search

linuxserver-archive / docker-openvpn-as

DEPRECATED
GNU General Public License v3.0
232 stars 92 forks source link

Digital Ocean Docker Droplet: Could not execute server start #77

Closed wovalle closed 5 years ago

wovalle commented 5 years ago

Hello!

I'm trying to run this image in a Digital Ocean Docker Droplet but I keep having the error: Could not execute server start when running docker start:

Yes, I've tried all the solutions in every similar issue:

50: I'm already exposing port 943

66: Not trying to configure anything via CLI, just want to start the container.

48: Not using MacOS

23: Not using ssl, just want to start the service

I'm using the command provided by the README:

docker create \
  --name=vpn \
  --cap-add=NET_ADMIN \
  -e PUID=0 \ #Using root 
  -e PGID=0 \ #Using root 
  -e TZ=Europe/Stockholm \
  -e INTERFACE=eth0 \
  -p 943:943 \
  -p 9443:9443 \
  -p 1194:1194/udp \
  -v $PWD/openvpn:/config \ #I'm deleting this folder every single time I do a docker start 
  --restart unless-stopped \
  linuxserver/openvpn-as

Then I do a simple docker start: docker start vpn, but I always get the exact same error. I tried many variations: adding --privileged, --net=host, creating a sudoer user and using that id to run docker create, same results.

Linux Version: Linux general-purpose-docker 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux Docker version: Docker version 18.09.2, build 6247962 Image version: latest (6 days ago), 244b9a8c51a6

Just to test if it was another problem, I could start kylemanna docker image and could correctly connect to the instance.

Anything I'm doing wrong?

EDIT:

I noticed that I have a couple of errors inside config_folder/log/openvpn.logs: 2019-04-17T17:55:35+0200 [stdout#info] PROC SET ERROR on /proc/sys/net/ipv4/ip_forward: [Errno 30] Read-only file system: '/proc/sys/net/ipv4/ip_forward': net/net:41,util/simplefile:11 (exceptions.IOError) 2019-04-17T17:55:35+0200 [stdout#info] PROC SET /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal : 0 -> 1 2019-04-17T17:55:35+0200 [stdout#info] PROC SET ERROR on /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal: [Errno 30] Read-only file system: '/proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal': net/net:41,util/simplefile:11 (exceptions.IOError) 2019-04-17T17:55:37+0200 [stdout#info] OpenVPNDataDir: using shared dir: '/run/openvpn_as/memstats'

It seems a folder permission problem. I made sure that the volume mounted (-v command) is a folder owned by the same PUID & PGID passed as a env var.

Docker logs! [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 0 User gid: 0 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 20-time: executing... Current default time zone: 'Europe/Stockholm' Local time is now: Wed Apr 17 17:29:23 CEST 2019. Universal Time is now: Wed Apr 17 15:29:23 UTC 2019. [cont-init.d] 20-time: exited 0. [cont-init.d] 30-config: executing... installing openvpn-as for the first time Selecting previously unselected package openvpn-as. (Reading database ... 11947 files and directories currently installed.) Preparing to unpack /openvpn/openvpn.deb ... Unpacking openvpn-as (2.7.3-05bc07c0-Ubuntu16) ... Setting up openvpn-as (2.7.3-05bc07c0-Ubuntu16) ... Automatic configuration failed, see /usr/local/openvpn_as/init.log You can configure manually using the /usr/local/openvpn_as/bin/ovpn-init tool. Beginning with OpenVPN AS 2.6.0 compression is disabled by default and on upgrades as security patch. [cont-init.d] 30-config: exited 0. [cont-init.d] 40-openvpn-init: executing... Detected an existing OpenVPN-AS configuration. Continuing will delete this configuration and restart from scratch. Please enter 'DELETE' to delete existing configuration: OpenVPN Access Server Initial Configuration Tool ------------------------------------------------------ OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA) 1. Copyright Notice: OpenVPN Access Server License; Copyright (c) 2009-2019 OpenVPN Inc. All rights reserved. "OpenVPN" is a trademark of OpenVPN Inc. 2. Redistribution of OpenVPN Access Server binary forms and related documents, are permitted provided that redistributions of OpenVPN Access Server binary forms and related documents reproduce the above copyright notice as well as a complete copy of this EULA. 3. You agree not to reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of this software, or create derivative works from this software. 4. The OpenVPN Access Server is bundled with other open source software components, some of which fall under different licenses. By using OpenVPN or any of the bundled components, you agree to be bound by the conditions of the license for each respective component. For more information, you can find our complete EULA (End-User License Agreement) on our website (http://openvpn.net), and a copy of the EULA is also distributed with the Access Server in the file /usr/local/openvpn_as/license.txt. 5. This software is provided "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall OpenVPN Inc. be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. 6. OpenVPN Inc. is the sole distributor of OpenVPN Access Server licenses. This agreement and licenses granted by it may not be assigned, sublicensed, or otherwise transferred by licensee without prior written consent of OpenVPN Inc. Any licenses violating this provision will be subject to revocation and deactivation, and will not be eligible for refunds. 7. A purchased license entitles you to use this software for the duration of time denoted on your license key on any one (1) particular device, up to the concurrent user limit specified by your license. Multiple license keys may be activated to achieve a desired concurrency limit on this given device. Unless otherwise prearranged with OpenVPN Inc., concurrency counts on license keys are not to be divided for use amongst multiple devices. Upon activation of the first purchased license key in this software, you agree to forego any free licenses or keys that were given to you for demonstration purposes, and as such, the free licenses will not appear after the activation of a purchased key. You are responsible for the timely activation of these licenses on your desired server of choice. Refunds on purchased license keys are only possible within 30 days of purchase of license key, and then only if the license key has not already been activated on a system. To request a refund, contact us through our support ticket system using the account you have used to purchase the license key. Exceptions to this policy may be given for machines under failover mode, and when the feature is used as directed in the OpenVPN Access Server user manual. In these circumstances, a user is granted one (1) license key (per original license key) for use solely on failover purposes free of charge. Other failover and/or load balancing use cases will not be eligible for this exception, and a separate license key would have to be acquired to satisfy the licensing requirements. To request a license exception, please file a support ticket in the OpenVPN Access Server ticketing system. A staff member will be responsible for determining exception eligibility, and we reserve the right to decline any requests not meeting our eligibility criteria, or requests which we believe may be fraudulent in nature. 8. Activating a license key ties it to the specific hardware/software combination that it was activated on, and activated license keys are nontransferable. Substantial software and/or hardware changes may invalidate an activated license. In case of substantial software and/or hardware changes, caused by for example, but not limited to failure and subsequent repair or alterations of (virtualized) hardware/software, our software product will automatically attempt to contact our online licensing systems to renegotiate the licensing state. On any given license key, you are limited to three (3) automatic renegotiations within the license key lifetime. After these renegotiations are exhausted, the license key is considered invalid, and the activation state will be locked to the last valid system configuration it was activated on. OpenVPN Inc.reserves the right to grant exceptions to this policy for license holders under extenuating circumstances, and such exceptions can be requested through a ticket via the OpenVPN Access Server ticketing system. 9. Once an activated license key expires or becomes invalid, the concurrency limit on our software product will decrease by the amount of concurrent connections previously granted by the license key. If all of your purchased license key(s) have expired, the product will revert to demonstration mode, which allows a maximum of two (2) concurrent users to be connected to your server. Prior to your license expiration date(s), OpenVPN Inc. will attempt to remind you to renew your license(s) by sending periodic email messages to the licensee email address on record. You are solely responsible for the timely renewal of your license key(s) prior to their expiration if continued operation is expected after the license expiration date(s). OpenVPN Inc. will not be responsible for any misdirected and/or undeliverable email messages, nor does it have an obligation to contact you regarding your expiring license keys. 10. Any valid license key holder is entitled to use our ticketing system for support questions or issues specifically related to the OpenVPN Access Server product. To file a ticket, go to our website at http://openvpn.net/ and sign in using the account that was registered and used to purchase the license key(s). You can then access the support ticket system through our website and submit a support ticket. Tickets filed in the ticketing system are answered on a best-effort basis. OpenVPN Inc. staff reserve the right to limit responses to users of our demo / expired licenses, as well as requests that substantively deviate from the OpenVPN Access Server product line. Tickets related to the open source version of OpenVPN will not be handled here. 11. Purchasing a license key does not entitle you to any special rights or privileges, except the ones explicitly outlined in this user agreement. Unless otherwise arranged prior to your purchase with OpenVPN, Inc., software maintenance costs and terms are subject to change after your initial purchase without notice. In case of price decreases or special promotions, OpenVPN Inc. will not retrospectively apply credits or price adjustments toward any licenses that have already been issued. Furthermore, no discounts will be given for license maintenance renewals unless this is specified in your contract with OpenVPN Inc. Please enter 'yes' to indicate your agreement [no]: Once you provide a few initial configuration settings, OpenVPN Access Server can be configured by accessing its Admin Web UI using your Web browser. Will this be the primary Access Server node? (enter 'no' to configure as a backup or standby node) > Press ENTER for default [yes]: Please specify the network interface and IP address to be used by the Admin Web UI: (1) all interfaces: 0.0.0.0 (2) eth0: 172.17.0.5 Please enter the option number from the list above (1-2). > Press Enter for default [1]: Please specify the port number for the Admin Web UI. > Press ENTER for default [943]: Please specify the TCP port number for the OpenVPN Daemon > Press ENTER for default [443]: Should client traffic be routed by default through the VPN? > Press ENTER for default [yes]: Should client DNS traffic be routed by default through the VPN? > Press ENTER for default [yes]: Use local authentication via internal DB? > Press ENTER for default [yes]: Private subnets detected: ['172.17.0.0/16'] Should private subnets be accessible to clients by default? > Press ENTER for default [yes]: To initially login to the Admin Web UI, you must use a username and password that successfully authenticates you with the host UNIX system (you can later modify the settings so that RADIUS or LDAP is used for authentication instead). You can login to the Admin Web UI as "openvpn" or specify a different user account to use for this purpose. Do you wish to login to the Admin UI as "openvpn"? > Press ENTER for default [yes]: > Specify the username for an existing user or for the new user account: Note: This user already exists. > Please specify your OpenVPN-AS license key (or leave blank to specify later): Initializing OpenVPN... Removing Cluster Admin user login... userdel "admin_c" Adding new user login... useradd -s /sbin/nologin "admin" Writing as configuration file... Perform sa init... Wiping any previous userdb... Creating default profile... Modifying default profile... Adding new user to userdb... Modifying new user as superuser in userdb... Getting hostname... Hostname: 1242136b5e72 Preparing web certificates... Getting web user account... Adding web group account... Adding web group... Adjusting license directory ownership... Initializing confdb... Generating init scripts... Generating PAM config... Generating init scripts auto command... Starting openvpnas... Error: Could not execute server start. [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... MOD Default {'admin_ui.https.ip_address': None} {'admin_ui.https.ip_address': 'eth0'} MOD Default {'cs.https.ip_address': None} {'cs.https.ip_address': 'eth0'} MOD Default {'vpn.daemon.0.listen.ip_address': None} {'vpn.daemon.0.listen.ip_address': 'eth0'} MOD Default {'vpn.daemon.0.server.ip_address': None} {'vpn.daemon.0.server.ip_address': 'eth0'} [cont-init.d] 50-interface: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
config/log/openvpn.log

2019-04-17T17:55:32+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 17.9.0 (/usr/local/openvpn_as/bin/python 2.7.11) starting up. 2019-04-17T17:55:32+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor. 2019-04-17T17:55:32+0200 [stdout#info] *** Insecure settings found. Permissions for /config/etc/as.conf were set to 0644. Resetting Permissions to 0600 *** 2019-04-17T17:55:32+0200 [stdout#info] rmdir /usr/local/openvpn_as/etc/db_push 2019-04-17T17:55:32+0200 [stdout#info] ACCESS SERVER starting, version=2.7.3, build=05bc07c0 2019-04-17T17:55:32+0200 [stdout#info] Max open files set to (4096, 4096) 2019-04-17T17:55:32+0200 [-] /etc/resolv.conf changed, reparsing 2019-04-17T17:55:32+0200 [-] Resolver added ('', 53) to server list 2019-04-17T17:55:32+0200 [-] Resolver added ('', 53) to server list 2019-04-17T17:55:33+0200 [stdout#info] DBModTracker.register config /config/etc/db/config.db 2019-04-17T17:55:33+0200 [stdout#info] DBModTracker.register config_local /config/etc/db/config_local.db 2019-04-17T17:55:33+0200 [stdout#info] DBModTracker.register user_prop /config/etc/db/userprop.db 2019-04-17T17:55:33+0200 [stdout#info] DBModTracker.register certs /config/etc/db/certs.db 2019-04-17T17:55:33+0200 [pyovpn.http.httpcli.MyHTTPClientFactory#info] Starting factory 2019-04-17T17:55:33+0200 [pyovpn.http.httpcli.MyHTTPClientFactory#info] Starting factory 2019-04-17T17:55:33+0200 [pyovpn.http.httpcli.MyHTTPClientFactory#info] Starting factory 2019-04-17T17:55:33+0200 [-] Site starting on '/openvpn/sock/sagent' 2019-04-17T17:55:33+0200 [twisted.web.server.Site#info] Starting factory 2019-04-17T17:55:33+0200 [-] Site starting on '/openvpn/sock/sagent.localroot' 2019-04-17T17:55:33+0200 [twisted.web.server.Site#info] Starting factory 2019-04-17T17:55:33+0200 [-] Site starting on '/openvpn/sock/sagent.api' 2019-04-17T17:55:33+0200 [twisted.web.server.Site#info] Starting factory 2019-04-17T17:55:33+0200 [stdout#info] OpenVPNDataDir: using shared dir: '/run/openvpn_as/tmp' 2019-04-17T17:55:33+0200 [stdout#info] OpenVPNDataDir: using shared dir: '/run/openvpn_as/dev' 2019-04-17T17:55:33+0200 [stdout#info] /bin/mknod -m 0666 /run/openvpn_as/dev/null c 1 3 2019-04-17T17:55:33+0200 [stdout#info] OpenVPNDataDir: using shared dir: '/run/openvpn_as/pso' 2019-04-17T17:55:33+0200 [stdout#info] /bin/mknod -m 0666 /run/openvpn_as/dev/random c 1 8 2019-04-17T17:55:33+0200 [pyovpn.http.httpcli.MyHTTPClientFactory#info] Stopping factory 2019-04-17T17:55:33+0200 [pyovpn.http.httpcli.MyHTTPClientFactory#info] Stopping factory 2019-04-17T17:55:33+0200 [pyovpn.http.httpcli.MyHTTPClientFactory#info] Stopping factory 2019-04-17T17:55:33+0200 [stdout#info] /bin/mknod -m 0444 /run/openvpn_as/dev/urandom c 1 9 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV admin+client+xmlrpc 0.0.0.0 943' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV admin+client 127.0.0.1 904' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV admin 127.0.0.1 905' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV client 127.0.0.1 906' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV xmlrpc 127.0.0.1 907' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV admin+client+xmlrpc 127.0.0.1 908' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: 'WSERV client+xmlrpc 127.0.0.1 909' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 17.9.0 (/usr/local/openvpn_as/bin/python 2.7.11) starting up.' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [stdout#info] OpenSSL web ciphersuites: DEFAULT:!EXP:!PSK:!SRP:!LOW:!RC4' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] MySiteBase (TLS) starting on 943' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [pyovpn.web.webbase.MySiteBase#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] MySiteBase (TLS) starting on 904' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [pyovpn.web.webbase.MySiteBase#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] MySiteBase (TLS) starting on 905' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [pyovpn.web.webbase.MySiteBase#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] MySiteBase (TLS) starting on 906' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [pyovpn.web.webbase.MySiteBase#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] Site (TLS) starting on 907' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [twisted.web.server.Site#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] MySiteBase (TLS) starting on 908' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [pyovpn.web.webbase.MySiteBase#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] MySiteBase (TLS) starting on 909' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [pyovpn.web.webbase.MySiteBase#info] Starting factory ' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [-] set uid/gid 1000/1000' 2019-04-17T17:55:35+0200 [stdout#info] [WEB] OUT: '2019-04-17T17:55:35+0200 [stdout#info] Web server running as UID 1000' 2019-04-17T17:55:35+0200 [stdout#info] PROC SET /proc/sys/net/ipv4/ip_forward : 1 -> 1 **2019-04-17T17:55:35+0200 [stdout#info] PROC SET ERROR on /proc/sys/net/ipv4/ip_forward: [Errno 30] Read-only file system: '/proc/sys/net/ipv4/ip_forward': net/net:41,util/simplefile:11 (exceptions.IOError) 2019-04-17T17:55:35+0200 [stdout#info] PROC SET /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal : 0 -> 1 2019-04-17T17:55:35+0200 [stdout#info] PROC SET ERROR on /proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal: [Errno 30] Read-only file system: '/proc/sys/net/netfilter/nf_conntrack_tcp_be_liberal': net/net:41,util/simplefile:11 (exceptions.IOError) 2019-04-17T17:55:37+0200 [stdout#info] OpenVPNDataDir: using shared dir: '/run/openvpn_as/memstats'** 2019-04-17T17:55:37+0200 [stdout#info] License Info {'apc': False, 'concurrent_connections': 2} 2019-04-17T17:55:37+0200 [-] OMIServerAuthFactory starting on '/openvpn/sock/omisock-tKwggYBF7gaI' 2019-04-17T17:55:37+0200 [pyovpn.omi.omiauth.OMIServerAuthFactory#info] Starting factory 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 DEPRECATED OPTION: --no-name-remapping, please update your configuration. This will be removed in OpenVPN 2.5.' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 OpenVPN 2.4.7as2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 26 2019' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: client_uid=0' 2019-04-17T17:55:37+0200 [-] (UNIX Port /openvpn/sock/omisock-tKwggYBF7gaI Closed) 2019-04-17T17:55:37+0200 [pyovpn.omi.omiauth.OMIServerAuthFactory#info] Stopping factory 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: Connected to management server at /openvpn/sock/omisock-tKwggYBF7gaI' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'state on'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'echo on'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'bytecount 300'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'env-filter 1'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'hold off'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'hold release'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 NOTE: --fast-io is disabled since we are not using UDP' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Initializing OpenSSL auto engine support' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Diffie-Hellman initialized with 2048 bit key' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 auth-token secret: Using 256 bit message hash 'SHA256' for HMAC authentication" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 TUN/TAP device as0t0 opened' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 TUN/TAP TX queue length set to 200' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: >STATE:1555516537,ASSIGN_IP,,172.27.224.1,,,,' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 /sbin/ifconfig as0t0 172.27.224.1 netmask 255.255.248.0 mtu 1500 broadcast 172.27.231.255' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Socket Buffers: R=[87380->87380] S=[16384->16384]' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Listening for incoming TCP connection on [AF_INET][undef]:9443' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Socket flags: TCP_NODELAY=1 succeeded' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 TCPv4_SERVER link local (bound): [AF_INET][undef]:9443' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 TCPv4_SERVER link remote: [AF_UNSPEC]' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: "Wed Apr 17 17:55:37 2019 chroot to '/run/openvpn_as' and cd to '/' succeeded" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 GID set to abc' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 UID set to abc' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 memstats data will be written to /memstats/memstat-APqLSqD3woyo.dat' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 MULTI: multi_init called, r=4096 v=4096' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 MULTI: TCP INIT maxclients=2048 maxevents=2052' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 Initialization Sequence Completed' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: >STATE:1555516537,CONNECTED,SUCCESS,172.27.224.1,,,,' 2019-04-17T17:55:37+0200 [stdout#info] License Info {'apc': False, 'concurrent_connections': 2} 2019-04-17T17:55:37+0200 [-] OMIServerAuthFactory starting on '/openvpn/sock/omisock-Z4IMHOQEcKLX' 2019-04-17T17:55:37+0200 [pyovpn.omi.omiauth.OMIServerAuthFactory#info] Starting factory 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 0] OUT: 'Wed Apr 17 17:55:37 2019 PORT SHARE PROXY: proxy starting' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 DEPRECATED OPTION: --no-name-remapping, please update your configuration. This will be removed in OpenVPN 2.5.' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 OpenVPN 2.4.7as2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 26 2019' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 library versions: OpenSSL 1.0.2q 20 Nov 2018, LZO 2.08' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: client_uid=0' 2019-04-17T17:55:37+0200 [-] (UNIX Port /openvpn/sock/omisock-Z4IMHOQEcKLX Closed) 2019-04-17T17:55:37+0200 [pyovpn.omi.omiauth.OMIServerAuthFactory#info] Stopping factory 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: Connected to management server at /openvpn/sock/omisock-Z4IMHOQEcKLX' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'state on'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'echo on'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'bytecount 300'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'env-filter 1'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'hold off'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 MANAGEMENT: CMD 'hold release'" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 Initializing OpenSSL auto engine support' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 Diffie-Hellman initialized with 2048 bit key' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 auth-token secret: Using 256 bit message hash 'SHA256' for HMAC authentication" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 TUN/TAP device as0t1 opened' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 TUN/TAP TX queue length set to 200' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: >STATE:1555516537,ASSIGN_IP,,172.27.232.1,,,,' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 /sbin/ifconfig as0t1 172.27.232.1 netmask 255.255.248.0 mtu 1500 broadcast 172.27.239.255' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 UDPv4 link local (bound): [AF_INET][undef]:1194' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 UDPv4 link remote: [AF_UNSPEC]' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: "Wed Apr 17 17:55:37 2019 chroot to '/run/openvpn_as' and cd to '/' succeeded" 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 GID set to abc' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 UID set to abc' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 memstats data will be written to /memstats/memstat-ex3iu6Evxywp.dat' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 MULTI: multi_init called, r=4096 v=4096' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 Initialization Sequence Completed' 2019-04-17T17:55:37+0200 [stdout#info] [OVPN 1] OUT: 'Wed Apr 17 17:55:37 2019 MANAGEMENT: >STATE:1555516537,CONNECTED,SUCCESS,172.27.232.1,,,,' 2019-04-17T17:55:37+0200 [stdout#info] Server Agent initialization status: 2019-04-17T17:55:37+0200 [stdout#info] { 2019-04-17T17:55:37+0200 [stdout#info] "errors": { 2019-04-17T17:55:37+0200 [stdout#info] "openvpn_0": [ 2019-04-17T17:55:37+0200 [stdout#info] [ 2019-04-17T17:55:37+0200 [stdout#info] "info", 2019-04-17T17:55:37+0200 [stdout#info] "process started successfully on 172.27.224.1" 2019-04-17T17:55:37+0200 [stdout#info] ] 2019-04-17T17:55:37+0200 [stdout#info] ], 2019-04-17T17:55:37+0200 [stdout#info] "openvpn_1": [ 2019-04-17T17:55:37+0200 [stdout#info] [ 2019-04-17T17:55:37+0200 [stdout#info] "info", 2019-04-17T17:55:37+0200 [stdout#info] "process started successfully on 172.27.232.1" 2019-04-17T17:55:37+0200 [stdout#info] ] 2019-04-17T17:55:37+0200 [stdout#info] ] 2019-04-17T17:55:37+0200 [stdout#info] }, 2019-04-17T17:55:37+0200 [stdout#info] "last_restarted": "Wed Apr 17 17:55:33 2019", 2019-04-17T17:55:37+0200 [stdout#info] "service_status": { 2019-04-17T17:55:37+0200 [stdout#info] "api": "started", 2019-04-17T17:55:37+0200 [stdout#info] "auth": "started", 2019-04-17T17:55:37+0200 [stdout#info] "bridge": "started", 2019-04-17T17:55:37+0200 [stdout#info] "client_query": "started", 2019-04-17T17:55:37+0200 [stdout#info] "crl": "started", 2019-04-17T17:55:37+0200 [stdout#info] "daemon_pre": "started", 2019-04-17T17:55:37+0200 [stdout#info] "db_push": "started", 2019-04-17T17:55:37+0200 [stdout#info] "ip6tables_live": "started", 2019-04-17T17:55:37+0200 [stdout#info] "ip6tables_openvpn": "started", 2019-04-17T17:55:37+0200 [stdout#info] "iptables_live": "started", 2019-04-17T17:55:37+0200 [stdout#info] "iptables_openvpn": "started", 2019-04-17T17:55:37+0200 [stdout#info] "iptables_web": "started", 2019-04-17T17:55:37+0200 [stdout#info] "license": "started", 2019-04-17T17:55:37+0200 [stdout#info] "log": "started", 2019-04-17T17:55:37+0200 [stdout#info] "openvpn_0": "started", 2019-04-17T17:55:37+0200 [stdout#info] "openvpn_1": "started", 2019-04-17T17:55:37+0200 [stdout#info] "user": "started", 2019-04-17T17:55:37+0200 [stdout#info] "web": "started" 2019-04-17T17:55:37+0200 [stdout#info] } 2019-04-17T17:55:37+0200 [stdout#info] } 2019-04-17T17:55:37+0200 [stdout#info] Server Agent started 2019-04-17T17:55:42+0200 [stdout#info] License Info {'apc': False, 'concurrent_connections': 2}

aptalca commented 5 years ago

Did you try to access the interface at https://DO-IP:943/admin?

That error is just because openvpn-as installer tries to automatically start it via systemd, but our container uses s6, there is no systemd. Later on, we start it with s6.

I just created a fresh container on a DO ubuntu bionic droplet with the following and it came right up:

docker create \
  --name=openvpn-as \
  --cap-add=NET_ADMIN \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Stockholm \
  -p 943:943 \
  -p 9443:9443 \
  -p 1194:1194/udp \
  -v /home/aptalca/openvpn-as:/config \
  --restart unless-stopped \
  linuxserver/openvpn-as
wovalle commented 5 years ago

Thanks for the quick response @aptalca!

Yes, I tried to access via the public_ip:port but no luck. I cannot even get anything from inside the container:

image

So the webserver is not starting :(

aptalca commented 5 years ago

it's https, not http, try curl -kL https://localhost:943

wovalle commented 5 years ago

Oh, my bad!

Just noticed that you were pinging https (instead of http). Now I can see the admin panel! So much time lost 😪

Thanks! @aptalca! This is solved.