How to manually install an OpenVPN server (Unraid 6.8.3 - 6.12.8)


Opawesome

Recommended Posts

Hi,

 

Since the OpenVPN Server plugin by @peter_sm, and the OpenVPN-AS docker container by @linuxserver.io are no longer available (as of august 2021), I thought it might be useful to some of you to know how to manually install an OpenVPN server on your Unraid machine.

 

Using the Wireguard VPN which is now included in Unraid is of course an option but you may want to stick with OpenVPN for many reasons.

 

The method below:

  • was tested (and works) on Unraid 6.8.3, 6.9.2, 6.10.2, 6.10.3, 6.11.5, 6.12.4 and 6.12.8;
  • assumes that you already have (or know how to setup) an openvpn .ovpn configuration file for your server (and clients);
  • assumes that you already have (or know how to create) the SSL certification authority certificate, SSL server certificate, RSA keys and diffie hellman key which are required by your openvpn .ovpn configuration fileq; [Note: I personally use XCA to create and manage all my certificates and keys; tutorials on how to create the certificates and keys with XCA can be found here on YouTube for example.]
  • assumes that you know how to setup your router to forward the ports required for you OpenVPN server to work;
  • allows you to run OpenVPN even if the array is stopped (this is useful if your array is encrypted and does not automatically start on boot).

 

STEP 1: ADD THE OPENVPN PACKAGE TO THE UNRAID BOOT DRIVE

 

1.1. Grab the openvpn-2.5.5-x86_64-1.txz package for Slackware here.

 

Note: If you are using an older version of Unraid, you may need the openvpn-2.4.8-x86_64-1.txz package. I have not been able to find this older version on the Slackware website but I was able to grab that package from my previous install of the OpenVPN Server plugin. I have attached it to this post, but please share any link to an official download if you find one.

 

1.2. Copy it to the /boot/extra/ directory on the Unraid boot drive.

 

Note: Packages in this folder are installed upon boot.

 

STEP 2: ADD THE OPENVPN CONFIGURATION FILES AND ASSOCIATED CERTIFICATES, KEYS AND FILES TO THE UNRAID BOOT DRIVE

 

2. Copy your OpenVPN configuration file and associated certificates, keys and files to the /boot/config/user-files/openvpn/ directory on the Unraid boot drive.

 

Note: These files include the following, depending on your configuration:

  • server.ovpn or client.ovpn,
  • dh.pem,
  • ca.cert,
  • server.crt,
  • ta.key (if you use TLS for authentication),
  • crl.pem (if you use a certificate revocation lists),
  • ipp.txt (if you use manual IP assignment)

 

STEP 3: EDIT THE "GO" FILE ON THE UNRAID BOOT DRIVE

 

3.1. Edit the /boot/config/go file on the Unraid boot drive by adding the following at the end of the file:

 

# #############
# Start OpenVPN (beginning)
# #############

# Start OpenVPN - 1. Set variables
NETWORK="172.16.92.0" # OpenVPN server IP network
CIDRSUFFIX="24" # OpenVPN server IP network CIDR suffix, without the "slash"
OPENVPNCONFIGPATH="/boot/config/user-files/openvpn/" # Path to openvpn configuration files on USB drive, with the trailing "slash"

# Start OpenVPN - 2. Copy OpenVPN configuration and cert files
mkdir -p /etc/openvpn/
cp "${OPENVPNCONFIGPATH}server.ovpn" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}dh.pem" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}ca.crt" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}server.crt" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}server.key" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}ta.key" /etc/openvpn/
cp "${OPENVPNCONFIGPATH}ipp.txt" /etc/openvpn/

# Start OpenVPN - 3. Create tun device
mkdir -p /dev/net
if [ ! -c /dev/net/tun ]; then
	mknod /dev/net/tun c 10 200
fi
modprobe tun
echo 1 > /proc/sys/net/ipv4/ip_forward

# Start OpenVPN - 4. Run OpenVPN
mkdir -p /var/run/openvpn/
sudo -H -u root openvpn --writepid /var/run/openvpn/openvpn.pid --config /etc/openvpn/server.ovpn --script-security 2 --daemon

# Start OpenVPN - 5. Add IP tables
NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
echo $NIC
IPRULES1="iptables -t nat -A POSTROUTING -s $NETWORK/$CIDRSUFFIX -o $NIC -j MASQUERADE"
eval $IPRULES1
iptables -t nat -L POSTROUTING -n -v --line-numbers | grep $NETWORK

# #############
# Start OpenVPN (end)
# #############

 

3.2. Adjust the above to your own use case

 

Note: For exemple, you will need to change the NETWORK and CIDR variables according to the IP address and network mask that are set in the server.ovpn configuration file.

 

STEP 4: REBOOT AND CHECK THAT THE SERVER IS WORKING

 

4.1. Reboot your Unraid machine.

 

4.2. Check that OpenVPN is running by executing this command: 

ifconfig tun0

 

4.3. Try to connect to your OpenVPN server with a client.

 

Note: I recommend adding the following lines to your .ovpn config file to help troubleshooting any potential issues:

status /var/log/openvpn-status.log 5
log-append /var/log/openvpn.log

 

 

I hope this helps.

 

Best,

Opawesome

openvpn-2.4.8-x86_64-1.txz

Edited by Opawesome
updated with openvpn-2.5.5-x86_64-1.txz
  • Like 2
Link to comment
  • 10 months later...

for those more challanged among us, could you please may detail also the assumed part :(

Quote

 

*assumes that you already have (or know how to setup) an openvpn .ovpn configuration file for your server (and clients);

*assumes that you already have (or know how to create) the SSL certification authority certificate, SSL server certificate, RSA keys and diffie hellman key which are required by your openvpn .ovpn configuration fileq; [Note: I personally use XCA to create and manage all my certificates and keys; tutorials on how to create the certificates and keys with XCA can be found here on YouTube for example.]

 

 

Link to comment
  • Opawesome changed the title to How to manually install an OpenVPN server (Unraid 6.8.3 - 6.10.3)
  • 3 weeks later...
  • 1 year later...

For future people finding this post:
 

The current package can be found under the "n" directory for slackware since it is in the base install ie https://mirrors.slackware.com/slackware/slackware-current/slackware/n/

As far as i can tell Unraid is running slackware 15 however if anyone has a better source please correct me.
i will report back on comparability of unraid 6.11.5 and 6.12.4 (my current system builds)

  • Thanks 1
Link to comment
  • Opawesome changed the title to How to manually install an OpenVPN server (Unraid 6.8.3 - 6.12.4)
On 10/12/2023 at 4:59 AM, chssmstr23 said:

For future people finding this post:
 

The current package can be found under the "n" directory for slackware since it is in the base install ie https://mirrors.slackware.com/slackware/slackware-current/slackware/n/

As far as i can tell Unraid is running slackware 15 however if anyone has a better source please correct me.
i will report back on comparability of unraid 6.11.5 and 6.12.4 (my current system builds)

Have you been able to get the OpenVPN server working with any package sourced from the official slackware website ?

Link to comment
  • Opawesome changed the title to How to manually install an OpenVPN server (Unraid 6.8.3 - 6.12.8)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.