Jump to content
linuxserver.io

[Support] Linuxserver.io - OpenVPN AS

1877 posts in this topic Last Reply

Recommended Posts

Posted (edited)

Hello

 

Its my first time setting up a OpenVPN server so I don't know if this is the correct way of working or I'm missing something.

I have followed the Spaceinvaders guide and my VPN is working. I have tested it with my mobile phone using 4G and it works perfect. The problem was that I was at the office this morning and want to test it but I didn't have the profile so I tried to access to mydomain:943 and It couldn't be reached. I 'opened' the port just in case and still not working. So:

 

1) Is openVPN GUI only accesible through LAN for security reasons?

2) In this way, should I keep a copy of the profile somewhere in the cloud (my nextcloud, for example) in case this happen again to me?
3) In the case OpenVPN can be accesed through wan, what I'm missing? I tried the port in a hurry, but I'm using nginxproxymanager.

Thanks in advance.

Edited by Yeyo53

Share this post


Link to post
Posted (edited)
14 hours ago, Yeyo53 said:

Hello

 

Its my first time setting up a OpenVPN server so I don't know if this is the correct way of working or I'm missing something.

I have followed the Spaceinvaders guide and my VPN is working. I have tested it with my mobile phone using 4G and it works perfect. The problem was that I was at the office this morning and want to test it but I didn't have the profile so I tried to access to mydomain:943 and It couldn't be reached. I 'opened' the port just in case and still not working. So:

 

1) Is openVPN GUI only accesible through LAN for security reasons?

2) In this way, should I keep a copy of the profile somewhere in the cloud (my nextcloud, for example) in case this happen again to me?
3) In the case OpenVPN can be accesed through wan, what I'm missing? I tried the port in a hurry, but I'm using nginxproxymanager.

Thanks in advance.

You have not posted anything about how you set up the reverse proxy, so not easy for us to know what might be wrong.

If you would have used our letsencrypt container and the openvpn-as proxy-conf, you just open https://openvpn-as.domain.com/

But I see you use nginx proxymanager, so better to ask for support in that support thread.

Edited by saarg

Share this post


Link to post
On 4/2/2020 at 4:15 AM, SeaMax said:

Hello,

 

I have two problems with openvpn-as:

FIRST PROBLEM

i've also got the Error


SESSION ERROR: SESSION: Your session has expired, please reauthenticate (9007)

and I am at a loss of what exactly i have to do to fix it.

 

My setup:

(1) I've installed the openvpn-as container in bridge mode - i set up another user name (also with admin access), then login as said user and delete the standard admin user.

(2) I switch the network mode in the container to a custom proxynet (nginx setup from spaceinvader video)  so that i can reach my openvpn user and admin login from anywhere

(3) i edit the as.config file entry "boot_pam_users.0=" and put random characters in, so that my admin acc is not accesible if it was reset during switching of dhe network mode

(4) i go to my web interface login of openvpn: openvpn.***.* -> it opens to the user login page

-> i can login as my created user

(5) i go to openvpn.***.*/admin it opens to the admin login page

-> i get said error on login attempt with my created admin user

 

Now, people linked to this POST a couple of posts back.

There it says, regarding error solution:

"

1. iptables issues on host (either not installed or missing kernel modules)

2. you didn’t add cap-add NET_ADMIN

3. you’re using an unsupported networking method (host or macvlan)

"

1) i do not know what this means or what i have to check and possible fix

2) i've checked in advanced view, docker container is still created with "cap-add NET_ADMIN"

3) i do not know exactly what this means, is it possible that you cannot run openvpn on a custom setup unraid network (in my case "proxynet" and letsencrypt) - does it only run on "bridge" mode?

 

SECOND PROBLEM

Maybe related to first problem.

 

With my setup (as explained above) i can go on my mobile, go to my openvpn domain and download the access file for the mobile openvpn client.

BUT when i try to connect to my openvpn server the connection times out.

Openvpn is configured on UDP 1194 and i've forwarded this port to my unraid server (as per spaceinvaders video).

Any idea what could prevent it from getting a connection?

 

Thanks for the people reading this and in general developing this container.

 

 

 

 

did you ever figure this out? I'm having the exact same problem now

Share this post


Link to post
On 2/15/2020 at 4:54 PM, kayjay010101 said:

Have the exact same issue after watching spaceinvaderone's video. None of the commands posted in the last 2 or 3 pages have had any effect

did you ever figure this out? having the same problem

Share this post


Link to post
On 7/22/2020 at 1:20 AM, saarg said:

You have not posted anything about how you set up the reverse proxy, so not easy for us to know what might be wrong.

If you would have used our letsencrypt container and the openvpn-as proxy-conf, you just open https://openvpn-as.domain.com/

But I see you use nginx proxymanager, so better to ask for support in that support thread.

Hi, I set this up also using that guide. the problem is that when im using bridge mode it works, but when I use a custom proxynet (which letsencrypt is working on) it wont work. so if I want to keep the letsencrypt docker on the proxynet, but have it still work with the open-vpn docker (on bridge mode) I think we have to make some changes to the .conf file that you guys provide. what are those changes? I think this is the problem everyone is having. my ports on my router are open so when open-vpn is on the proxynet it is accessible through my domain, but when its on bridge mode, its not (get Nginx error) 

Share this post


Link to post
3 hours ago, akamemmnon said:

Hi, I set this up also using that guide. the problem is that when im using bridge mode it works, but when I use a custom proxynet (which letsencrypt is working on) it wont work. so if I want to keep the letsencrypt docker on the proxynet, but have it still work with the open-vpn docker (on bridge mode) I think we have to make some changes to the .conf file that you guys provide. what are those changes? I think this is the problem everyone is having. my ports on my router are open so when open-vpn is on the proxynet it is accessible through my domain, but when its on bridge mode, its not (get Nginx error) 

You need to use the host IP and the host mapped port in the proxy conf for it, instead of the container name and and container port

Share this post


Link to post

Hi all, please be gentle as still very new to unraid, but getting somewhere, i think within 24hrs of install.

 

I have been trying to set up openvpn server so that i can access my nas away from home, however if i click on the OpenVPN-AS and select WebUI, no matter what browser, caches and history cleared, restarting the browsers, it just wont load the page, anyone able to help, as google has not returned any working solutions.

Share this post


Link to post
3 hours ago, Marcjwebb said:

 

I have been trying to set up openvpn server so that i can access my nas away from home

It is a good idea to post your docker run command as explained in this post

 

The run command will show exactly what happens when the docker container is started, what paths are mapped and what variables are being passed on startup.  Without that, no one knows how you have the docker container configured and where to start looking to provide help.

Share this post


Link to post
On 9/8/2020 at 7:55 AM, Marcjwebb said:

Hi all, please be gentle as still very new to unraid, but getting somewhere, i think within 24hrs of install.

 

I have been trying to set up openvpn server so that i can access my nas away from home, however if i click on the OpenVPN-AS and select WebUI, no matter what browser, caches and history cleared, restarting the browsers, it just wont load the page, anyone able to help, as google has not returned any working solutions.

so, my config somehow got reset again so I am trying to follow the setup instructions from spaceinvaderone's video and ran into this issue. Initially i was successful using port 9443 until I did the first configuration change then i was able to use port 943 after rebooting. I hope this helps.  Next for me is to figure out this Activation Manager i see now.  

 

 

 

Edited by fatsindey
correction

Share this post


Link to post

Hi All,

I am new to OpenVPN and unRAID so forgive my Noobness.

I have just set up an unRAID server with OpenVPN installed on it on my LAN at home. I'm using duckdns to update my ip address.

When setting up OpenVPN I followed the Spaceinvader One tutorial video on youtube: https://www.youtube.com/watch?v=fpkLvnAKen0&t=960s

I am trying to connect to the server remotely using my laptop running windows 10. When I configure OpenVPN Server Name to my servers local ip address on the LAN and have my laptop connected to that same LAN I can connect to the server without any issues using OpenVPN. However, when I put the server name as either my duckdns address or my actual ip address (which is dynamic but doesn't change all that often) and try to connect remotely I cannot connect.

I have enabled port forwarding on my ASUS ROG Rapture GT-AX11000 Router forwarding port 1194 for UDP to my server on the LAN. I also tried turning it on for 1194 TCP and also tried TCP and UDP 943 port forwarding.
I tried turning off the firewall on my router as well.

I tried configuring OpenVPN to use port 1194 UDP only, then tried 1194 TCP only and then tried both UDP and TCP 1194 but all with the same result, no luck.

The fact that it works over LAN but not remotely makes me think that there must be some combination of ports/protocols that it wants that I am not doing right.


When I scan the port 1194 with Nmap I get "open|filtered" as the result.

I have done some googling and people are saying that "open|filtered" means Nmap cant tell exactly the condition of the port and that there may be a firewall blocking the packages but I don't know how to further test this theory.

 

Here is my Docker run command:

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='openvpn-as' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'PGID'='100' -e 'PUID'='99' -p '943:943/tcp' -p '9443:9443/tcp' -p '1194:1194/udp' -v '/mnt/user/appdata/openvpn-as':'/config':'rw' --cap-add=NET_ADMIN 'linuxserver/openvpn-as' 

ddd53f84c0cd0839dd25f6098992671123985c8a16439b3459d68f3fa05673b6

 

Here is the openVPN GUI logs from the client PC (windows 10) I am using to try and access the server:

Thu Sep 17 23:40:25 2020 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

Thu Sep 17 23:40:25 2020 OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020

Thu Sep 17 23:40:25 2020 Windows version 10.0 (Windows 10 or greater) 64bit

Thu Sep 17 23:40:25 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10

Thu Sep 17 23:40:25 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340

Thu Sep 17 23:40:25 2020 Need hold release from management interface, waiting...

Thu Sep 17 23:40:26 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340

Thu Sep 17 23:40:26 2020 MANAGEMENT: CMD 'state on'

Thu Sep 17 23:40:26 2020 MANAGEMENT: CMD 'log all on'

Thu Sep 17 23:40:26 2020 MANAGEMENT: CMD 'echo all on'

Thu Sep 17 23:40:26 2020 MANAGEMENT: CMD 'bytecount 5'

Thu Sep 17 23:40:26 2020 MANAGEMENT: CMD 'hold off'     

Thu Sep 17 23:40:26 2020 MANAGEMENT: CMD 'hold release'

Thu Sep 17 23:40:26 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Thu Sep 17 23:40:26 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Sep 17 23:40:26 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Sep 17 23:40:26 2020 MANAGEMENT: >STATE:1600350026,RESOLVE,,,,,,

Thu Sep 17 23:40:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY IP ADDRESS]:1194

Thu Sep 17 23:40:26 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Thu Sep 17 23:40:26 2020 UDP link local: (not bound)

Thu Sep 17 23:40:26 2020 UDP link remote: [AF_INET][MY IP ADDRESS]:1194

Thu Sep 17 23:40:26 2020 MANAGEMENT: >STATE:1600350026,WAIT,,,,,,

Thu Sep 17 23:40:30 2020 Server poll timeout, restarting

Thu Sep 17 23:40:30 2020 SIGUSR1[soft,server_poll] received, process restarting

Thu Sep 17 23:40:30 2020 MANAGEMENT: >STATE:1600350030,RECONNECTING,server_poll,,,,,

Thu Sep 17 23:40:30 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Thu Sep 17 23:40:30 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Sep 17 23:40:30 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Sep 17 23:40:30 2020 MANAGEMENT: >STATE:1600350030,RESOLVE,,,,,,

Thu Sep 17 23:40:30 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY IP ADDRESS]:1194

Thu Sep 17 23:40:30 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Thu Sep 17 23:40:30 2020 UDP link local: (not bound)

Thu Sep 17 23:40:30 2020 UDP link remote: [AF_INET][MY IP ADDRESS]:1194

Thu Sep 17 23:40:30 2020 MANAGEMENT: >STATE:1600350030,WAIT,,,,,,

Thu Sep 17 23:40:34 2020 Server poll timeout, restarting

Thu Sep 17 23:40:34 2020 SIGUSR1[soft,server_poll] received, process restarting

Thu Sep 17 23:40:34 2020 MANAGEMENT: >STATE:1600350034,RECONNECTING,server_poll,,,,,

Thu Sep 17 23:40:34 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Thu Sep 17 23:40:35 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Sep 17 23:40:35 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

Thu Sep 17 23:40:35 2020 MANAGEMENT: >STATE:1600350035,RESOLVE,,,,,,

Thu Sep 17 23:40:35 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][MY IP ADDRESS]:1194

Thu Sep 17 23:40:35 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Thu Sep 17 23:40:35 2020 Attempting to establish TCP connection with [AF_INET][MY IP ADDRESS]:1194 [nonblock]

Thu Sep 17 23:40:35 2020 MANAGEMENT: >STATE:1600350035,TCP_CONNECT,,,,,,

Thu Sep 17 23:40:39 2020 TCP: connect to [AF_INET][MY IP ADDRESS]:1194 failed: Unknown error

Thu Sep 17 23:40:39 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting

Thu Sep 17 23:40:39 2020 MANAGEMENT: >STATE:1600350039,RECONNECTING,init_instance,,,,,

Thu Sep 17 23:40:39 2020 Restart pause, 5 second(s)

 


Any support with what may be causing this overall problem and how to rectify it would be greatly appreciated.


Kind regards,

A Noob

Share this post


Link to post
3 hours ago, jorocketoz said:

The fact that it works over LAN but not remotely makes me think that there must be some combination of ports/protocols that it wants that I am not doing right.

Can't help on the OpenVPN client connection details I got everything setup and working properly with the same guide you used.

 

You may also want to look into WireGuard.  It is built into unRAID and very easy to configure.  I have both OpenVPN and WireGuard configured on my unRAID server and mobile clients; however, I find myself always using WireGuard for remote VPN access. OpenVPN has been relegated to backup duties should WireGuard ever have a problem.

 

 

Edited by Hoopster

Share this post


Link to post
On 9/18/2020 at 12:51 AM, Hoopster said:

Can't help on the OpenVPN client connection details I got everything setup and working properly with the same guide you used.

 

You may also want to look into WireGuard.  It is built into unRAID and very easy to configure.  I have both OpenVPN and WireGuard configured on my unRAID server and mobile clients; however, I find myself always using WireGuard for remote VPN access. OpenVPN has been relegated to backup duties should WireGuard ever have a problem.

 

 

Hi Hoopster, 

 

Thank you so much for your help. I have followed the WireGuard quickstart setup tutorial you gave the link to and the client software seems to be connecting as it is showing as "active" when I connect from the client computer. However, I am unsure how to use it to see and access my server remotely. So far when I type my server's local ip address in to chrome when WireGuard is showing the connection as "active" I still don't get anything loading. It just tries to connect and then says "This site can’t be reached".

 

Here is a capture of the WireGuard client interface after I click "Activate"

1880132191_WireGuardActive.jpg.33c75dfe79c0b45151f0d875ae9bf2c2.jpg

 

Here is the client log file:

2020-09-18 18:24:01.455340: [TUN] [peer-freightdawg-wg0-1] Starting WireGuard/0.1.1 (Windows 10.0.18362; amd64)
2020-09-18 18:24:01.456334: [TUN] [peer-freightdawg-wg0-1] Watching network interfaces
2020-09-18 18:24:01.458330: [TUN] [peer-freightdawg-wg0-1] Resolving DNS names
2020-09-18 18:24:01.465310: [TUN] [peer-freightdawg-wg0-1] Creating Wintun interface
2020-09-18 18:24:01.831329: [TUN] [peer-freightdawg-wg0-1] Using Wintun/0.8 (NDIS 6.83)
2020-09-18 18:24:01.856263: [TUN] [peer-freightdawg-wg0-1] Enabling firewall rules
2020-09-18 18:24:01.891169: [TUN] [peer-freightdawg-wg0-1] Dropping privileges
2020-09-18 18:24:01.892166: [TUN] [peer-freightdawg-wg0-1] Creating interface instance
2020-09-18 18:24:01.893164: [TUN] [peer-freightdawg-wg0-1] Routine: event worker - started
2020-09-18 18:24:01.895159: [TUN] [peer-freightdawg-wg0-1] Routine: handshake worker - started
2020-09-18 18:24:01.895159: [TUN] [peer-freightdawg-wg0-1] Routine: encryption worker - started
2020-09-18 18:24:01.896157: [TUN] [peer-freightdawg-wg0-1] Routine: decryption worker - started
2020-09-18 18:24:01.896157: [TUN] [peer-freightdawg-wg0-1] Routine: handshake worker - started
2020-09-18 18:24:01.897154: [TUN] [peer-freightdawg-wg0-1] Routine: encryption worker - started
2020-09-18 18:24:01.897154: [TUN] [peer-freightdawg-wg0-1] Routine: decryption worker - started
2020-09-18 18:24:01.897154: [TUN] [peer-freightdawg-wg0-1] Routine: decryption worker - started
2020-09-18 18:24:01.897154: [TUN] [peer-freightdawg-wg0-1] Routine: encryption worker - started
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] Routine: handshake worker - started
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] Routine: handshake worker - started
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] Routine: decryption worker - started
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] Routine: TUN reader - started
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] Routine: encryption worker - started
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] Setting interface configuration
2020-09-18 18:24:01.898150: [TUN] [peer-freightdawg-wg0-1] UAPI: Updating private key
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] UAPI: Removing all peers
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] UAPI: Transition to peer configuration
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - UAPI: Created
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - UAPI: Updating preshared key
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - UAPI: Updating endpoint
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - UAPI: Updating persistent keepalive interval
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - UAPI: Removing all allowedips
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - UAPI: Adding allowedip
2020-09-18 18:24:01.899149: [TUN] [peer-freightdawg-wg0-1] Bringing peers up
2020-09-18 18:24:01.900145: [TUN] [peer-freightdawg-wg0-1] Routine: receive incoming IPv6 - started
2020-09-18 18:24:01.900145: [TUN] [peer-freightdawg-wg0-1] Routine: receive incoming IPv4 - started
2020-09-18 18:24:01.903137: [TUN] [peer-freightdawg-wg0-1] UDP bind has been updated
2020-09-18 18:24:01.903137: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - Starting...
2020-09-18 18:24:01.903137: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - Routine: sequential receiver - started
2020-09-18 18:24:01.904143: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - Routine: nonce worker - started
2020-09-18 18:24:01.904143: [TUN] [peer-freightdawg-wg0-1] peer(SEly…Hrlk) - Routine: sequential sender - started
2020-09-18 18:24:01.904143: [TUN] [peer-freightdawg-wg0-1] Monitoring default v4 routes
2020-09-18 18:24:01.904143: [TUN] [peer-freightdawg-wg0-1] Binding v4 socket to interface 22 (blackhole=false)
2020-09-18 18:24:01.905132: [TUN] [peer-freightdawg-wg0-1] Setting device v4 addresses
2020-09-18 18:24:02.083655: [TUN] [peer-freightdawg-wg0-1] Monitoring default v6 routes
2020-09-18 18:24:02.085650: [TUN] [peer-freightdawg-wg0-1] Binding v6 socket to interface 0 (blackhole=false)
2020-09-18 18:24:02.088642: [TUN] [peer-freightdawg-wg0-1] Setting device v6 addresses
2020-09-18 18:24:02.228270: [TUN] [peer-freightdawg-wg0-1] Listening for UAPI requests
2020-09-18 18:24:02.228270: [TUN] [peer-freightdawg-wg0-1] Startup complete

 

Am I going the right way about how to try to access the server or is there something I am missing?

Edited by jorocketoz

Share this post


Link to post
6 hours ago, jorocketoz said:

 

Am I going the right way about how to try to access the server or is there something I am missing?

With WireGuard active you are just typing in the IP address of the unRAID server in your browser, correct?

 

Port 51820 is forwarded to unRAID server IP in your router or you have UPnP enabled?  I disable UPnP so I have to manually forward the port in my router config.

 

Do you have a static route in your router from the tunnel IP subnet to your unRAID server IP address (UPnP may make this unnecessary)?  Mine is 10.253.0.0/24 to 192.168.1.10

 

Below is a screenshot of my WireGuard tunnel setup.  I have mine configured with a Peer DNS server and for access to a VLAN for docker containers with their own static IP addresses.  That's why I have multiple Allowed IPs ranges.

 

The endpoint in your screenshot is showing what I assume is your router public IP address?  You may want to obscure that.

 

Perhaps reading from this post forward in the WireGuard Quickstart thread may help you find a solution.

 

WG Config.png

Edited by Hoopster

Share this post


Link to post
19 hours ago, Hoopster said:

With WireGuard active you are just typing in the IP address of the unRAID server in your browser, correct?

 

Port 51820 is forwarded to unRAID server IP in your router or you have UPnP enabled?  I disable UPnP so I have to manually forward the port in my router config.

 

Do you have a static route in your router from the tunnel IP subnet to your unRAID server IP address (UPnP may make this unnecessary)?  Mine is 10.253.0.0/24 to 192.168.1.10

 

Hey Hoopster,

 

Yes, with WireGuard active I am just typing the IP address of the unRAID server into my browser and getting "This site can’t be reached".

 

I first tried leaving UPnP enabled but it didn't work so I disabled it and manually forwarded the port in my router settings.

 

Since I disabled UPnP I set up a static route in my router but it wouldn't let me do the range of IP's (I could only type "10.253.0.0" not the "/24" at the end).

 

Thanks, my bad, I didn't even see the IP was showing, I have now edited and blocked the IP on the image attached.

 

I followed the Quickstart Guide link you posted and tried following the steps but it still isn't working.  As such I have just taken a bunch of screenshots of what I believe are the relevant settings pages in the router and on the unRAID server and posted them below so that maybe you can see what I am doing wrong:

 

Firewall

Firewall.thumb.jpg.4a39c86bacfc009b8bc8813bec1838d0.jpg

LAN DHCP 

827267021_LANDHCPConfig.jpg.4259488aa6c54480c88b099eede25077.jpg

LAN IP

2075490249_LANIP.jpg.a2040f755ee385cc191a2612c4f9ba26.jpg

LAN Route

1008639828_LANRoute.jpg.8c1b6c3ffeb52228ba06c1390034b04c.jpg

WAN NAT Passthrough

495614915_WANNATPassthrough.jpg.3416d28117f25df5879259000db1fc84.jpg

WAN Port Forwarding

728983161_WANPortforwarding.jpg.a30f1a3fee8e42e7ba0cc7d9c5e5e9d9.jpg

WAN UPnP off

1102234308_WANUPnpoff.thumb.jpg.7c77f9c9a24d669d694c77ca99801b9d.jpg

Dashboard VPN and WireGuard Client "Active"

2079141240_VPNDashboardVPN.jpg.48b0500a6863d5bda67973d5e3bafe54.jpg454676077_Wireguardclient.jpg.ccf32e4ff0f3067d1d73a3de18a7446e.jpg

unRAID Settings Network Settings

1204793080_VPNSettingsnetworksettings.thumb.jpg.bafd2a554bfa3a06bcee263a6d4f754b.jpg

unRAID Settings VPN Settings

889241676_VPNSettingsVPN.thumb.jpg.afc52bee860ef5a87b82f214a5660687.jpg

unRAID DuckDNS settings

1324664623_VPNDuckDNS.thumb.jpg.7c2143a1d48eb505073e8b47fccc3dfd.jpg

 

I know its a lot of screenshots but maybe it will enable you to see where I have gone wrong.

 

Kind regards.

Share this post


Link to post

Please take this discussion to the appropriate thread. This is the openvpn-as thread.

 

Thanks.

Share this post


Link to post
9 hours ago, aptalca said:

Please take this discussion to the appropriate thread. This is the openvpn-as thread.

 

Thanks.

Ok, will do, thanks.

Share this post


Link to post

Hello

I just got openvpnas setup and I am able to connect.  But I am having issues connecting to servers/devices on the internal network when i'm connected to vpn.
I tried with hostname and IP's.

Share this post


Link to post
3 hours ago, Andreas76 said:

Hello

I just got openvpnas setup and I am able to connect.  But I am having issues connecting to servers/devices on the internal network when i'm connected to vpn.
I tried with hostname and IP's.

Did you add your network subnet to the routing section in the gui settings?

Share this post


Link to post
1 hour ago, Andreas76 said:

Under network settings right?  Yes I changed the IP to my WAN IP

Aptalca didn't ask if you set it to your WAN IP, but to your local network subnet. You should enter your local network subnet.

Share this post


Link to post

OK I did that, and now its working.  I can access things via IP. 

thank you very much

 

Is it possible to access devices with hostnames as well

Share this post


Link to post

Hi all - feeling a bit of a twit tonight as I forgot my admin password and I only have one user set up as it is for home use.

 

Does any one have the process to reset via the docker CLI as I believe "passwd username" is possible but I'm unable to invoke it via the terminal.

 

Thanks

 

Terran

Share this post


Link to post
16 hours ago, ccsnet said:

Hi all - feeling a bit of a twit tonight as I forgot my admin password and I only have one user set up as it is for home use.

 

Does any one have the process to reset via the docker CLI as I believe "passwd username" is possible but I'm unable to invoke it via the terminal.

 

Thanks

 

Terran

passwd username won't work because it's not using pam

 

See the readme instructions about disabling the "admin" user, reverse that to re-enable admin user, restart container, log in with "admin/password", make your changes to your main user, and then disable admin user again.

Share this post


Link to post
3 hours ago, aptalca said:

passwd username won't work because it's not using pam

 

See the readme instructions about disabling the "admin" user, reverse that to re-enable admin user, restart container, log in with "admin/password", make your changes to your main user, and then disable admin user again.

Thanks for that... I'll look in to it. 

 

Thanks

 

T

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.