d3vilh
commented
11 months ago Hi @philcave, Happy New Year 🥳
Thank you for the reporting. I rebuild openvpn-server container and pushed all the last fixes in version. 0.4.1, now it should run fine from the DockerHub images.
However, if you would like to build it yourself, you can clone openvpn-server repo, build image by running the
./build-image.sh and then run it from the main openvpn-server directory with
docker-compose up -d, use the docker-compose-openvpnui.yml it includes latest OpenVPN-UI image as well.
You can skip build and just run Docker compose, in this case it will pull latest 0.4.1 server and latest 0.9.4 UI images from DockerHub.
Raspberry-Gateway and openvpn-aws also good option.
philcave
Hi,
I've been installing with the Docker-Compose.yml file that includes the combined images for the openvpn-server and the openvpn-ui. My goal is to use the 2FA authenticator for security (with no passwords) using a single docker-compose.yml.
I've come across a number of issues, I've managed to fix manually but not sure where/if they need addressing in the the openvpn-server and or openvpn-ui. I'll document them here, and show you my workarounds.
1) When running the container the first time it complaines the "easy-rsa.vars" files is mssing. The logging directs you to a fix, I believe this issue has been raised. I'm not sure this is a problem, as gives you the oppourtinuity to enter your server cert details correctly. Mentioned for completeness
2) When running the container for the first time its creates a directory in the root file system called "fw-rules.sh". I believe this is suppose to be a file. I believe this is caused because when "docker" attempts to map to the internal "fw-rules.sh" because its doesnt exist internally it creates a "directory" in the exposed volume part. It may be better to have an "empty" "fw-rules.sh" in the docker image. When it creates a directory the docker-entrypoint.sh" fails an the server fails to start. To solve this issues the directory requires removing and a file put in its place (blank).
3) OpenVPn Server/GUI started sucessfully. I then proceeded to switch to 2FA authenticated and configured a single user. After a restart the server failed to "restart". Looking at the logs in was complaining about a missing file: "opt/app/bin/oath.sh" configured in the server conf. Intially I though this configuration wasnt not required and removed from "server.conf", as the 2FA documentation does not show what these values should be, the image is truncated. When connecting a client the 2FA prompt came up and I was authenticated onto the server, however after a little bit of testing reliased that "No Authenticatation was taking place and this file was required".
As a workaround I copied this file from the openvpnserver:repo /assets/oath.sh. For convience I placed it in my "/config/oath.sh" directory and mapped this to the server.conf to this location. On my next login attempt the authenticated "failed" again this was due "oathtool" is not found. To resolve this issue I opened a shell into my docker vpn server console and ran the following command : "apk update && apk add --update-cache \ bash \ easy-rsa \ curl \ jq \ oath-toolkit-oathtool " taken from the "DockerFile", once ran this seems to add the oathtool to the path.
After restarting the server I've managed to correctly logon with 2FA, which correctly authenticates the server.
On checking the openvpn-server repo, I can see in the docker build that the "oath.sh" is not copied, but it does appears to install oathtool. I'm not sure if my issues at 3) were caused by the early issue at 1) 2) not completing the start script fully possible?
Hope this is useful. Thanks for the great work,
Phil.