Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1563 posts in this topic Last Reply

Recommended Posts

Now, that being said, there is an issue where if for some reason somebody (guess who) decides to up and change a support thread for no real reason other than to just annoy people, then everyone who has already had the app installed will still be pointed at the old thread.

 

 

Share this post


Link to post

Good evening Guys,

 

I started reading from page 60 to 63 and i don't see anyone having this issue. I went online and searched on google and i came across this website https://discourse.linuxserver.io/t/openvpn-as-unable-to-login-since-latest-container-update/583.

The error I am getting is below: 

session error: argument of type 'nonetype' is not iterable: flat/twist:24,flat/ten:83,flat/flatstan:103,flat/ten:70,flat/ten:61,flat/flatstan:264,flat/ten:70,flat/ten:61,flat/flatstan:247,flat/flatstan:236,admin/astatus:165,admin/astatus:147 (exceptions.typeerror)

I already tried the fix that was there and it did not work. All i am trying to do is keep admin from populating again after i delete it. I tried changing the # boot_pam_users.0=admin to # boot_pam_users.0=kjhvkhv and it still does not work. However, then I added # boot_pam_users.0=admin and # boot_pam_users.0=kjhvkhv and still dont work. The only thing that works is just leaving boot_pam_users.0=admin like normal and then i am able to get into my other accounts. Any help will be appreciated.

 

Thank you very much.

 

image.png.ca2c21a776eabba1eadade6711682a56.png

Share this post


Link to post
1 hour ago, Tucubanito07 said:

Good evening Guys,

 

I started reading from page 60 to 63 and i don't see anyone having this issue. I went online and searched on google and i came across this website https://discourse.linuxserver.io/t/openvpn-as-unable-to-login-since-latest-container-update/583.

The error I am getting is below: 

session error: argument of type 'nonetype' is not iterable: flat/twist:24,flat/ten:83,flat/flatstan:103,flat/ten:70,flat/ten:61,flat/flatstan:264,flat/ten:70,flat/ten:61,flat/flatstan:247,flat/flatstan:236,admin/astatus:165,admin/astatus:147 (exceptions.typeerror)

I already tried the fix that was there and it did not work. All i am trying to do is keep admin from populating again after i delete it. I tried changing the # boot_pam_users.0=admin to # boot_pam_users.0=kjhvkhv and it still does not work. However, then I added # boot_pam_users.0=admin and # boot_pam_users.0=kjhvkhv and still dont work. The only thing that works is just leaving boot_pam_users.0=admin like normal and then i am able to get into my other accounts. Any help will be appreciated.

 

Thank you very much.

 

image.png.ca2c21a776eabba1eadade6711682a56.png

You need to uncomment it (remove the # sign)

Share this post


Link to post
11 hours ago, aptalca said:

You need to uncomment it (remove the # sign)

Awesome thank you. Admin is still under users inside the openvpn as, however, when you try to log in as admin and place password it does not work and it does not recreate the account. Again thank you guys. Have a great weekend. @SavageAUS @aptalca

Share this post


Link to post
On 9/6/2019 at 3:48 PM, Jenardo said:

I tried all three options:

  • Custom:br1 - vpn server does not start ... gives the "service failed to start due to unresolved dependencies" error that everyone has been complaining about.
  • Bridge mode - vpn server starts but all the custom:br1 containers are unreachable from the vpn client. I tried to ping/telnet the custom:br1 containers through the openvpn-as container's shell, but couldn't.
  • Host mode - vpn server starts and I can ping/telnet the custom:br1 containers successfully from the openvpn-as container's shell. However, all the custom:br1 containers are unreachable from the vpn client.

Edit: @ken-ji any ideas?

@ken-ji here are a few things that I found in an attempt to debug the issue. I am sticking to host mode since it's the most promising so far. I am testing this through a terminal on my phone which is connected to the open vpn server.

  • I can ping the server, a VM on br0, my laptop which is connected to my home network.
  • I cannot ping any of the br1 containers (can still ping them from the openvpn-as container though)
  • I used wireshark to take a look at packets leaving my server for some scenarios:
    • Ping an invalid IP on the network -- ARP packet to find the IP -> Expected
    • Ping one of the br1 containers -- ICMP packet for the PING request with a "no response found" -> Isn't this strange? I was expecting these packets to be routed directly to the br1 containers.

Any ideas?

 

Edit:

  • In the network settings of open vpn, I don't see br1. Is that expected?
  • When I do an 'ifconfig' inside the openvpn-as container, I see all the available interfaces (as0t0, br0, br1, docker0, eth0, eth1, lo, virbr0, vnet0). However, br0 has an ipv4 addr and a few ipv6 addrs defined while br1 only has the ipv6 ones. Expected? I assume that's the reason I don't see br1 in the network settings.
Edited by Jenardo

Share this post


Link to post

I'm going to have to give this a try. I'm not using the openvpn-as container myself (though I used to) as I've left VPN capabilities to a VPS that my router has an IPSEC connection with - since my provider is slowly rolling out CGNAT and I got selected as an early bird with no way out it seems. (Business grade plans need you to be a real business and no other non CGNAT ISP provider in the area)

Share this post


Link to post
22 hours ago, ken-ji said:

I'm going to have to give this a try. I'm not using the openvpn-as container myself (though I used to) as I've left VPN capabilities to a VPS that my router has an IPSEC connection with - since my provider is slowly rolling out CGNAT and I got selected as an early bird with no way out it seems. (Business grade plans need you to be a real business and no other non CGNAT ISP provider in the area)

I appreciate the effort.

The thing is ... this seems to be a traditional "required" setup to me .. containers have their own IPs and openvpn gives clients access to both host and containers ... nevertheless, nobody seems to be complaining about it (or just a handful who have gone silent).

Also, I would have tested with openvpn-as running on custom:br1, however, the container does not seem to be allowing that anymore (unresolved dependencies error) ... should I be reverting to a much older version of the container for instance. I don't even know if that would work. I can't really think of a decent solution here.

Share this post


Link to post

Hi guys,

 

I have been getting an error for a few days:

./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or director

 

Everything was working fine just a week ago. Noticed I couldnt connect anymore and checked the logs. Any help would be highly appreciated since google didnt give a lot of answers.

Share this post


Link to post

In the process of writing this post I ended up solving the issue. But figured I'd still post it in case others have a similar issue.

 

tl;dr I had to set my number of TCP and UDP daemons in OpenVPN to 1. I do have 4 cores / 8 threads and this setting defaulted to 8. If you do cat /proc/cpuinfo from the console of the OpenVPN docker it shows 8 CPUs. I set it to 4 first with no luck then when I put it to 1 everything worked like a charm.

 

--

 

I had similar problems as others with my docker container set to host mode. Reading through this thread (well, the last few pages anyway--it's a long thread), got me to the point that I could establish a VPN connection again. Unfortunately I could not access my LAN. I wiped the docker, the template, the appdata folder and all traces of the OpenVPN config from my DB, (I use mySQL as the backend storage for OpenVPN). Then I started from scratch also checking the Spaceinvader One video as well to make sure all my settings were the same (or similar--I have a different LAN subnet). I then set up a hotspot on my phone and connected my Android tablet to that. I could establish the VPN fine, but could not connect to anything after that. I could not hit the 172.17.x.x:983 address of the OpenVPN GUI or anything on my LAN.

 

I then used tcpdump on a couple Linux VMs (one on the unRAID server also hosting the OpenVPN docker and another on a different unRAID server). I then tried to open SSH connections from my tablet to those using IP addresses. In both cases sometimes the SSH client would show a connection and sometimes even got a little through the cipher negotiation and things, but never finished the handshake. On the VMs I not only looked for SSH connections from the unRAID server IP, but IPs on the 172.17.0.0/16 subnet used by the docker and VPN clients. I could see packets from the unRAID server IP and nothing in the 172.17 range, so that was good. But the sessions, (if they even started--over several tests it probably finished the TCP/IP handshake half the time), never were fully established. On the VM side it ended with the VM sending the same packet back to the client waiting for an ACK.

 

Unfortunately there are not sniffing tools as far as I know on the unRAID server or OpenVPN docker. On the server with the OpenVPN docker I also have mySQL and UniFi Controller dockers both in bridge mode. They do not give me any problems and at least the mySQL on is used fairly constantly, (also used by OpenVPN). Otherwise I would say it looks like something wrong with the NAT implementation.

Share this post


Link to post

Hey, so I've been using OpenVPN on my server for a while now and I stumbled upon spaceinvader's June 2019 update video for it and I wanted to update my configuration. Going through the guide, it occurs to me that the admin user cannot have its password changed, nor can I delete the user through the GUI. Is this a known issue and is there yet another work-around for this oversight that happens to be a recurring theme among OpenVPN versions.

 

Here's a clip of using the default 'password', changing it to '123', and the admin user still accepting the old password. Using openvpn-as version 2.7.5

https://giant.gfycat.com/DarkDisgustingBrownbear.webm

Share this post


Link to post
2 hours ago, Mytherium said:

Hey, so I've been using OpenVPN on my server for a while now and I stumbled upon spaceinvader's June 2019 update video for it and I wanted to update my configuration. Going through the guide, it occurs to me that the admin user cannot have its password changed, nor can I delete the user through the GUI. Is this a known issue and is there yet another work-around for this oversight that happens to be a recurring theme among OpenVPN versions.

 

Here's a clip of using the default 'password', changing it to '123', and the admin user still accepting the old password. Using openvpn-as version 2.7.5

https://giant.gfycat.com/DarkDisgustingBrownbear.webm

Read the Readme on github. Link in the first post.

Share this post


Link to post
On 9/18/2019 at 11:31 AM, Jenardo said:

I appreciate the effort.

The thing is ... this seems to be a traditional "required" setup to me .. containers have their own IPs and openvpn gives clients access to both host and containers ... nevertheless, nobody seems to be complaining about it (or just a handful who have gone silent).

Also, I would have tested with openvpn-as running on custom:br1, however, the container does not seem to be allowing that anymore (unresolved dependencies error) ... should I be reverting to a much older version of the container for instance. I don't even know if that would work. I can't really think of a decent solution here.

Finally took a look and i probably won't be using this thing as a docker - it requires way too many capabilities than what I'd like to limit it too.

Its very nature is that the docker needs to be in host mode to create multiple bridges and connect the client to a bridge then mess with the firewall rules to allow whatever you have. I'm sure I was hitting conflicts with my setup but yeah I never go it to work with my LAN at all. This might one of those applications I'd rather it run as a VM. But I might have a better look with this when I have time, hoping somebody else works out the issue.

 

In hindsight just realized the reason I couldn't even get it to work is that I set the thing to routed mode for everything, but OpenVPN-AS does not readily show you all the subnets they generated, which needed to be programmed into my router. Talk about complicated if you are trying to do all of this remotely. :P

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.