Setup openvpn-as using portainer and traefik

Traefik Traefik v1
1

Hi,
I'm trying to setup openvpn using a portainer stack and have difficulties with it. Here's my portainer docker-compose:

  openvpn-as:
    container_name: openvpn-as    
    image: linuxserver/openvpn-as
    restart: unless-stopped
    privileged: true
    environment:
      - TZ=Europe/Warsaw
      - PUID=1000
      - PGID=1000
    cap_add:
      - NET_ADMIN
    expose:
      - "943"
      - "9443"
      - "1194/udp"
    labels:
      - "traefik.enable=true"
      - "traefik.rule=Host:vpn.mysrv.duckdns.org"
      - "traefik.port=943"
      - "traefik.protocol=https"
    volumes:
      - $PWD/appdata/openvpn-as:/config

When I visit vpn.mysrv.duckdns.org there's 404. Log files from portainer and docker looks good to me. Please advise.

Thx,
Olo

2

Hi,

I know this topic is quite old but I've stumbled upon this issue and I'm guessing some others might too.

The linuxserver image you're using makes use of self-generated certificates for HTTPS. You specified traefik.protocol=https in your docker-compose, which is good, but make sure to also add the necessary certificate in Traefik configuration or set the insecureSkipVerify option to true.

I'm using a very similar docker-compose as you so shouldn't be a problem.

Hope this helps someone.

3

Hello Gregoire. Could you expand on "add the necessary certificate in Traefik configuration" please? I can't seem to get this working with Traefik v2. Bad gateway, if I include the tlscertresolver, and "404 page not found" if I leave the certresolver out. Openvpn-as works fine locally.

  ##### OpenVPN Access Server #####`
  openvpn-as:
    image: linuxserver/openvpn-as
    container_name: openvpn-as
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Paris
    volumes:
      - /mnt/db/config/openvpn:/config
    networks:
      - web
    ports:
      - 943:943
      - 9443:9443
      - 1194:1194/udp
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
#      - "traefik.http.routers.vpn.entrypoints=web"
#      - "traefik.http.routers.vpn.rule=Host(`vpn.host.com`)"
      - "traefik.http.services.vpn-secure.loadbalancer.server.port=943"
      - "traefik.http.routers.vpn-secure.entrypoints=web-secured"
      - "traefik.http.routers.vpn-secure.rule=Host(`vpn.host.com`)"
#      - "traefik.http.routers.vpn-secure.tls=true"
#      - "traefik.http.routers.vpn-secure.tls.certresolver=mytlschallenge"
#      - "traefik.http.routers.vpn.middlewares=https-redirect@file"
      - "traefik.protocol=https"
4

Nevermind. I was missing the loadbalancer sheme as such

  - "traefik.http.services.vpn-secure.loadbalancer.server.scheme=https"
1 Like
5

Thank you for coming back and telling us how you solved it! This saved me couple of hours of finding this