Everything posted by randall526
-
Docker monitoring and auto restart script
This is my script to auto check if a docker is responding and restart it. The verification is http based which will catch both when the docker doesn't respond as well as when there is a http error code present. You have to run a sample curl on your own and potentially choose what http content validates the docker. The script comments are fairly self explanatory and the code function is pretty clean to make the script user friendly and easy to add variables and function lines to check other dockers. UnraidDockerCheck.sh
-
Open VM Tools for unRAID 6
I had to update broken slackware file locations again since it appears new versions are available for some of the downloads. Incase anyone wants the version I am using on unraid 6.4.1, here it is: openVMTools_auto62 (4).plg There is no GUI front end with unraid but I do show the process running and ESXi reporting tools is indeed running. Great plugin so far, i'm waiting for the next kernel release to see if it updates correctly. Good work putting this together.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
changing how the udp protocol was defined worked Didn't think to change it seeing as pfsence oepnVPN server generated it that way on behalf of the VPN client and worked fine outside the plugin. I can stop and start the VPN through the WebGUI now, the small things make one happy. Thanks again.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
I ended up scripting around this and starting the VPN in the go file the traditional openvpn command line way and using a cron job script to keep an eye on it. GUI plugin still fails to start the VPN by removing my "dev tun" line in my ovpn config file everytime.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
The .ovpn file was partially auto generate by pfsense and it defined the UDP protocol this way remote rand526.ddns.net 1198 udp <========= I normally add the udp line separately myself as you suggested however this way works too. I proved this configuration works by starting the VPN by the command line. This works and the .ovpn file is not butchered by the unraid plugin when started this way. The plugin however when starting the VPN via the GUI keeps editing my .ovpn file and removing the "dev tun" line incorrectly just before the VPN starts. The VPN log then bawks that it's missing the "dev tun". The plugin breaks my .ovpn file every time. This proves the plugin is incorrectly messing with my .ovpn file and the configuration works prior to the plugin deciding to update it. I can see updating .ovpn in the lower right corner flash ever so briefly when I use this .ovpn. What in the plugin decides my .ovpn must be updated and removes this line.... I have no idea. My other .ovpn file I use for another VPN, the plugin doesn't touch and thus I don't get my .ovpn butchered by the plugin lol. Summing up, I think someone understanding the plugin logic rather then openVPN would have to comment as to why the plugin is messing with my .ovpn file and removing "dev tun" every-time. I think this is a plugin issue not a openVPN configuration problem. Something about my setup however the plugin is deciding it must incorrectly update my .ovpn file.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
One more thing, confident the plugin was incorrectly editing the .ovpn file which was a valid config before the plugin touched it, I decided to fire the VPN up via the command line. The following command and config file connects to my openVPN server and shows up running in the GUI. However if I bounce it via the GUI plugin, it removes the "dev tun" line and mentioned it updated the file and fails to start due to no dev tun/tap adapter defined. Maddening I say. It only does it for this setup, my other VPN server and .ovpn config file the plugin doesn't touch or try to update. Working command openvpn --writepid /var/run/openvpn/openvpn.pid --script-security 3 --mute-replay-warnings --config /boot/openvpn/pfSense-udp-1198-Sister.ovpn Working config via command line dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ######## 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass /boot/config/plugins/openvpnclient/password.txt status /tmp/openvpn/openvpn-status.log
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
Got a perplexing problem with the VPN client driving me up a wall. The plugin is dynamically updating my .ovpn config file every time I try to start the VPN Client and it some how removes the dev tun option in the file. The vpn fails to start with, no dev option defined in your .ovpn file. I'll add it back and the plugin updates the .ovpn and removes it every time and then the vpn log complains about the entry not being there. This is what my config file looks like before I start the VPN persist-tun dev tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ######### 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass This is what it looks like after the VPN fails to start and it updates my .ovpn file. It fails to start and says the dev tun/tap option is missing cause the plugin took it out.... persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ############## 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass /boot/config/plugins/openvpnclient/password.txt status /tmp/openvpn/openvpn-status Interestingly, I have another remote VPNserver using different options without a password and the plugin never trys to change the .ovpn file and it works fine. Any bright ideas?
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
well if you are referring to my post peter it appears the VPN resets when the VPN times out and resablishes. It starts backup with settings that do not match what is in the plugin GUI, namely the extended routing for exclusive IP's only.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
d.bech, What's not as clear as it could be in other docs is essentially this. Create a openvpn folder on your flash. Drop your .ovpn config file in this directory. The plugin does not create this folder or a sample file to work with even though it probably should. In the GUI, select the .ovpn file you created that has the majority of your vpn settings in it. These settings are not in the web interface but edited in this config file. Download a sample file to get you started on what the file looks like and what it does. Once the file is in the right folder and named correctly, the web GUI can select it as your "VPN" profile per say. If you are using CA certs or client authentication certificates you must create on your own, they also should be dropped in this folder and referenced in your config file. Also if you want to use extended routing, you have to create a webaddress.txt file in the openvpn folder. it will read this file and create routing table entries for when the VPN starts. No where in the GUI will it create this file for you or edit it. Must be done manually.
-
OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)
So my VPN kept reasserting itself with a default route to send all traffic over the VPN when I have extended routing for specific IP's only selected. It would also clear my specific IP host routes from my routing table read from the Webbaddresses.txt file I had to adjust the metric of my normal default route to take priority over the VPN default route however when this happens the route entry for specific IP's would get cleared out too. I found the cause in the logs and when the default route I don't want gets inserted, Any ideas on how to make sure the extended routing of specific IP's only sticks when the VPN resets/connects? I might have to create a cron job that runs like every min to read the routing table and insert the routes manually if there is no other fix to this. Thanks Log Tue Mar 1 01:20:50 2016 [vpn] Inactivity timeout (--ping-restart), restarting Tue Mar 1 01:20:50 2016 SIGUSR1[soft,ping-restart] received, process restarting Tue Mar 1 01:20:50 2016 Restart pause, 2 second(s) Tue Mar 1 01:20:52 2016 Socket Buffers: R=[212992->425984] S=[212992->212992] Tue Mar 1 01:20:52 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]209.197.20.207:1194 Tue Mar 1 01:20:52 2016 UDPv4 link local: [undef] Tue Mar 1 01:20:52 2016 UDPv4 link remote: [AF_INET]209.197.20.207:1194 Tue Mar 1 01:21:07 2016 TLS: Initial packet from [AF_INET]209.197.20.207:1194, sid=883df6eb a9137f82 Tue Mar 1 01:21:07 2016 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN Tue Mar 1 01:21:07 2016 Validating certificate key usage Tue Mar 1 01:21:07 2016 ++ Certificate has key usage 00a0, expects 00a0 Tue Mar 1 01:21:07 2016 VERIFY KU OK Tue Mar 1 01:21:07 2016 Validating certificate extended key usage Tue Mar 1 01:21:07 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Mar 1 01:21:07 2016 VERIFY EKU OK Tue Mar 1 01:21:07 2016 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN Tue Mar 1 01:21:07 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Mar 1 01:21:07 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Mar 1 01:21:07 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Tue Mar 1 01:21:07 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Mar 1 01:21:07 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Tue Mar 1 01:21:07 2016 [vpn] Peer Connection Initiated with [AF_INET]209.197.20.207:1194 Tue Mar 1 01:21:09 2016 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1) Tue Mar 1 01:21:09 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.80.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.80.5 255.255.254.0' Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: timers and/or timeouts modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: explicit notify parm(s) modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Tue Mar 1 01:21:09 2016 Socket Buffers: R=[425984->425984] S=[212992->212992] Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: --ifconfig/up options modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: route options modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: route-related options modified Tue Mar 1 01:21:09 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Mar 1 01:21:09 2016 Preserving previous TUN/TAP instance: tun5 Tue Mar 1 01:21:09 2016 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. Tue Mar 1 01:21:09 2016 /usr/sbin/ip route del 209.197.20.207/32 Tue Mar 1 01:21:09 2016 /usr/sbin/ip route del 0.0.0.0/1 RTNETLINK answers: No such process Tue Mar 1 01:21:09 2016 ERROR: Linux route delete command failed: external program exited with error status: 2 Tue Mar 1 01:21:09 2016 /usr/sbin/ip route del 128.0.0.0/1 RTNETLINK answers: No such process Tue Mar 1 01:21:09 2016 ERROR: Linux route delete command failed: external program exited with error status: 2 Tue Mar 1 01:21:09 2016 Closing TUN/TAP interface Tue Mar 1 01:21:09 2016 /usr/sbin/ip addr del dev tun5 172.20.20.18/22 Tue Mar 1 01:21:10 2016 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:70:79:ac Tue Mar 1 01:21:10 2016 TUN/TAP device tun5 opened Tue Mar 1 01:21:10 2016 TUN/TAP TX queue length set to 100 Tue Mar 1 01:21:10 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Mar 1 01:21:10 2016 /usr/sbin/ip link set dev tun5 up mtu 1500 Tue Mar 1 01:21:10 2016 /usr/sbin/ip addr add dev tun5 172.21.80.5/23 broadcast 172.21.81.255 Tue Mar 1 01:21:10 2016 /usr/sbin/ip route add 209.197.20.207/32 via 192.168.2.1 Tue Mar 1 01:21:10 2016 /usr/sbin/ip route add 0.0.0.0/1 via 172.21.80.1 Tue Mar 1 01:21:10 2016 /usr/sbin/ip route add 128.0.0.0/1 via 172.21.80.1