[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

I have openvpn-as installed as a docker and was using it successfully for a couple weeks.  Today I try to login through the webUI and it keeps telling me my login fails.  I tried both the admin and regular login portals, as well as admin and regular user logins.  I already tried removing and reinstalling the docker once because this isn't the first time this has happened.

 

Is this a common issue?  Where do I start for tryign to fix this?

Link to comment
18 hours ago, Blairwin said:

I have openvpn-as installed as a docker and was using it successfully for a couple weeks.  Today I try to login through the webUI and it keeps telling me my login fails.  I tried both the admin and regular login portals, as well as admin and regular user logins.  I already tried removing and reinstalling the docker once because this isn't the first time this has happened.

 

Is this a common issue?  Where do I start for tryign to fix this?

No, not a common issue. But without any further info, impossible to tell what causes it

Link to comment

Go

On 12/14/2019 at 2:51 AM, Blairwin said:

I have openvpn-as installed as a docker and was using it successfully for a couple weeks.  Today I try to login through the webUI and it keeps telling me my login fails.  I tried both the admin and regular login portals, as well as admin and regular user logins.  I already tried removing and reinstalling the docker once because this isn't the first time this has happened.

 

Is this a common issue?  Where do I start for tryign to fix this?

Got a similar issue today after the docker update, and the default admin password had reset. Check yours, might be the case.

Link to comment
3 hours ago, Chomes said:

Go

Got a similar issue today after the docker update, and the default admin password had reset. Check yours, might be the case.

If you read the docs linked in the first post, you will see that the default admin password always resets when you restart. You are supposed to create a new administrator account and disable the default one. 

  • Like 1
  • Thanks 2
Link to comment
  • 3 weeks later...

Hi all,

 

Please help, I am trying to set up port-share functionality of OpenVPN server.

I tried:

  • adding to container Extra Parameters:
    -e 'port-share 192.168.200.225 6580'
  • adding into the as.conf file: 
    # port share
    port_share.enable=true
    port_share.service=custom
    port_share.ip_address=192.168.200.225
    port_share.port=6580
  • modifying config-local.json:
    "vpn.server.port_share.enable": "true", 
    "vpn.server.port_share.ip_address": "192.168.200.225", 
    "vpn.server.port_share.port": "6580", 
    "vpn.server.port_share.service": "custom", 

None of the above worked.

 

How can I set port-share in the docker?

 

Thanks,

Mark

Link to comment
5 minutes ago, MasterMark said:

Hi all,

 

Please help, I am trying to set up port-share functionality of OpenVPN server.

I tried:

  • adding to container Extra Parameters:
    
    -e 'port-share 192.168.200.225 6580'
  • adding into the as.conf file: 
    
    # port share
    port_share.enable=true
    port_share.service=custom
    port_share.ip_address=192.168.200.225
    port_share.port=6580
  • modifying config-local.json:
    
    "vpn.server.port_share.enable": "true", 
    "vpn.server.port_share.ip_address": "192.168.200.225", 
    "vpn.server.port_share.port": "6580", 
    "vpn.server.port_share.service": "custom", 

None of the above worked.

 

How can I set port-share in the docker?

 

Thanks,

Mark

Why do you need to set up port share?

Link to comment
1 minute ago, saarg said:

Why do you need to set up port share?

I wish to bypass common stateless firewalls with OpenVPN TCP/443 port.

 

But my server also hosting another services on TCP/443 port. This is where port-share come to save the day, it can redirect non-VPN traffic to different port backend like nginx so I can serve webpages on 443 port.

Link to comment
7 minutes ago, MasterMark said:

I wish to bypass common stateless firewalls with OpenVPN TCP/443 port.

 

But my server also hosting another services on TCP/443 port. This is where port-share come to save the day, it can redirect non-VPN traffic to different port backend like nginx so I can serve webpages on 443 port.

You can use nginx to proxy the vpn connection. There should be instructions in this thread or the letsencrypt thread for how to do it. Should be posts from @aptalca

Edited by saarg
Link to comment
7 minutes ago, saarg said:

You can use nginx to proxy the vpn connection. There should be instructions in this thread or the letsencrypt thread for how to do it. Should be posts from @aptalca

Can you link that? I can't find it. Thanks.

 

If you are referring to the nginx config where stream{} and http{} section separated that is not working. The stream can't listen on port 443 when the http section also listening on port 443 simultaneously.

Link to comment

Since last week my OPENVPN-AS does not work properly so I delete the hole container and also the appdata folder of OPENVPN_AS. Next I reinstall the docker end followed the setup guide like the video of spacevaderone 

 

 

But for some reason I could not remove or disable the admin user. So, I create an new user with admin rights. Login with the new admin user end next I disable, change password etc. But nothing works. After loginout or restarting the docker the admin user is back with his default password and username.

 

I also tried to edit the AS.CONF file located in the appdata folder of OPENVPN but when I change the rule to  # boot_pam_users.0=admin and reboot the docker. The admin cannot login anymore, so I thought problem solved. But unfortunately when I tried to login with my new username I receive the error from the attachment.

 

Hopefully someone knows the right solutions and will tell me how to solve.

Thx.

 

login not working.JPG

Link to comment
5 minutes ago, TJOPTJOP said:

Since last week my OPENVPN-AS does not work properly so I delete the hole container and also the appdata folder of OPENVPN_AS. Next I reinstall the docker end followed the setup guide like the video of spacevaderone 

 

But for some reason I could not remove or disable the admin user. So, I create an new user with admin rights. Login with the new admin user end next I disable, change password etc. But nothing works. After loginout or restarting the docker the admin user is back with his default password and username.

 

I also tried to edit the AS.CONF file located in the appdata folder of OPENVPN but when I change the rule to  # boot_pam_users.0=admin and reboot the docker. The admin cannot login anymore, so I thought problem solved. But unfortunately when I tried to login with my new username I receive the error from the attachment.

 

Hopefully someone knows the right solutions and will tell me how to solve.

Thx.

 

https://docs.linuxserver.io/images/docker-openvpn-as#application-setup

 

 

  • Like 1
Link to comment

Hi guys.

 

I have followed Spaceinvaders newer guide on how to setup this docker (https://www.youtube.com/watch?v=fpkLvnAKen0&t=951s).

And all worked very well - until I had to connect to the server through the OpenVPN client. For some reason it just time out like it is unable to connect.

Does anybody have some idea on how this can be? 
Can it be because of that I have given the server a static IP address? 
Or can it have something to do with me using 1.1.1.1 and 1.0.0.1 as my primary and secondary DNS? 

 

I am really not into network setting at all, and I am a 100% newbie when it comes to unraid 🙂

 

/Noego

 

Link to comment
2 hours ago, MasterMark said:

Can you link that? I can't find it. Thanks.

 

If you are referring to the nginx config where stream{} and http{} section separated that is not working. The stream can't listen on port 443 when the http section also listening on port 443 simultaneously.

I don't have it bookmarked, so no link, but it's somewhere in those threads. Posted by aptalca.

 

Nginx is black arts for me, but nginx can handle multiple things on port 443 at the same time.

 

Try googling reverse proxy openvpn and the first hit should be a guy that did it.

 

Edit:

 

Edited by saarg
Link to comment
4 hours ago, Noego said:

Hi guys.

 

I have followed Spaceinvaders newer guide on how to setup this docker (https://www.youtube.com/watch?v=fpkLvnAKen0&t=951s).

And all worked very well - until I had to connect to the server through the OpenVPN client. For some reason it just time out like it is unable to connect.

Does anybody have some idea on how this can be? 
Can it be because of that I have given the server a static IP address? 
Or can it have something to do with me using 1.1.1.1 and 1.0.0.1 as my primary and secondary DNS? 

 

I am really not into network setting at all, and I am a 100% newbie when it comes to unraid 🙂

 

/Noego

 

Explain "I have given the server a static IP address"

Link to comment
5 hours ago, MasterMark said:

Can you link that? I can't find it. Thanks.

 

If you are referring to the nginx config where stream{} and http{} section separated that is not working. The stream can't listen on port 443 when the http section also listening on port 443 simultaneously.

Never used port share in openvpn, don't really know anything about it.

 

Unfortunately stream and http cannot listen on the same port. For a while I used port 80 with stream for openvpn. Then I switched to using port 53 over udp. Both let me access openvpn on various public wifi that normally block vpn connections. It's not bulletproof, but works well.

 

I'm now using wireguard over 53 udp and openvpn over 80 tcp

Link to comment
14 hours ago, aptalca said:

Never used port share in openvpn, don't really know anything about it.

 

Unfortunately stream and http cannot listen on the same port. For a while I used port 80 with stream for openvpn. Then I switched to using port 53 over udp. Both let me access openvpn on various public wifi that normally block vpn connections. It's not bulletproof, but works well.

 

I'm now using wireguard over 53 udp and openvpn over 80 tcp

 

Why is the docker does not mind about the port-share parameters? The OpenVPN port-share does exactly what I need without compromising other functionalities.

 

I tried again with nginx with a different approach:

I set up stream to listen on 443 and moved all other http session to 4443. Set OpenVPN to listen 9443. The stream section decide to pass to 4443 port or to 9443 port backend based on server name.

It works, but it broke nginx access control due to basically this is double reverse proxying and the backend does not known the real IP of the client. Yes, this is solvable, but the solution brakes the OpenVPN session. Also because of proxying all of the redirects on the backend will not work.

Here is the stream config:

stream
{
    map $ssl_preread_server_name $targetBackend
    {
        ~^(?<subdomain>.+).mydomain.com$	tcp_upstream;
        default					openvpn_upstream;
    }

    upstream tcp_upstream
    {
        # upstream nginx virtual hosts
        server x.x.x.x:4443;
    }

    upstream openvpn_upstream
    {
        # openvpn container
        server x.x.x.x:9443;
    }

    server
    {
        listen 443 so_keepalive=on;

        proxy_connect_timeout 300s;
        proxy_timeout 300s;

        proxy_pass $targetBackend;

        ssl_preread on;
    }
}

 

So because this is not working well I decided to take a different approach again.

Based on your idea, I moved everything to port TCP/80.

This is still not the best solution but keeps my HTTPS settings untouched and working.

Because of the stream proxy this still brakes the HTTP -> HTTPS redirections. I have not found a solution for this yet. But this is less painful, then the other option.

 

Still, the OpenVPN port-share is a far better than this nginx black magic.

I do not understand docker and containers enough to set it up alone. I can find several tutorials how to set up a bare OpenVPN-AS server, but not in docker and not in this exact docker.

 

Is there a chance to implement the port-share functionality to this container for the dumbs like me?

 

Oh and thanks for the hint to wireguard UDP/53, I might set it up on my router.

 

Thanks,

Mark

 

edit: Just to clarify: the OpenVPN-AS listen on 443 port, but the in the docker I mapped 9443 to 443 port inside the container. Same way with port 80 I use a different port for redirect.

Edited by MasterMark
Link to comment
5 hours ago, MasterMark said:

 

Why is the docker does not mind about the port-share parameters? The OpenVPN port-share does exactly what I need without compromising other functionalities.

 

I tried again with nginx with a different approach:

I set up stream to listen on 443 and moved all other http session to 4443. Set OpenVPN to listen 9443. The stream section decide to pass to 4443 port or to 9443 port backend based on server name.

It works, but it broke nginx access control due to basically this is double reverse proxying and the backend does not known the real IP of the client. Yes, this is solvable, but the solution brakes the OpenVPN session. Also because of proxying all of the redirects on the backend will not work.

Here is the stream config:


stream
{
    map $ssl_preread_server_name $targetBackend
    {
        ~^(?<subdomain>.+).mydomain.com$	tcp_upstream;
        default					openvpn_upstream;
    }

    upstream tcp_upstream
    {
        # upstream nginx virtual hosts
        server x.x.x.x:4443;
    }

    upstream openvpn_upstream
    {
        # openvpn container
        server x.x.x.x:9443;
    }

    server
    {
        listen 443 so_keepalive=on;

        proxy_connect_timeout 300s;
        proxy_timeout 300s;

        proxy_pass $targetBackend;

        ssl_preread on;
    }
}

 

So because this is not working well I decided to take a different approach again.

Based on your idea, I moved everything to port TCP/80.

This is still not the best solution but keeps my HTTPS settings untouched and working.

Because of the stream proxy this still brakes the HTTP -> HTTPS redirections. I have not found a solution for this yet. But this is less painful, then the other option.

 

Still, the OpenVPN port-share is a far better than this nginx black magic.

I do not understand docker and containers enough to set it up alone. I can find several tutorials how to set up a bare OpenVPN-AS server, but not in docker and not in this exact docker.

 

Is there a chance to implement the port-share functionality to this container for the dumbs like me?

 

Oh and thanks for the hint to wireguard UDP/53, I might set it up on my router.

 

Thanks,

Mark

 

edit: Just to clarify: the OpenVPN-AS listen on 443 port, but the in the docker I mapped 9443 to 443 port inside the container. Same way with port 80 I use a different port for redirect.

I'll look into port share. It sounds like it might be useful

  • Thanks 1
Link to comment
16 hours ago, MasterMark said:

[...]

I realized this config is a complete failure. On port 80 there is no $ssl_preread_server_name variable so all traffic will be passed to the OpenVPN backend. :(

 

Therefore my every attempt to redirect other traffic to HTTPS was futile.

Edited by MasterMark
Link to comment

I have everything working but I want to setup Google Authenticator.   Just setting the option to enable it in user management means I cannot login as anyone.

 

Reading around it looks like I can add this via the command line?    If I do this will it persist across container updates?    (On a similar note I have read somewhere about the admin user returning after an update?  Is this a thing?)

Link to comment

I'm not sure if this is the right place to post this but I just updated to unraid 6.8.1 and updated openvpn-as but now it doesn't work. (unable to connect with phone like before). I also can not pull up the web gui as well. I deleted the open-vpn from the docker and reinstalled but it still doesn't have websui. it simply says unable to connect.

 

Also I connected to it right before the server update and docker update just fine. Any ideas what is going on?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.