ok, i think i know what the 'problem' is... i was testing the connection by starting the openvpn from a windows pc inside my internal network... that won't work probably. Using my iphone, disconnecting it from wifi and using 4G (so, external) i can connect to my unraid machine without any problem using openVPN server. So i guess the only way to test this is with an actual, external machine.

 

Or in other words, is there a way to test this locally, from inside the network?

Edited by jowi

Share this post


Link to post

I am attempting to set this up for the first time. I can access the /admin page, sometimes getting a connection refused, but after waiting a bit it goes through. But when I access the client page through https://unraidipaddress:943/?src=connect or /client or naked, I get "ERR_EMPTY_RESPONSE" [unraidserverip] did not send data.

 

Any suggestions?

 

*NOTE* Followed SpaceIndavaders 2019 guide to set it up. Have it in bridge mode. 

 

Share this post


Link to post

Has anyone had their configuration completely wiped out after updating? If so how do I backup a configuration file to another location that I can load in the event this happens again?

Share this post


Link to post
Posted (edited)
5 hours ago, SergeantCC4 said:

If so how do I backup a configuration file to another location that I can load in the event this happens again?

Edited:  Oops, you were referring to backing up the OpenVPN AS configuration files.  My bad. 

Edited by Hoopster

Share this post


Link to post

Good evening,

Tried checking the net for this, but was unable to locate an answer.  I'm following SpaceInvader Once's guide for this set up.  After I install OpenVPN AS and launch the admin web gui, the default login/password of admin/password is not working for me.  It says the password is invalid.  Its my first time trying to set it up.  Also noticed that port 1194 won't open up as well even though I have it set in my USG with it pointed to my server IP's address.  Any assistance is greatly appreciated.  

Share this post


Link to post
15 hours ago, SergeantCC4 said:

Has anyone had their configuration completely wiped out after updating? If so how do I backup a configuration file to another location that I can load in the event this happens again?

A few updates ago was a completely new layout with tons of changes, but after this, the updates are quite small. I would just use CA backup/restore for the docker and run restore if your config vanishes :)

 

Share this post


Link to post
8 hours ago, Iceman1199 said:

Good evening,

Tried checking the net for this, but was unable to locate an answer.  I'm following SpaceInvader Once's guide for this set up.  After I install OpenVPN AS and launch the admin web gui, the default login/password of admin/password is not working for me.  It says the password is invalid.  Its my first time trying to set it up.  Also noticed that port 1194 won't open up as well even though I have it set in my USG with it pointed to my server IP's address.  Any assistance is greatly appreciated.  

Sounds like you might have some old config saved maybe? Default user/pass will always work on fresh install. Try removing docker and docker folder and reinstall.
What do you mean when you say port 1194 won't open? You say you can't reach the OpenVPN GUI, what are you trying to do trough port 1194 when you haven't set up the docker?

Share this post


Link to post
9 hours ago, ProZac said:

A few updates ago was a completely new layout with tons of changes, but after this, the updates are quite small. I would just use CA backup/restore for the docker and run restore if your config vanishes :)

 

It might be a compilation of updating unraid itself to 6.7.2 as well as openvpn to 2.7.4. But that's speculation on my part. I downloaded the backup/restore program but is there not just a configuration file in the openvpn-as folder I can move to back it up occasionally? The Backup/Restore takes the docker offline and I'd like to avoid that if at all possible.
Preferably it would be nice to just have an "export configuration" option on the UI like in a router where if moving to a different system, or in the event of failure I can just import the file and I'm good to go.

Share this post


Link to post

Hi, recently I bought a microtik router and found out reading on internet it does not like vpn using udp. Some say they configured it but others say RoS did not officially implement it yet. I followed spaceinvaderone's guide and I am suscribed to PiA. So would like to ask if anyone in the community has successfully setup a RoS router with OpenVPN server since I would like to go this route unless it is not possible.
My rb4011 is my main and only router.
Rgds

Share this post


Link to post
On 6/26/2019 at 10:44 PM, aptalca said:

Switch to bridge networking and some other changes.

 

See the GitHub or docker hub pages for specific info (links on the first page)

Thanks very much, got around to making the changes and all is working well. Thanks again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.