linuxserver.io

[Support] Linuxserver.io - OpenVPN-AS

992 posts in this topic Last Reply

Recommended Posts

On 9/30/2017 at 3:51 AM, CHBMB said:

It does for the most part. What is the ip address of your Unraid server?

 

The ip address of my unraid server is 192.168.2.134

Share this post


Link to post

I've got a problem when i try to start the webserver. I always get this error message:
 

process started and then immediately exited: ['Fri Oct 13 23:59:16 2017 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)']
service failed to start or returned error status

 

my docker run command is this:

/plugins/dynamix.docker.manager/scripts/docker create --name="openvpn-as" --net="host" --privileged="true" -e TZ="Europe/Berlin" -e HOST_OS="unRAID" -e "TCP_PORT_943"="943" -e "TCP_PORT_9443"="9443" -e "UDP_PORT_1194"="1194" -e "INTERFACE"="bond0" -e "PGID"="100" -e "PUID"="99" -v "/mnt/cache/appdata/openvpn-as":"/config":rw --cpuset-cpus=0-4,8-12 linuxserver/openvpn-as

 

i tried multiple times reinstalling the docker with removing the config folder and also removing the docker with all their images without success.

 

I hope someone can help me with this.

 

EDIT: a simple restart of the server fixed the problem....

Edited by DaLeberkasPepi

Share this post


Link to post

Hey guys,

I have successfully set everything up and it works perfectly. SSL and all. However, when a user connects and clicks "more details..." when asked "Allow VPN connection to...", the info presents the whole config file - something that doesnt feel right. Even the SSL information is there in plain sight. 

 

Is that normal? Can one edit the data that is shown in this "More information..." thing? If so, how ?

 

 

I appreciate any help !

ovpn.jpg

Share this post


Link to post

So far I have this OpenVPN docker working great with both my laptop and phone.  How do I upgrade the docker to the latest version of OpenVPN?

 

Thanks

Share this post


Link to post
23 minutes ago, puma1824 said:

So far I have this OpenVPN docker working great with both my laptop and phone.  How do I upgrade the docker to the latest version of OpenVPN?

 

Thanks

Restart the docker and it will pull the latest version.

Share this post


Link to post

i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer.

log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194

I tried restarting container, did not change.

Is there something I need to change on my end as a result of the container update?

Edited by wirenut

Share this post


Link to post
3 hours ago, wirenut said:

i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer.

log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194

I tried restarting container, did not change.

Is there something I need to change on my end as a result of the container update?

 

2 hours ago, wgstarks said:

Looks like I’m having the same issue.

 

Same issue as well 

 

version went from 2.1.9 to 2.1.12 

 

maybe we need to wait for the client app to be updated?

Edited by MowMdown

Share this post


Link to post
56 minutes ago, MowMdown said:

 

 

Same issue as well 

 

version went from 2.1.9 to 2.1.12 

 

maybe we need to wait for the client app to be updated?

No updates available yet but who knows what’s coming down the pipe. I posted about this issue in the openvpn forum. If I get an answer there I’ll forward it along.

Share this post


Link to post
6 hours ago, wirenut said:

i received unraid notification email of an update to the container from overnight. container auto update enabled in unraid. now i cannot connect from phone app or work computer.

log just keeps repeating TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XXX:1194

I tried restarting container, did not change.

Is there something I need to change on my end as a result of the container update?

 

2 hours ago, MowMdown said:

 

 

Same issue as well 

 

version went from 2.1.9 to 2.1.12 

 

maybe we need to wait for the client app to be updated?

 

From OpenVPN Support-

 



In Safari, go to the client web service - https://vpnurl here:943

Login and then click on your profile download at the bottom of that page, then choose Open in OpenVPN. You might just need a new profile due to changes in the default TLS settings of the new version.

 

I’m mobile today so I can’t check this since I’d have to do it from my local network. Maybe one of y’all can test it?

Share this post


Link to post
43 minutes ago, wgstarks said:

 

 

From OpenVPN Support-

 

 

 

 

I’m mobile today so I can’t check this since I’d have to do it from my local network. Maybe one of y’all can test it?

 

I did generate a new openvpn "Client.ovpn" profile and that didn't work.

Share this post


Link to post
On 10/27/2017 at 4:00 PM, MowMdown said:

 

I did generate a new openvpn "Client.ovpn" profile and that didn't work.

 

On 10/27/2017 at 4:03 PM, wirenut said:

Same here, didnt work

 

 

Ok. New reply from OpenVPN-AS support-

It looks like the upgrade procedure you followed broke the database.

Try the following to reset the TLS settings:

Go to Advanced VPN in the Admin UI.
Disable the "Enable TLS authentication" option.
Save settings.
Update running servers.
Enable the "Enable TLS authentication" option.
Save settings.
Update running servers.

Now try again.

This fixed the problem for me. @linuxserver.io Looks like updating the docker caused an incompatibility of the local database???

Edited by wgstarks
  • Like 1
  • Upvote 3

Share this post


Link to post
2 hours ago, wgstarks said:

 

 

 

Ok. New reply from OpenVPN-AS support-


It looks like the upgrade procedure you followed broke the database.

Try the following to reset the TLS settings:

Go to Advanced VPN in the Admin UI.
Disable the "Enable TLS authentication" option.
Save settings.
Update running servers.
Enable the "Enable TLS authentication" option.
Save settings.
Update running servers.

Now try again.

This fixed the problem for me. @linuxserver.io Looks like updating the docker caused a corruption of the local database???

 

Worked for me, thanks!

Share this post


Link to post
 
Worked for me, thanks!
Yes. Worked for me also. Thank you!

Sent from my HTC One M9 using Tapatalk

Share this post


Link to post

Thanks for the fix. All working now after the update.

Share this post


Link to post

@linuxserver.io @CHBMB @sparklyballs

After being questioned by OpenVPN tech support regarding the process I used to update OpenVPN-AS to the current version I informed them that I was running the server in a docker and that I had just updated the docker to install the updated application. I received this reply from OpenVPN-AS tech support-

Quote

 


Hello Walter,

That explains it. When the OpenVPN Access Server is updated with the installer package, it automatically makes corrections to the database to make it function on the new version. Simply yanking the databases out and putting it into a new version of Access Server will not take these steps.

In the future, this update process you have used can lead to a recurrence of problems. The recommended upgrade step is to update the package itself so that it can do its job. You are fortunate that I happen to know that that particular setting is what has been altered between 2.1.9 and 2.1.12 and was at the root of your problem. For future problems, we might not be able to provide such manual repair instructions.

This page shows you the instructions to do an in-place upgrade of Access Server:
https://docs.openvpn.net/configuration/keeping-openvpn-access-server-updated/

I think that you should be able to devise a means of upgrading now that will ensure the program has a chance to update your database before you do the docker replacement method.

I trust I have provided you with the information you were looking for. In order to keep our support system clean I will now close this support ticket. Of course, if you still have questions regarding this issue you may reopen this ticket at your convenience.



Kind regards,
Johan Draaisma
OpenVPN Technologies, Inc. 

 

I haven’t had a chance to completely review all the info they sent me, but it looks like future updates to the application may need to be applied within the application rather than pushing out an updated container??? Not quite sure if the exact process yet though?

Edited by wgstarks

Share this post


Link to post
On 28/10/2017 at 3:12 PM, wgstarks said:

 

 

 

Ok. New reply from OpenVPN-AS support-


It looks like the upgrade procedure you followed broke the database.

Try the following to reset the TLS settings:

Go to Advanced VPN in the Admin UI.
Disable the "Enable TLS authentication" option.
Save settings.
Update running servers.
Enable the "Enable TLS authentication" option.
Save settings.
Update running servers.

Now try again.

This fixed the problem for me. @linuxserver.io Looks like updating the docker caused a corruption of the local database???

 

I'm not certain that the update "corrupted" anything at all as to my knowledge this is the first time an update of the application has resulted in such a situation

I'd rather say it was a compatibility issue between versions that lead to a "broken" database

 

Gonna cite this post in the OP though

Share this post


Link to post
17 minutes ago, sparklyballs said:

 

I'm not certain that the update "corrupted" anything at all as to my knowledge this is the first time an update of the application has resulted in such a situation

I'd rather say it was a compatibility issue between versions that lead to a "broken" database

 

Gonna cite this post in the OP though

I agree, “corrupt” isn’t correct. The update required a modification of the database which didn’t occur when just pulling an updated docker.

 

Will updates work using the method recommended by tech support in a docker exec command? Not quite sure what the correct procedure should be.

Share this post


Link to post

I think the way they handle database changes is not optimal. The app itself should update the database (through proper versioning), not the installer. 

 

What if someone were to restore an older database that was backed up a few versions ago, do they have to install that old version and update through the installer? 

Share this post


Link to post
2 hours ago, aptalca said:

I think the way they handle database changes is not optimal. The app itself should update the database (through proper versioning), not the installer. 

 

What if someone were to restore an older database that was backed up a few versions ago, do they have to install that old version and update through the installer? 

I'm not even sure exactly how to create the backup? Tried using the docs supplied by tech support but I just get a segfault.

root@Brunnhilde:/mnt/cache/appdata/openvpn-as# ./bin/sqlite3 ./etc/db/config.db .dump > ./config.db.bak                                        
Segmentation fault

 

Share this post


Link to post

After receiving the info from tech support regarding updating the app from within the docker container I've been trying to work out the docker commands required to download and install the update inside the docker. Figured if I could figure out how to create the backup files they recommend that would be a good start. I believe I have finally worked that out but I keep getting a segfault error.

root@Brunnhilde:~# docker exec openvpn-as /bin/bash -c 'cd /config && ./bin/sqlite3 ./etc/db/config.db .dump > ./config.db.bak'
/bin/bash: line 1:   435 Segmentation fault      ./bin/sqlite3 ./etc/db/config.db .dump > ./config.db.bak

I'm not positive, but after googling I think this is related to the permissions set on the openvpn appdata folder-

root@Brunnhilde:~# cd /mnt/cache/appdata/openvpn-as
root@Brunnhilde:/mnt/cache/appdata/openvpn-as# ls -al
total 84
drwxr-xr-x 10 nobody users   174 Oct 30 18:48 ./
drwxrwxrwx 13 nobody users   258 Oct 30 03:00 ../
drwxr-xr-x  2 nobody users    70 Oct 27 18:17 bin/
-rw-r--r--  1 root   root      0 Oct 30 18:48 config.db.bak
drwxr-xr-x  5 nobody users   161 Oct 27 18:16 doc/
drwxr-xr-x  9 nobody users   233 Oct 27 18:17 etc/
-rw-r--r--  1 nobody users   448 Aug 30 17:34 exports
drwxr-xr-x  3 nobody users    23 Oct 27 18:16 include/
-rw-r--r--  1 nobody users 10898 Oct 27 18:17 init.log
drwxr-xr-x  6 nobody users  4096 Oct 27 18:16 lib/
-rw-r--r--  1 nobody users 54308 Oct 27 18:16 license.txt
drwxr-xr-x  2 nobody users  4096 Oct 28 09:57 log/
drwxr-xr-x  2 nobody users    79 Oct 27 18:16 sbin/
drwxr-xr-x  2 nobody users  4096 Oct 27 18:17 scripts/

I know these permissions aren't the same as any of the other docker appdata folders I have installed, but that doesn't mean they aren't correct.

 

Should I run "New Permissions" on this folder?

 

Or maybe I'm using the wrong command completely and should be using something else?

Share this post


Link to post

I followed space invader's tutorial, tested it and it works if I use the user 'admin'. I tried to set up another user but was unable to log on, says login failed? I created the user/password by telneting into the docker as shown in the video.

 

Also, since I only have the DDNS (xxxxxx.duckdns.org), does that mean I can't make use of the SSL certificate? Is it less secure then/what other downsides are there? Thanks

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


Copyright © 2005-2018 Lime Technology, Inc.
unRAID® is a registered trademark of Lime Technology, Inc.