How to manually install an OpenVPN server (Unraid 6.8.3 - 6.10.3)

[Opawesome]

Hi,

 

Since the OpenVPN Server plugin by @peter_sm, and the OpenVPN-AS docker container by @linuxserver.io are no longer available (as of august 2021), I thought it might be useful to some of you to know how to manually install an OpenVPN server on your Unraid machine.

 

Using the Wireguard VPN which is now included in Unraid is of course an option but you may want to stick with OpenVPN for many reasons.

 

The method below:

• was tested (and works) on Unraid 6.8.3, 6.9.2, 6.10.2 and 6.10.3;
• assumes that you already have (or know how to setup) an openvpn .ovpn configuration file for your server (and clients);
• assumes that you already have (or know how to create) the SSL certification authority certificate, SSL server certificate, RSA keys and diffie hellman key which are required by your openvpn .ovpn configuration fileq; [Note: I personally use XCA to create and manage all my certificates and keys; tutorials on how to create the certificates and keys with XCA can be found here on YouTube for example.]
• assumes that you know how to setup your router to forward the ports required for you OpenVPN server to work;
• allows you to run OpenVPN even if the array is stopped (this is useful if your array is encrypted and does not automatically start on boot).

 

STEP 1: ADD THE OPENVPN PACKAGE TO THE UNRAID BOOT DRIVE

 

1.1. Grab the openvpn-2.4.8-x86_64-1.txz package for Slackware.

 

Note: I have not been able to find this version on the Slackware website but I was able to grab that package from my previous install of the OpenVPN Server plugin. I have attached it to this post, but please share any link to an official download if you find one.

 

1.2. Copy it to the /boot/extra/ directory on the Unraid boot drive.

 

Note: Packages in this folder are installed upon boot.

 

STEP 2: ADD THE OPENVPN CONFIGURATION FILES AND ASSOCIATED CERTIFICATES, KEYS AND FILES TO THE UNRAID BOOT DRIVE

 

2. Copy your OpenVPN configuration file and associated certificates, keys and files to the /boot/config/user-files/openvpn/ directory on the Unraid boot drive.

 

Note: These files include the following, depending on your configuration:

• server.ovpn or client.ovpn,
• dh.pem,
• ca.cert,
• server.crt,
• ta.key (if you use TLS for authentication),
• crl.pem (if you use a certificate revocation lists),
• ipp.txt (if you use manual IP assignment)

 

STEP 3: EDIT THE "GO" FILE ON THE UNRAID BOOT DRIVE

 

3.1. Edit the /boot/config/go file on the Unraid boot drive by adding the following at the end of the file:

 

# #############
# Start OpenVPN (beginning)
# #############

# Start OpenVPN - 1. Set variables
NETWORK="172.16.92.0" # OpenVPN server IP network
CIDRSUFFIX="24" # OpenVPN server IP network CIDR suffix, without the "slash"
OPENVPNCONFIGPATH="/boot/config/user-files/openvpn/" # Path to openvpn configuration files on USB drive, with the trailing "slash"

# Start OpenVPN - 2. Copy OpenVPN configuration and cert files
mkdir -p /etc/openvpn/
cp "${OPENVPNCONFIGPATH}server.ovpn" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}dh.pem" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}ca.crt" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}server.crt" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}server.key" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}ta.key" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}ipp.txt" /etc/openvpn/

# Start OpenVPN - 3. Create tun device
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
	mknod /dev/net/tun c 10 200
fi
modprobe tun
echo 1 > /proc/sys/net/ipv4/ip_forward

# Start OpenVPN - 4. Run OpenVPN
mkdir -p /var/run/openvpn/
sudo -H -u root openvpn --writepid /var/run/openvpn/openvpn.pid --config /etc/openvpn/server.ovpn --script-security 2 --daemon

# Start OpenVPN - 5. Add IP tables
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
echo $NIC
IPRULES1="iptables -t nat -A POSTROUTING -s $NETWORK/$CIDRSUFFIX -o $NIC -j MASQUERADE"
eval $IPRULES1
iptables -t nat -L POSTROUTING -n -v --line-numbers | grep $NETWORK

# #############
# Start OpenVPN (end)
# #############

 

3.2. Adjust the above to your own use case

 

Note: For exemple, you will need to change the NETWORK and CIDR variables according to the IP address and network mask that are set in the server.ovpn configuration file.

 

STEP 4: REBOOT AND CHECK THAT THE SERVER IS WORKING

 

4.1. Reboot your Unraid machine.

 

4.2. Check that OpenVPN is running by executing this command: 

ifconfig tun0

 

4.3. Try to connect to your OpenVPN server with a client.

 

Note: I recommend adding the following lines to your .ovpn config file to help troubleshooting any potential issues:

status /var/log/openvpn-status.log 5
log-append /var/log/openvpn.log

 

 

I hope this helps.

 

Best,

Opawesome

openvpn-2.4.8-x86_64-1.txz

Edited August 2, 2022 by Opawesome
update after unraid version upgrade

[Opawesome]

RESERVED

[Emanuel87]

for those more challanged among us, could you please may detail also the assumed part

Quote

 

*assumes that you already have (or know how to setup) an openvpn .ovpn configuration file for your server (and clients);

*assumes that you already have (or know how to create) the SSL certification authority certificate, SSL server certificate, RSA keys and diffie hellman key which are required by your openvpn .ovpn configuration fileq; [Note: I personally use XCA to create and manage all my certificates and keys; tutorials on how to create the certificates and keys with XCA can be found here on YouTube for example.]

 

 

[trurl]

Have you tried Wireguard?

[Emanuel87]

wireguard is blocked by company it. so that's why i've asked for openVPN, as this is what the company also uses.