search

d3vilh / openvpn-server

Fast Docker container with OpenVPN Server living inside.
MIT License
59 stars 29 forks source link

Cannot Connect to Server #28

Open ayenz opened 1 month ago

ayenz commented 1 month ago

Hi. I'm trying to setup openvpn server with openvpn ui. Procedure that I took

  1. Run image using default docker-compose.yml
  2. Change openvpn client connection address config
  3. Generate certificate, download and try to connect

In openvpn client log, stuck in "connecting" Screenshot 2024-08-05 093343

openvpn-server log

EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn
PKI already set up.
Following EASYRSA variables were set during CA init:
 EASYRSA_DN "org"
 EASYRSA_REQ_COUNTRY "ID"
 EASYRSA_REQ_PROVINCE "JV"
 EASYRSA_REQ_CITY "CGK"
 EASYRSA_REQ_ORG "Soleilnet"
 EASYRSA_REQ_EMAIL "wo.cliente.trial@gmail.com"
 EASYRSA_REQ_OU "Soleilnet"
 EASYRSA_REQ_CN "server"
 EASYRSA_KEY_SIZE 2048
 EASYRSA_CA_EXPIRE 3650
 EASYRSA_CERT_EXPIRE 825
 EASYRSA_CERT_RENEW 30
 EASYRSA_CRL_DAYS 180
 Auto generated by OpenVPN-UI v.0.9.5.5
Configuring networking rules...
IP forwarding configuration already applied:
net.ipv4.ip_forward = 1
Configuring iptables...
NAT for OpenVPN clients
Blocking ICMP for external clients
Blocking internal home subnet to access from external openvpn clients (Internet still available)
Applying firewall rules
Additional firewall rules applied.
IPT MASQ Chains:
MASQUERADE  all  --  10.0.70.0/24         anywhere            
MASQUERADE  all  --  10.0.71.0/24         anywhere            
IPT FWD Chains:
       0        0 DROP       1    --  *      *       10.0.71.0/24         0.0.0.0/0            icmptype 8
       0        0 DROP       1    --  *      *       10.0.71.0/24         0.0.0.0/0            icmptype 0
       0        0 DROP       0    --  *      *       10.0.71.0/24         192.168.88.0/24     
Start openvpn process...
openvpn ui log

Init. OVPN path: /etc/openvpn
Starting OpenVPN UI!
Config file: conf/app.conf
table `user` already exists, skip
table `settings` already exists, skip
table `o_v_config` already exists, skip
table `o_v_client_config` already exists, skip
table `easy_r_s_a_config` already exists, skip
[ORM]2024/08/05 02:40:57  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `login`, `is_admin`, `name`, `email`, `password`, `lastlogintime`, `created`, `updated` FROM `user` WHERE `name` = ? ] - `Administrator`
2024/08/05 02:40:57.638 [D] [models.go:66]  {1 admin true Administrator stillmen.spam@gmail.com $s2$16384$8$1$vUIh9HeqPdY7RrbRvvYhppHI$WcRje+MWyERhkxdNgKyiOgAD5ZPzmR6GZbBTmzH7wak=  2024-08-05 02:33:17.011114866 +0000 UTC 2024-08-02 09:57:37.678404228 +0000 UTC 2024-08-05 02:33:17.011131499 +0000 UTC}
[ORM]2024/08/05 02:40:57  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `profile`, `m_i_address`, `m_i_network`, `o_v_config_path`, `easy_r_s_a_path`, `created`, `updated` FROM `settings` WHERE `profile` = ? ] - `default`
2024/08/05 02:40:57.638 [D] [models.go:106]  {1 default openvpn:2080 tcp /etc/openvpn /usr/share/easy-rsa 2024-08-02 09:57:37.680032582 +0000 UTC 2024-08-02 09:57:37.680034696 +0000 UTC}
[ORM]2024/08/05 02:40:57  -[Queries/default] - [  OK / db.QueryRow /     0.1ms] - [SELECT `id`, `profile`, `func_mode`, `management`, `script_security`, `user_pass_verify`, `device`, `port`, `proto`, `o_v_config_topology`, `keepalive`, `max_clients`, `o_v_config_user`, `o_v_config_group`, `o_v_config_client_config_dir`, `ifconfig_pool_persist`, `ca`, `cert`, `key`, `crl`, `dh`, `t_l_s_control_channel`, `t_l_s_min_version`, `t_l_s_remote_cert`, `cipher`, `o_v_config_ncp_ciphers`, `auth`, `server`, `route`, `push_route`, `d_n_s_server1`, `d_n_s_server2`, `redirect_g_w`, `o_v_config_logfile`, `o_v_config_log_verbose`, `o_v_config_status_log`, `o_v_config_status_log_version`, `custom_opt_one`, `custom_opt_two`, `custom_opt_three` FROM `o_v_config` WHERE `profile` = ? ] - `default`
2024/08/05 02:40:57.639 [D] [models.go:163]  {1 default {0 openvpn:2080 tcp   tun 1194 udp subnet 10 120 100 nobody nogroup /etc/openvpn/staticclients pki/ipp.txt pki/ca.crt pki/issued/server.crt pki/private/server.key pki/crl.pem pki/dh.pem tls-crypt pki/ta.key tls-version-min 1.2 remote-cert-tls client AES-256-GCM AES-256-GCM:AES-192-GCM:AES-128-GCM SHA512 server 10.0.70.0 255.255.255.0 route 10.0.71.0 255.255.255.0 push "route 10.0.60.0 255.255.255.0" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 1.0.0.1" push "redirect-gateway def1 bypass-dhcp" /var/log/openvpn/openvpn.log 3 /var/log/openvpn/openvpn-status.log 2 # Custom Option One # Custom Option Two
# client-to-client # Custom Option Three
# push "route 0.0.0.0 255.255.255.255 net_gateway"
# push block-outside-dns}}
[ORM]2024/08/05 02:40:57  -[Queries/default] - [  OK / db.QueryRow /     0.1ms] - [SELECT `id`, `profile`, `func_mode`, `device`, `server_address`, `port`, `resolve_retry`, `o_v_client_user`, `o_v_client_group`, `persist_tun`, `persist_key`, `remote_cert_t_l_s`, `open_vpn_server_port`, `proto`, `ca`, `cert`, `key`, `ta`, `cipher`, `redirect_gateway`, `auth`, `auth_no_cache`, `tls_client`, `verbose`, `auth_user_pass`, `t_f_a_issuer`, `custom_conf_one`, `custom_conf_two`, `custom_conf_three` FROM `o_v_client_config` WHERE `profile` = ? ] - `default`
2024/08/05 02:40:57.639 [D] [models.go:210]  {1 default {0 tun 203.153.218.116 1194 resolv-retry infinite nobody nogroup persist-tun persist-key remote-cert-tls server 1194 udp     AES-256-GCM redirect-gateway def1 SHA512 auth-nocache tls-client 3   MFA%20OpenVPN-UI #Custom Option One #Custom Option Two #Custom Option Three}}
[ORM]2024/08/05 02:40:57  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `profile`, `easy_r_s_a_d_n`, `easy_r_s_a_req_country`, `easy_r_s_a_req_province`, `easy_r_s_a_req_city`, `easy_r_s_a_req_org`, `easy_r_s_a_req_email`, `easy_r_s_a_req_ou`, `easy_r_s_a_req_cn`, `easy_r_s_a_key_size`, `easy_r_s_a_ca_expire`, `easy_r_s_a_cert_expire`, `easy_r_s_a_cert_renew`, `easy_r_s_a_crl_days` FROM `easy_r_s_a_config` WHERE `profile` = ? ] - `default`
2024/08/05 02:40:57.639 [D] [models.go:247]  {1 default {org ID JV CGK Soleilnet wo.cliente.trial@gmail.com Soleilnet server 2048 3650 825 30 180}}
2024/08/05 02:40:57.651 [I] [server.go:280]  http server Running on http://:8080
sudo iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker5 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker5 -j DOCKER
-A FORWARD -i docker5 ! -o docker5 -j ACCEPT
-A FORWARD -i docker5 -o docker5 -j ACCEPT
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-e0244f125541 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-e0244f125541 -j DOCKER
-A FORWARD -i br-e0244f125541 ! -o br-e0244f125541 -j ACCEPT
-A FORWARD -i br-e0244f125541 -o br-e0244f125541 -j ACCEPT
-A FORWARD -o br-b978c9802c20 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-b978c9802c20 -j DOCKER
-A FORWARD -i br-b978c9802c20 ! -o br-b978c9802c20 -j ACCEPT
-A FORWARD -i br-b978c9802c20 -o br-b978c9802c20 -j ACCEPT
-A FORWARD -o br-857b50e67365 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-857b50e67365 -j DOCKER
-A FORWARD -i br-857b50e67365 ! -o br-857b50e67365 -j ACCEPT
-A FORWARD -i br-857b50e67365 -o br-857b50e67365 -j ACCEPT
-A FORWARD -o br-39a9ba9640f4 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-39a9ba9640f4 -j DOCKER
-A FORWARD -i br-39a9ba9640f4 ! -o br-39a9ba9640f4 -j ACCEPT
-A FORWARD -i br-39a9ba9640f4 -o br-39a9ba9640f4 -j ACCEPT
-A FORWARD -o br-0e887898a046 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-0e887898a046 -j DOCKER
-A FORWARD -i br-0e887898a046 ! -o br-0e887898a046 -j ACCEPT
-A FORWARD -i br-0e887898a046 -o br-0e887898a046 -j ACCEPT
-A FORWARD -o br-e18c25b3f6cc -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-e18c25b3f6cc -j DOCKER
-A FORWARD -i br-e18c25b3f6cc ! -o br-e18c25b3f6cc -j ACCEPT
-A FORWARD -i br-e18c25b3f6cc -o br-e18c25b3f6cc -j ACCEPT
-A DOCKER -d 172.22.0.2/32 ! -i br-857b50e67365 -o br-857b50e67365 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker5 ! -o docker5 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker5 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
D1skord commented 1 month ago

Have the same issue

iamwildtuna commented 1 month ago

Doesn't work with UDP, everything works on TCP