Closed linzp007 closed 12 months ago
d3vilh
commented
1 year ago Hi @linzp007 thanks for reporting. Could you tell me which docker image do you use for OpenVPN-UI and OpenVPN setup?
Meanwhile I'll try to reproduce it with latest builds for intel and arm.
d3vilh
commented
1 year ago I just rebuild and push amd64 image with all the latest fixes included. It belongs to tags: 0.2 and latest.
linzp007
commented
1 year ago I tried again with your latest version with amd64 image ,
just motified the username, password in the compose yml
but I got still the same error.
d3vilh
commented
1 year ago I just test it on AWS instance with openvpn-aws setup and the same container image and all works fine. You can use this setup on any x86 computer, not necessary AWS.
Following by your log file:
./easyrsa: 341: set: Illegal option -o echo this can be ignored
openvpn | Bad argument 'ovpn_trusted_subnet' it does mean you did not pass ovpn_trusted_subnet var with trusted subnets, so your iptables setup was not complete.
this is how log file for the setup with ssl1.1.1 should looks like:
./easyrsa: 341: set: Illegal option -o echo
Generate HMAC signature...
Create certificate revocation list (CRL)...
Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018
Using configuration from /opt/app/easy-rsa/pki/easy-rsa-158.3daFcl/tmp.jlSGtP
./easyrsa: 341: set: Illegal option -o echo
Configuring networking rules...
net.ipv4.ip_forward = 1
Configuring iptables...
NAT for OpenVPN clients
Blocking ICMP for external clients
Blocking internal home subnet to access from external openvpn clients (Internet still available)
IPT MASQ Chains:
MASQUERADE all -- ip-10-0-70-0.ec2.internal/24 anywhere
MASQUERADE all -- ip-10-0-71-0.ec2.internal/24 anywhere
IPT FWD Chains:
0 0 DROP icmp -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 8
0 0 DROP icmp -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 0
0 0 DROP all -- * * 10.0.71.0/24 192.168.88.0/24
Start openvpn process...try to verify the env vars you pass to container and seems it should work fine.
d3vilh
commented
12 months ago OK, seems it was fixed, so Im closing it.
thanks for your awesome job,
but when i download Clients certificates, I got this error reponse:
`This site can’t be reached
The webpage at http://127.0.0.1:8080/certificates/test might be temporarily down or it may have moved permanently to a new web address. ERR_INVALID_RESPONSE`
Some error message could be found backend:
./easyrsa: 341: set: Illegal option -o echo openvpn | Generate HMAC signature... openvpn | Create certificate revocation list (CRL)... openvpn | Using SSL: openssl OpenSSL 1.1.1 11 Sep 2018 openvpn | Using configuration from /opt/app/easy-rsa/pki/easy-rsa-160.sH7Gw1/tmp.EdSeKW openvpn | ./easyrsa: 341: set: Illegal option -o echo openvpn | Configuring networking rules... openvpn | net.ipv4.ip_forward = 1 openvpn | Configuring iptables... openvpn | NAT for OpenVPN clients openvpn | Bad argument 'ovpn_trusted_subnet' openvpn | Try 'iptables -h' or 'iptables --help' for more information.
Look forward to your answser..