[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

On 9/27/2019 at 7:07 PM, aptalca said:

Not if you do dns or duckdns validation

@aptalca Maybe this is the wrong topic, let me know if I should be moving this somewhere else.

I already have a duckdns domain setup. And I assume we established that I cannot use http validation because I do not want to expose a public port to my reverse proxy and only want to use it internally.

Is there a guide to how I can set this up? I tried "quickly" searching the letsencrypt topic but couldn't find what I am looking for. Thanks.

Link to comment
3 hours ago, Jenardo said:

@aptalca Maybe this is the wrong topic, let me know if I should be moving this somewhere else.

I already have a duckdns domain setup. And I assume we established that I cannot use http validation because I do not want to expose a public port to my reverse proxy and only want to use it internally.

Is there a guide to how I can set this up? I tried "quickly" searching the letsencrypt topic but couldn't find what I am looking for. Thanks.

Github and docker hub pages linked in the first post have the most up to date info

 

You can also check out this blog article for some examples: https://blog.linuxserver.io/2019/04/25/letsencrypt-nginx-starter-guide/

Link to comment
On 9/28/2019 at 7:46 PM, jj_uk said:

I'm also trying to do this at the moment. I have 2 OpenVPN-as instances: OpenVPN-as 1 and OpenVPN-as 2.

 

On the router, i've forwarded 1194 to <unraid>:1194 and 1195 to <unraid>:1195.

 

OpenVPN-as 1 web gui is at <unraid>:943 and uses UDP 1194, in the template forward host 1194 to container 1194, and host 943 to container 943. 

 

OpenVPN-as 2 web gui is at <unraid>:944 and uses UDP 1195, in the template delete the host port 1194 and add a new port and forward 1195 to 1195, and forward host 944 to container 943.

 

In the OpenVPN-as 2 server settings -> network, change the UDP port to 1195.

 

Then it works. WAN 1194 connects to OpenVPN-as 1, WAN 1195 connects to OpenVPN-as 2

 

Worked like a charm !!!

 

The only problem I have to solve with the second vpn/server is that I can connect to internet trough the vpn but can't connect to my net, I can't access unraid.

 

*** SOLVED ***

The problem is I did specify the "ROUTING \ Specify the private subnets to which all clients should be given access (one per line):"

in the "VPN IP Network \ Group Default IP Address Network (Optional)"

 

It was my mistake while following spaceinvader tutorial.

 

Now I have 2 servers with one instance on every server of OpenVPN.

This way I can connect from work to home to each of those servers if one of they is shut down.

 

Thankyou
Gus

Edited by zzgus
Link to comment

Now you have added full access to your network via vpn, be VERY sure that you disconnect the VPN when its not in use. 

 

I have set up my access so that i cannot access unraid, it can only access the internet via unraid. Unraid runs pihole so its basicly an adblocker for my mobile. Its always connected, with a persistant connection (and auto-connect) in the openvpn android app on my phone.

No more adverts on 4G !

 

If i lose my phone, the VPN doesnt allow access to my internel network- only the internet.

Link to comment
On 10/3/2019 at 3:24 PM, jj_uk said:

Now you have added full access to your network via vpn, be VERY sure that you disconnect the VPN when its not in use. 

 

I have set up my access so that i cannot access unraid, it can only access the internet via unraid. Unraid runs pihole so its basicly an adblocker for my mobile. Its always connected, with a persistant connection (and auto-connect) in the openvpn android app on my phone.

No more adverts on 4G !

 

If i lose my phone, the VPN doesnt allow access to my internel network- only the internet.

are you doing pihole in docker or vm?

I have mine in docker with br0 for the network and openvpn can't use it.

Link to comment

Docker, br0.

 

Because openvpn uses bridge, it uses the same internet connection as unraid, e.g. direct to internet (via my router). 

My router is setup to use the pihole IP address as the DNS servers, therefore all openvpn requests go through pihole.

 

Edited by jj_uk
Link to comment
1 hour ago, jj_uk said:

Yes it does. You can create a new admin user, then login as new admin user, and delete the default admin user.

 

not OP, but I've deleted the "admin" account using another account with admin privileges but admin remains and I'm able to log into the web ui using admin/"password". What am I doing wrong? 

Link to comment
1 hour ago, loz678 said:

not OP, but I've deleted the "admin" account using another account with admin privileges but admin remains and I'm able to log into the web ui using admin/"password". What am I doing wrong? 

Not following the Readme on github that is linked in the first post.

Link to comment

So I switched out my router/modem because a problem with it. (to one that is a same) And then OpenVPN did not work even after I set up the same port forward, Router/modem IP is the same, NAS IP is the same. When I looked in unraid, the OpenVPN log did not show anything I see as at direct error, but I dont know, I dont quite remember. WebUI was not possible to open. There was an update to it so I installed that because why not, maybe that will fix it. It didnt, but now it actually spits out an error in the log:
 

[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...
[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
existing data found, reinstalling openvpn-as
/var/run/s6/etc/cont-init.d/30-config: line 31: cd: /config/etc/db: No such file or directory
[cont-init.d] 30-config: exited 1.
[cont-init.d] 40-openvpn-init: executing...
find: ‘/config/etc/db’: No such file or directory
/var/run/s6/etc/cont-init.d/40-openvpn-init: line 14: /usr/local/openvpn_as/bin/ovpn-init: No such file or directory
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
/var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory
[cont-init.d] 50-interface: exited 127.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
[services.d] done.
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

So it looks like it missing some files or something, How do I fix?
I think missing files is caused by the update I did probably, but that doesnt explain why changing router/modem broke it?

Link to comment
4 hours ago, Mihle said:

So I switched out my router/modem because a problem with it. (to one that is a same) And then OpenVPN did not work even after I set up the same port forward, Router/modem IP is the same, NAS IP is the same. When I looked in unraid, the OpenVPN log did not show anything I see as at direct error, but I dont know, I dont quite remember. WebUI was not possible to open. There was an update to it so I installed that because why not, maybe that will fix it. It didnt, but now it actually spits out an error in the log:
 


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...
[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
existing data found, reinstalling openvpn-as
/var/run/s6/etc/cont-init.d/30-config: line 31: cd: /config/etc/db: No such file or directory
[cont-init.d] 30-config: exited 1.
[cont-init.d] 40-openvpn-init: executing...
find: ‘/config/etc/db’: No such file or directory
/var/run/s6/etc/cont-init.d/40-openvpn-init: line 14: /usr/local/openvpn_as/bin/ovpn-init: No such file or directory
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
/var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory
[cont-init.d] 50-interface: exited 127.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
[services.d] done.
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

So it looks like it missing some files or something, How do I fix?
I think missing files is caused by the update I did probably, but that doesnt explain why changing router/modem broke it?

It looks like your config folder is borked. Restore from a backup or start fresh

Link to comment
15 hours ago, aptalca said:

It looks like your config folder is borked. Restore from a backup or start fresh

Removed it from docker page and then added it again from template, same thing happens.
That above and removed and added the tamplate from CA again, same thing happens.

 

I mean same error and WebUI does not open

Edited by Mihle
Link to comment
53 minutes ago, Mihle said:

Removed it from docker page and then added it again from template, same thing happens.
That above and removed and added the tamplate from CA again, same thing happens.

 

I mean same error and WebUI does not open

 

You need to use a new appdata folder.

Link to comment
23 minutes ago, Mihle said:

How and why?

Because uninstalling and reinstalling a docker container does not remove the appdata folder contents from any previous installation using the same folder.  Previous folder contents may be causing your problem as indicated by aptalca.

 

You can either specify a new appdata config folder path (you'll have to switch to Advanced view in docker container Edit screen) when you reinstall the container or make sure the prior one and its contents are completely removed before reinstalling to the same folder.

Link to comment

How do I go about routing my client's traffic out of the internal docker subnet to my network's subnet in bridged mode (only mode I could get working)? All my network subnets for unraid are defualt so the openvpn server assigns clients onto the 172 subnet but my network is on the 192 range. Clients can access anything on the unraid server, as well as the gateway for the 192 subnet, but cannot ping anything else in the 192 range. I am using an Edgerouter X as the gateway and the unraid server on the other side of a UniFi switch in mostly default configuration as far as routing is concerned.

 

The specific option which was mentioned in SpaceInvaderOne's updated video under configuration > vpn settings > routing > specific the private subents to which all clients should be given access does not seem to work in my situation. I have been battling with this for a few weeks now trying to figure it out on my own but anything I change that intuitively makes sense just breaks the server and I have to reinstall and reconfigure it to try again.

Link to comment
On 10/7/2019 at 2:45 PM, Mihle said:

So I switched out my router/modem because a problem with it. (to one that is a same) And then OpenVPN did not work even after I set up the same port forward, Router/modem IP is the same, NAS IP is the same. When I looked in unraid, the OpenVPN log did not show anything I see as at direct error, but I dont know, I dont quite remember. WebUI was not possible to open. There was an update to it so I installed that because why not, maybe that will fix it. It didnt, but now it actually spits out an error in the log:
 


[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 20-time: executing...
[cont-init.d] 20-time: exited 0.
[cont-init.d] 30-config: executing...
existing data found, reinstalling openvpn-as
/var/run/s6/etc/cont-init.d/30-config: line 31: cd: /config/etc/db: No such file or directory
[cont-init.d] 30-config: exited 1.
[cont-init.d] 40-openvpn-init: executing...
find: ‘/config/etc/db’: No such file or directory
/var/run/s6/etc/cont-init.d/40-openvpn-init: line 14: /usr/local/openvpn_as/bin/ovpn-init: No such file or directory
Stopping openvpn-as now; will start again later after configuring
cat: /var/run/openvpnas.pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]

[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing...
/var/run/s6/etc/cont-init.d/50-interface: line 9: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 10: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 11: /usr/local/openvpn_as/scripts/confdba: No such file or directory
/var/run/s6/etc/cont-init.d/50-interface: line 12: /usr/local/openvpn_as/scripts/confdba: No such file or directory
[cont-init.d] 50-interface: exited 127.
[cont-init.d] 99-custom-scripts: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
[services.d] done.
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory
./run: line 3: /usr/local/openvpn_as/scripts/openvpnas: No such file or directory

So it looks like it missing some files or something, How do I fix?
I think missing files is caused by the update I did probably, but that doesnt explain why changing router/modem broke it?

 

Did you ever figure this out or just have to delete your config folder and start over? Started getting the same things in my log and nothing working for me either now.

 

Link to comment
18 hours ago, deusxanime said:

 

Did you ever figure this out or just have to delete your config folder and start over? Started getting the same things in my log and nothing working for me either now.

 

I'm also getting the script error, tried making a new container altogether and the same thing happens with a fresh install. There is probably a typo in one of the updates. I find this docker image has updates that break it very often. I don't use it except to access local devices remotely so it's not on that often, but when I need it tends to be broken half the time. 

 

Probably need to wait for an update or roll back to a previous version that works. 

 

EDIT: scratch that, a fresh install did work

Edited by StuDaBaiker
Link to comment
Hi.
I`m new to OpenVPN. On my Win 10 PC it works fine. Now i want to test it on my Unraid server.
I use an firefox docker on my unraid server.  Can i use this docker to let firefox browse only over OpenVPN?
No, this is a server not a client

Sent from my Mi A1 using Tapatalk

Link to comment
6 hours ago, OOmatrixOO said:

Ok thanks. So i need a client docker.

It is unclear what you are really trying to accomplish through OpenVPN on unRAID.

 

On the unRAID server, this docker container is the OpenVPN server which allows a remote device (computer, phone, tablet, etc.) running an OpenVPN client to access the unRAID server over a secure VPN.

 

So, yes, if your intent is to access the unRAID server GUI via Firefox or access shares on unRAID from a remote client, this container will allow you to do that; however, you need an OpenVPN client configured to access this docker container as the server.

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.