[Support] Linuxserver.io - OpenVPN AS


Recommended Posts

7 hours ago, bavism said:

Adding INTERFACE didn't solve the problem

 

Current run command: /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge2' --log-opt max-size='50m' --log-opt max-file='1' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -e 'INTERFACE'='eth0' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as' 

ff1ad02a88e6e8bcfaf27a54fb73364c371ca262c0bf217464b237662bad3c6c

 

ifconfig from the container shows eth0 with the correct ip:


root@ff1ad02a88e6:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.3  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:ac:12:00:03  txqueuelen 0  (Ethernet)
        RX packets 53  bytes 7403 (7.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 37  bytes 3074 (3.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

Network config on bridge2 seems correct (at least, nothing missing compared to the default bridge):


{
        "Name": "bridge2",
        "Id": "e2b9cc8c0b99a6067ccba2f885a97dbc098a51ea66f2146a2c3b38820ff3303d",
        "Created": "2020-01-24T00:04:57.831164279-08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "df12779932b70052012b8850741b0ddccb5caf9aeb84e2e65d70be221495a183": {
                "Name": "ddclient",
                "EndpointID": "c953404ed51e638bf0e761e5d2fcabf37b3600f36309361f19ebf2ff72c4e5db",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "ff1ad02a88e6e8bcfaf27a54fb73364c371ca262c0bf217464b237662bad3c6c": {
                "Name": "openvpn-as",
                "EndpointID": "5db7e0a0ccb7832b6098b8da46ae2bf3bfd11a9d54a090bc3bdb3638a8406694",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }

 

Still the same error in the OpenVPN-AS web ui. I would be interested in seeing your settings where you have OpenVPN running on a custom network.

Sorry, I mixed you up with someone not accessing the webui. So only checked if the webui was available.

 

I don't think it works using host or a custom bridge then. So you are left running it on the default bridge, unless someone else comes up with a magic sauce.

 

Link to comment

hey there, as always love the linuxserver.io docker images they just work :D

 

one quick question, how do i generate the client ovpn files do i just connect to the docker image and use sacli? https://openvpn.net/vpn-server-resources/create-connection-profiles-and-connect-client-installers/

 

or am i blind and there is an option hidden away in the web gui somewhere? my googlefu has failed me.

i see you can revoke so i thought id ask if creation is in here too.

 

Thanks in advance!

Link to comment
1 hour ago, phyzical said:

hey there, as always love the linuxserver.io docker images they just work :D

 

one quick question, how do i generate the client ovpn files do i just connect to the docker image and use sacli? https://openvpn.net/vpn-server-resources/create-connection-profiles-and-connect-client-installers/

 

or am i blind and there is an option hidden away in the web gui somewhere? my googlefu has failed me.

i see you can revoke so i thought id ask if creation is in here too.

 

Thanks in advance!

The user logs in and downloads the config.

You can also use the command line also if that is better for you.

Link to comment
53 minutes ago, saarg said:

The user logs in and downloads the config.

You can also use the command line also if that is better for you.

hmm maybe im missing something.

 

i tried creating another user that didnt have admin access and i just got a forbidden to /admin. is there another endpoint that serves the file?

or what section in the ui do i see the created configs/ choose to create them?

 

thanks

 

edit:

AH derp there is another port >.>

 

thanks :P

Edited by phyzical
Link to comment
1 hour ago, phyzical said:

hmm maybe im missing something.

 

i tried creating another user that didnt have admin access and i just got a forbidden to /admin. is there another endpoint that serves the file?

or what section in the ui do i see the created configs/ choose to create them?

 

thanks

 

edit:

AH derp there is another port >.>

 

thanks :P

Not another port, just connect to the gui without "/admin" at the end

Link to comment

Hi All,

 

I seem to have a reoccuring problem with openvpn whenever I update the docker container. This has happened multiple times, and I have usually fixed it by deleting the whole docker and starting from scratch, I don't feel like this is a valid way of dealing with this problem though. So whenever I update the docker, it seems to start fine, but fails to load anything. This is the run command
1250901356_openvpn1.thumb.PNG.b2c1fdedd5d99bacefa50b4a3b6eda26.PNG

 

and the log file

 

685072860_openvpn2.thumb.PNG.c869b00b56056eaf062e741bb482d875.PNG

 

I am unsure what is going on here, if it's a file location, a configuration error or what. I followed the spaceinvaderone video that was update in 2019 to set this up. Any help would be much appreciated as this is a real pain point in my vpn. Thanks!

Link to comment
1 hour ago, 15goudreau said:

Hi All,

 

I seem to have a reoccuring problem with openvpn whenever I update the docker container. This has happened multiple times, and I have usually fixed it by deleting the whole docker and starting from scratch, I don't feel like this is a valid way of dealing with this problem though. So whenever I update the docker, it seems to start fine, but fails to load anything. This is the run command
1250901356_openvpn1.thumb.PNG.b2c1fdedd5d99bacefa50b4a3b6eda26.PNG

 

and the log file

 

685072860_openvpn2.thumb.PNG.c869b00b56056eaf062e741bb482d875.PNG

 

I am unsure what is going on here, if it's a file location, a configuration error or what. I followed the spaceinvaderone video that was update in 2019 to set this up. Any help would be much appreciated as this is a real pain point in my vpn. Thanks!

Try /mnt/cache or /mnt/diskX for config folder. And start from scratch

Link to comment
On 1/13/2020 at 9:25 PM, jameson_uk said:

I have everything working but I want to setup Google Authenticator.   Just setting the option to enable it in user management means I cannot login as anyone.

 

Reading around it looks like I can add this via the command line?    If I do this will it persist across container updates?    (On a similar note I have read somewhere about the admin user returning after an update?  Is this a thing?)

OK here is what I did and what I was missing...

The tickbox in the console sets it for everyone and I couldn't get the server to start after setting this.

I also wanted to set it for a specific user as last time I couldn't get it to work so ended up having to trash everything and start again.

So after setting up the user I opened up the console for the container and from /config/scripts I ran

./sacli --user <USERNAME> --key "prop_google_auth" --value "true" UserPropPut

Then the key thing I was missing was that I needed to logon to the web interface rather than the Android client.   Logging on via the Android client just prompts you for an authenticator code and doesn't give you the option to register.  logging in via the web console lets you login and then gives you the QR code to register with Google Authenticator.

 

Still haven't figured out whether this sticks following a container update???

Link to comment

Hi guys, I'm having a weird issue after the most recent update.

 

Having just gotten around to updating, I can no longer get openVPN to start correctly.  Please see the image below for a snap of the log file - seems a directory has gone awry...

 

 

openvpnbroke.png

 

*edit* looks like others have had the same issue, is there a confirmed solution yet? If I have to set it all up AGAIN I think I'm just done with this container.  Every other update it seems like I have to reconfigure from scratch...

Edited by Magiverous
additional info
Link to comment
55 minutes ago, Magiverous said:

Hi guys, I'm having a weird issue after the most recent update.

 

Having just gotten around to updating, I can no longer get openVPN to start correctly.  Please see the image below for a snap of the log file - seems a directory has gone awry...

 

 

openvpnbroke.png

 

*edit* looks like others have had the same issue, is there a confirmed solution yet? If I have to set it all up AGAIN I think I'm just done with this container.  Every other update it seems like I have to reconfigure from scratch...

It could be just the default location for the /config as explained up. I am going to re-set up instead of using appdata and put in directly onto the cache drive and see if it happens again when an update hits. I agree this is obnoxious and none of my other containers suffer this issue so I have to think it's an openvpn-as issue completely.

Link to comment
34 minutes ago, 15goudreau said:

It could be just the default location for the /config as explained up. I am going to re-set up instead of using appdata and put in directly onto the cache drive and see if it happens again when an update hits. I agree this is obnoxious and none of my other containers suffer this issue so I have to think it's an openvpn-as issue completely.

What I'm not understanding is why it's pointing to a folder that doesn't and from what I can tell, has never existed.  I've never changed any default settings when setting up the container in the past.  Unless they've changed the default settings within the container I just don't understand.

Link to comment
34 minutes ago, 15goudreau said:

It could be just the default location for the /config as explained up. I am going to re-set up instead of using appdata and put in directly onto the cache drive and see if it happens again when an update hits. I agree this is obnoxious and none of my other containers suffer this issue so I have to think it's an openvpn-as issue completely.

We (linuxserver.io) always recommend /mnt/cache for config folder locations. /mnt/user goes through fuse, which can have unwanted consequences for app files. If there is no cache drive, the alternative would be /mnt/diskX which also doesn't use fuse and instead writes directly to the disk

Link to comment
2 minutes ago, Magiverous said:

What I'm not understanding is why it's pointing to a folder that doesn't and from what I can tell, has never existed.  I've never changed any default settings when setting up the container in the past.  Unless they've changed the default settings within the container I just don't understand.

What folder are you talking about?

Link to comment
1 minute ago, aptalca said:

What folder are you talking about?

The error in the log indicates that /usr/local/openvpn_as/scripts/openvpnas is missing.  My docker settings have the config pointing to /mnt/user/appdata/openvpn-as/ (which is stored on the cache drive as per share settings).

 

The /mnt/user/appdata/openvpn-as/ folder has no 'scripts' directory either.

Link to comment
1 hour ago, aptalca said:

We (linuxserver.io) always recommend /mnt/cache for config folder locations. /mnt/user goes through fuse, which can have unwanted consequences for app files. If there is no cache drive, the alternative would be /mnt/diskX which also doesn't use fuse and instead writes directly to the disk

So myself, probably and many others, set stuff up as spaceinvaderone suggest with the appdata. Can you elaborate why it might not be a good idea for /mnt/user to be used instead of /mnt/cache? Is it fine to just have the folder in /mnt/cache? Will that mess up any cache settings of the docker? I'm not a super power user in unraid so there aren't always reasons why to do something and I am just using a suggestion from someone else without knowing the full reason. Would love more information about that.

Link to comment
2 hours ago, 15goudreau said:

So myself, probably and many others, set stuff up as spaceinvaderone suggest with the appdata. Can you elaborate why it might not be a good idea for /mnt/user to be used instead of /mnt/cache? Is it fine to just have the folder in /mnt/cache? Will that mess up any cache settings of the docker? I'm not a super power user in unraid so there aren't always reasons why to do something and I am just using a suggestion from someone else without knowing the full reason. Would love more information about that.

I just explained it in the above post. /mnt/user endpoint uses the "fuse" filesystem. Some things are not compatible or do not work as expected (it's fine for storing media data, but can have issues with executed files, symlinks, database files, etc.). /mnt/cache endpoint (and /mnt/diskX) uses the native filesystem on the cache disk.

Link to comment
4 hours ago, Magiverous said:

The error in the log indicates that /usr/local/openvpn_as/scripts/openvpnas is missing.  My docker settings have the config pointing to /mnt/user/appdata/openvpn-as/ (which is stored on the cache drive as per share settings).

 

The /mnt/user/appdata/openvpn-as/ folder has no 'scripts' directory either.

/usr/local/openvpn_as symlinks to /config. You don't have those subfolders because openvpn installation failed (likely due to fuse filesystem).

Link to comment
4 minutes ago, aptalca said:

/usr/local/openvpn_as symlinks to /config. You don't have those subfolders because openvpn installation failed (likely due to fuse filesystem).

I see, thank you so much for the assistance.  Is it primarily openvpn I should be putting directly on the cache or is the same true of most dockers?

 

Wouldn't want to be hitting issues with other more critical stuff down the line.  In this case I've just been unable to connect out of the local network for a few days, if some of my other stuff goes down it would be much much more bothersome ;-)

 

Thanks again, I really appreciate the help.

Link to comment
12 minutes ago, Magiverous said:

I see, thank you so much for the assistance.  Is it primarily openvpn I should be putting directly on the cache or is the same true of most dockers?

 

Wouldn't want to be hitting issues with other more critical stuff down the line.  In this case I've just been unable to connect out of the local network for a few days, if some of my other stuff goes down it would be much much more bothersome ;-)

 

Thanks again, I really appreciate the help.

We recommend all config folders to be put on /mnt/cache

Link to comment
Just now, aptalca said:

We recommend all config folders to be put on /mnt/cache

Ugh, can I just update that in the configs, or is this a reinstall ALL dockers job?

 

As a relative newbie to unraid I'm not sure how that information has escaped me for the last 6 months.  I've not seen that mentioned in ANY of the tutorials i've watched for my various dockers.

 

Better to find out now rather than another 6 months down the line with a heap more stuff running i guess ;-)

Link to comment
5 hours ago, Magiverous said:

Ugh, can I just update that in the configs, or is this a reinstall ALL dockers job?

 

As a relative newbie to unraid I'm not sure how that information has escaped me for the last 6 months.  I've not seen that mentioned in ANY of the tutorials i've watched for my various dockers.

 

Better to find out now rather than another 6 months down the line with a heap more stuff running i guess ;-)

If your appdata share is already set to cache only (recommended way), it's just a matter of editing the container settings and changing it from /mnt/user to /mnt/cache and it will use the same exact folders, so no reinstalling or anything.

Link to comment
3 hours ago, aptalca said:

If your appdata share is already set to cache only (recommended way), it's just a matter of editing the container settings and changing it from /mnt/user to /mnt/cache and it will use the same exact folders, so no reinstalling or anything.

Ahh, it is.  That's great news.  I'll get on that today.

 

Once more, thanks for the help 🙂

Link to comment
10 hours ago, aptalca said:

If your appdata share is already set to cache only (recommended way), it's just a matter of editing the container settings and changing it from /mnt/user to /mnt/cache and it will use the same exact folders, so no reinstalling or anything.

Huh, I've changed over most of it and you're very right - several minor and none critical errors (especially in Krusader) have literally vanished JUST by switching that over.  Why is this not more visible info?

 

Thanks man 🙂 🙂

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.