search

d3vilh / openvpn-ui

Web User Interface for OpenVPN
MIT License
169 stars 39 forks source link

Container restarting and I can't connect to UI of openvp-ui #82

Open Koudoussou opened 1 month ago

Koudoussou commented 1 month ago

After deploying the docker containers for openvpn-server and openvpn-ui, the containers are a status restarting.

docker logs -f openvpn

Notice

'init-pki' complete; you may now create a CA or requests.

Your newly created PKI dir is:

Using Easy-RSA configuration:

EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn Setting up public key infrastructure...

Also I can't connect to openvpn-ui

docker logs -f openvpn-ui

Init. OVPN path: /etc/openvpn Starting OpenVPN UI! Config file: conf/app.conf table user already exists, skip table settings already exists, skip table o_v_config already exists, skip table o_v_client_config already exists, skip table easy_r_s_a_config already exists, skip [ORM]2024/05/29 13:50:35 -[Queries/default] - [ OK / db.QueryRow / 0.0ms] - [SELECT id, login, is_admin, name, email, password, lastlogintime, created, updated FROM user WHERE name = ? ] - Administrator 2024/05/29 13:50:35.556 [D] [models.go:66] {1 true Administrator root@localhost $s2$16384$8$1$K7jKDSNqzVv23wDF9mAboziv$sXkbaZJERFdKMr7oIK8hW5U4B5xaHddm0Au+z/fpcfw= 0001-01-01 00:00:00 +0000 UTC 2024-05-29 11:32:12.49214737 +0000 UTC 2024-05-29 11:32:12.492148552 +0000 UTC} [ORM]2024/05/29 13:50:35 -[Queries/default] - [ OK / db.QueryRow / 0.0ms] - [SELECT id, profile, m_i_address, m_i_network, o_v_config_path, easy_r_s_a_path, created, updated FROM settings WHERE profile = ? ] - default 2024/05/29 13:50:35.556 [D] [models.go:106] {1 default openvpn:2080 tcp /etc/openvpn /usr/share/easy-rsa 2024-05-29 11:32:12.49317661 +0000 UTC 2024-05-29 11:32:12.493177311 +0000 UTC} [ORM]2024/05/29 13:50:35 -[Queries/default

Thank you to help me.

d3vilh commented 4 weeks ago

Hi @Koudoussou, Your logs output end on Setting up public key infra... means OpenVPN server starting first time and need some time to generate everything:

EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn
Setting up public key infrastructure...

Just be patient and it will create all the infrastructure.

OpenVPN-UI logs also fine.

d3vilh commented 1 week ago

Hi @Koudoussou how is it going? Could we close this one?

Koudoussou commented 1 week ago

Hi @d3vilh Still same output. Container are still restarting.

d3vilh commented 1 week ago

Still same output. Container are still restarting.

Could you share the docker logs openvpn and docker logs openvpn-ui

Openvpn server logs should give us understanding why it is restarting. Your docker-compose.yml content would help as well.

Koudoussou commented 1 week ago

$docker logs openvpn

EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn
Setting up public key infrastructure...

Notice
------
'init-pki' complete; you may now create a CA or requests.

Your newly created PKI dir is:
* /usr/share/easy-rsa/pki

Using Easy-RSA configuration:
* undefined

cp: can't stat '/etc/openvpn/config/easy-rsa.vars': No such file or directory
EasyRSA path: /usr/share/easy-rsa OVPN path: /etc/openvpn
Setting up public key infrastructure...

===================== $ docker logs openvpn-ui

Init. OVPN path: /etc/openvpn
Starting OpenVPN UI!
Config file: conf/app.conf
table `user` already exists, skip
table `settings` already exists, skip
table `o_v_config` already exists, skip
table `o_v_client_config` already exists, skip
table `easy_r_s_a_config` already exists, skip
[ORM]2024/06/24 11:52:52  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `login`, `is_admin`, `name`, `email`, `password`, `lastlogintime`, `created`, `updated` FROM `user` WHERE `name` = ? ] - `Administrator`
2024/06/24 11:52:52.087 [D] [models.go:66]  {1  true Administrator root@localhost $s2$16384$8$1$K7jKDSNqzVv23wDF9mAboziv$sXkbaZJERFdKMr7oIK8hW5U4B5xaHddm0Au+z/fpcfw=  0001-01-01 00:00:00 +0000 UTC 2024-05-29 11:32:12.49214737 +0000 UTC 2024-05-29 11:32:12.492148552 +0000 UTC}
[ORM]2024/06/24 11:52:52  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `profile`, `m_i_address`, `m_i_network`, `o_v_config_path`, `easy_r_s_a_path`, `created`, `updated` FROM `settings` WHERE `profile` = ? ] - `default`
2024/06/24 11:52:52.088 [D] [models.go:106]  {1 default openvpn:2080 tcp /etc/openvpn /usr/share/easy-rsa 2024-05-29 11:32:12.49317661 +0000 UTC 2024-05-29 11:32:12.493177311 +0000 UTC}
[ORM]2024/06/24 11:52:52  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `profile`, `func_mode`, `management`, `script_security`, `user_pass_verify`, `device`, `port`, `proto`, `o_v_config_topology`, `keepalive`, `max_clients`, `o_v_config_user`, `o_v_config_group`, `o_v_config_client_config_dir`, `ifconfig_pool_persist`, `ca`, `cert`, `key`, `crl`, `dh`, `t_l_s_control_channel`, `t_l_s_min_version`, `t_l_s_remote_cert`, `cipher`, `o_v_config_ncp_ciphers`, `auth`, `server`, `route`, `push_route`, `d_n_s_server1`, `d_n_s_server2`, `redirect_g_w`, `o_v_config_logfile`, `o_v_config_log_verbose`, `o_v_config_status_log`, `o_v_config_status_log_version`, `custom_opt_one`, `custom_opt_two`, `custom_opt_three` FROM `o_v_config` WHERE `profile` = ? ] - `default`
2024/06/24 11:52:52.088 [D] [models.go:163]  {1 default {0 openvpn:2080 tcp   tun 1194 udp subnet 10 120 100 nobody nogroup /etc/openvpn/staticclients pki/ipp.txt pki/ca.crt pki/issued/server.crt pki/private/server.key pki/crl.pem pki/dh.pem tls-crypt pki/ta.key tls-version-min 1.2 remote-cert-tls client AES-256-GCM AES-256-GCM:AES-192-GCM:AES-128-GCM SHA512 server 10.0.70.0 255.255.255.0 route 10.0.71.0 255.255.255.0 push "route 10.0.60.0 255.255.255.0" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 1.0.0.1" push "redirect-gateway def1 bypass-dhcp" /var/log/openvpn/openvpn.log 3 /var/log/openvpn/openvpn-status.log 2 # Custom Option One # Custom Option Two
# client-to-client # Custom Option Three
# push "route 0.0.0.0 255.255.255.255 net_gateway"
# push block-outside-dns}}
[ORM]2024/06/24 11:52:52  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `profile`, `func_mode`, `device`, `server_address`, `port`, `resolve_retry`, `o_v_client_user`, `o_v_client_group`, `persist_tun`, `persist_key`, `remote_cert_t_l_s`, `open_vpn_server_port`, `proto`, `ca`, `cert`, `key`, `ta`, `cipher`, `redirect_gateway`, `auth`, `auth_no_cache`, `tls_client`, `verbose`, `auth_user_pass`, `t_f_a_issuer`, `custom_conf_one`, `custom_conf_two`, `custom_conf_three` FROM `o_v_client_config` WHERE `profile` = ? ] - `default`
2024/06/24 11:52:52.088 [D] [models.go:210]  {1 default {0 tun 127.0.0.1 1194 resolv-retry infinite nobody nogroup persist-tun persist-key remote-cert-tls server 1194 udp     AES-256-GCM redirect-gateway def1 SHA512 auth-nocache tls-client 3  MFA%20OpenVPN-UI #Custom Option One #Custom Option Two #Custom Option Three}}
[ORM]2024/06/24 11:52:52  -[Queries/default] - [  OK / db.QueryRow /     0.0ms] - [SELECT `id`, `profile`, `easy_r_s_a_d_n`, `easy_r_s_a_req_country`, `easy_r_s_a_req_province`, `easy_r_s_a_req_city`, `easy_r_s_a_req_org`, `easy_r_s_a_req_email`, `easy_r_s_a_req_ou`, `easy_r_s_a_req_cn`, `easy_r_s_a_key_size`, `easy_r_s_a_ca_expire`, `easy_r_s_a_cert_expire`, `easy_r_s_a_cert_renew`, `easy_r_s_a_crl_days` FROM `easy_r_s_a_config` WHERE `profile` = ? ] - `default`
2024/06/24 11:52:52.088 [D] [models.go:247]  {1 default {org UA KY Kyiv SweetHome sweet@home.net MyOrganizationalUnit server 2048 3650 825 30 180}}
2024/06/24 11:52:52.097 [I] [server.go:280]  http server Running on http://:8080

Kindly find my docker-compose.txt

So when I try to log on the web page, getting error with the credential which I put in docker-compile.

d3vilh commented 1 week ago

It can't find /etc/openvpn/config/easy-rsa.vars file, which is here by default.:

cp: can't stat '/etc/openvpn/config/easy-rsa.vars': No such file or directory

We have to be sure that file is there by the volume path:

papa@hiphop:~/build/openvpn-server $ ls -l ./config/easy-rsa.vars
-rwxr-xr-x 1 papa papa 488 Jun  6 19:49 ./config/easy-rsa.vars
papa@hiphop:~/build/openvpn-server $

With correct local permissions: chmod 644 ./config/easy-rsa.vars And listed inside the container:

papa@hiphop:~/build/openvpn-server $ docker exec -it openvpn /bin/bash -c "ls -l /etc/openvpn/config"
total 12
-rwxr-xr-x    1 1000     1000           467 Jun  6 16:49 client.conf
-rwxr-xr-x    1 1000     1000           488 Jun  6 16:49 easy-rsa.vars
-rwxr-xr-x    1 1000     1000          1062 Jun  6 16:49 old-server.conf
papa@hiphop:~/build/openvpn-server $

Here is the tree container expects to run (./pki will be created during the init).

What do you store in this volume:

    volumes:
      - ./openvpn-data/conf:/etc/openvpn
Koudoussou commented 1 week ago

Ok I will follow your step and get back to you. Thank you for your support.

Koudoussou commented 1 week ago

Screenshot from 2024-06-24 17-02-18 Thank your support. It work now. however, I would to implement to VPN server in failover, how can support me to do it. May be a good documentation to implement (Load balancing). The client will use the same profile (when one server will be down the second will be used as main server so the clients can continue to use their same profile. no need to have more profile.

Thank you again