Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OpenVPN Client:32 and 64-bit: Your Private and Secure Path to the Internet

Featured Replies

  • Author

I will take a look, if you see any benefit for this  I will add it! :-)

 

  • 4 weeks later...
  • Replies 546
  • Views 164.7k
  • Created
  • Last Reply

Im having the same issue someone else was having long ago but  never posted a solution for(other than changing providers)

 

But i see other people using PrivateInternetAccess(PIA) here getting further...so here goes.

Im getting the issue that it cant find a tun device and to use --dev

 

Below are the screenshots that should hopefully provide any info needed.  Im using the PIA provided .ovpn config files, at one point in the past i had this working on unraid 5.x, but never  bothered to set it up in 6.x until now and this happens.

 

https://dl.dropboxusercontent.com/u/2798684/OVPNClient1.PNG

https://dl.dropboxusercontent.com/u/2798684/OVPNClient2.PNG

https://dl.dropboxusercontent.com/u/2798684/OVPNClient3.PNG

  • 3 weeks later...

Quick question,

 

I am trying to get OpenVPN Client working through PIA on Unraid v6.1.6.  I grabbed the ovpn config from PIA and placed it in /boot/openvpn. I can successfully connect to the VPN but my DNS seems to be broken.  I can ping IP addresses no problem, but I can't access anything via names (www.google.com, for example). Do I need to do something to get the DNS working through the VPN?  With the VPN off, there is no issue.  Any help would be appreciated.

Quick question,

 

I am trying to get OpenVPN Client working through PIA on Unraid v6.1.6.  I grabbed the ovpn config from PIA and placed it in /boot/openvpn. I can successfully connect to the VPN but my DNS seems to be broken.  I can ping IP addresses no problem, but I can't access anything via names (www.google.com, for example). Do I need to do something to get the DNS working through the VPN?  With the VPN off, there is no issue.  Any help would be appreciated.

 

What are you currently setting your DNS to?

I don't recall ever setting my DNS manually.  Under Network Settings, I have Obtain DNS Servers Automatically set to YES, which I believe just uses the ones that my router is configured for (I think these are just the ones from my ISP).

Try changing them to 8.8.8.8 and/or 8.8.4.4 see if that helps any...

Success!  Thank you kindly for the help.  Any idea why you have to manually specify it? (not that i mind using Public DNS, i'd just like to understand why)

Honestly, no, I'm not particularly knowledgeable about network stuff.  It was just a hunch....

  • 2 months later...

Hello, does anyone know of a walk through on setting this up with PIA? New to using the open vpn client to achieve this I have only ever used some form of GUI for my VPN.

To set it up with PIA, go on the website and downloadn the .opvn files for the portals you want to connect to. Also download the security certificate (the "CA" file).

 

If you want to use port forwarding for torrents, you can use the script below that I got from this thread a LONG time ago. I only use this for Transmission so I can't help you with other clients unless you are using Deluge in which case you are in luck because I left the code that I added for deluge to work commented out.  Uncomment the deluge stuff and it should work. Not sure how to make this work with Deluge in a Docker, though.

 

I store this script in /mnt/cache/.custom/openvpn since the script already stores PIA's client id in the same location. I have the script set on a cron job that runs every 3 hours to make sure the port is still open. I don't really have any stuff going on to check if the VPN is actually running because I didn't get around to it. But, if the VPN is running and the Port changes, this script will pick it up and feed it to Transmission or Deluge automatically.

 

#!/bin/bash
ifconfig tun5|grep -oE "inet *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip 

echo "Port forwarding is currently using port..." 

curl -d "user=<USERNAME>&pass=<PASSWORD>&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened

#comment next line out if using with Deluge
awk '{print "/usr/local/Transmission/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash

#####################################
#    Uncomment the below lines to use with Deluge#        #
#####################################
#port=$(cat /tmp/vpn_port_opened)

#echo $port

#deluge-console "config --set random_port False"

#echo "Changing port settings on deluge...."


#deluge-console "config --set listen_ports ($port,$port)"

I have a concern about the openvpn client on unraid. 

 

Several times now I've noticed login attempts to my unraid server while connected to my VPN.  My VPN blocks all port forwarding, so I'm not sure how they are connecting to me. 

 

You can see a snippet below of the log file.

 

Mar 21 19:09:35 Tower in.telnetd[5987]: connect from 187.22.157.164 (187.22.157.164)
Mar 21 19:09:35 Tower telnetd[5987]: ttloop: peer died: EOF
Mar 21 19:11:55 Tower in.telnetd[7255]: connect from 221.138.84.57 (221.138.84.57)
Mar 21 19:11:55 Tower emhttp: cmd: /usr/local/emhttp/plugins/dynamix/scripts/tail_log syslog
Mar 21 19:12:01 Tower telnetd[7255]: ttloop: peer died: EOF
Mar 21 19:13:49 Tower emhttp: cmd: /usr/local/emhttp/plugins/dynamix/scripts/tail_log syslog
Mar 21 19:15:35 Tower in.telnetd[8908]: connect from 187.160.124.138 (187.160.124.138)
Mar 21 19:15:38 Tower emhttp: cmd: /usr/local/emhttp/plugins/dynamix/scripts/tail_log syslog
Mar 21 19:15:45 Tower login[8917]: invalid password for 'UNKNOWN'  on '/dev/pts/2' from 'CableLink-187-160-124-138.PCs.InterCable.net'
Mar 21 19:15:51 Tower login[8917]: invalid password for 'UNKNOWN'  on '/dev/pts/2' from 'CableLink-187-160-124-138.PCs.InterCable.net'
Mar 21 19:16:10 Tower php: /usr/local/emhttp/plugins/openvpnclient/scripts/rc.openvpnclient 'stop'
Mar 21 19:16:12 Tower ntpd[1476]: Deleting interface #8 tun5, 10.8.0.113#123, interface stats: received=0, sent=0, dropped=0, active_time=866 secs

 

As soon as I disconnect from the VPN, the login attempts stop.

 

I've got a query in to my VPN provider asking about the attack surface presented when using their service.

 

I'm beefing up iptables, but my understanding is that while using a VPN with no port forwarding, there shouldn't be a way to route back to my server.  This means that either the openvpn client or my VPN is exposing the unraid server to the world.

 

Has anyone else experienced this while connected to a VPN? 

 

Thanks,

 

 

Woah! Am I reading this right, you have your unRAID machine exposed to the Internet via a VPN Service!!!???!!!

 

To Quote NAS from another thread:

 

The right and only way for someone who doesnt want to spend their life making sure they arent under attack is to turn on and use VPN on your router. If your router does not supor this the few bucks it takes to buy one that does will pay dividends in the end.

The operative word was 'had'.  Yes.  Using the OpenVPN client.  Under controlled circumstances to test the client. 

 

Why are you surprised that someone is testing it?  I haven't seen other test results from using the openvpn client plugin.  I'm curious what others are seeing when they use it.  If it's an insecure plugin, perhaps it should be noted somewhere.

 

 

The operative word was 'had'.  Yes.  Using the OpenVPN client.  Under controlled circumstances to test the client. 

 

Why are you surprised that someone is testing it?  I haven't seen other test results from using the openvpn client plugin.  I'm curious what others are seeing when they use it.  If it's an insecure plugin, perhaps it should be noted somewhere.

 

I am not surprised that people are using it or that it is being tested. However I do note that it is in the "unverified section" of the Plugins BUT you way not be running the latest version of unRAID so thats ok!

 

What I am surprised about is that one would use it to connect to a VPN service which opens their unRAID box to the Internet. This is NOT something that you should do. unRIAID is NOT designed with Security in mind at all. IF you open your unRAID server to the Internet then this is on your head.

 

I don't think that the Plugin is insecure, it comes down to how a user uses it. I personally feel the Plugin has real world application if for instance you are connecting two secure sites together (e.g. House 1 >> House 2) for the purpose of facilitating data transfer etc.

 

I can't imagine the author of this would EVER have expected this was to be used to connect their Server to the Internet.

The way vpn services work, they aggregate groups of subscribers together, and funnel them through a common gateway elsewhere on the internet. While the internet in general can't get back to your box, everybody else that is connected with you through that service can. The VPN client and server plugin for unraid are meant to set up a private vpn between your devices, not to connect your server to a vpn service. Either set up your vpn service on an endpoint firewall as an alternate connection with a firewall between you and the vpn, or use the specific downloaders with vpn built in that are specifically created to isolate the vpn from your other devices. Binhex has vpn torrent and usenet downloader dockers that work well.

Typically I connect to my vpn through my router.  This can complicate certain things for members of my household when on steam.  This is why I was testing the client and why I monitored it while it was active to see what kind of footprint was being exposed.  Quite large, obviously.

 

I'll check out bixhex's offerings to see if they'll work for me.  If not, I'll put a second router on my network for unraid to use for VPN. 

 

 

Typically I connect to my vpn through my router.  This can complicate certain things for members of my household when on steam.  This is why I was testing the client and why I monitored it while it was active to see what kind of footprint was being exposed.  Quite large, obviously.

 

I'll check out bixhex's offerings to see if they'll work for me.  If not, I'll put a second router on my network for unraid to use for VPN.

 

I hope that whatever you decide you do it securely and DONT expose your box to the Internet in ANY solution you choose. The Binhex Dockers  with built in VPN really are a much better solution IF you don't want to go down the router route! <= LOL!

 

Anyway, I felt bad because I seemed to have just ranted at you, so you balance my Karma I saw this thread just now:

 

http://lime-technology.com/forum/index.php?topic=35435.0

 

Thread for 6.1 "Verified" versions of the an OpenVPN Client and Server Plugin

 

Also, PLEASE consider using Dockers instead of Plugins for such things. It IS the preferred method for "Apps" on unRAID since v6 was released.

 

Another user BRiT summarised the benefits of Docker over Plugins in another thread as:

 

The ease of development and maintenance of Dockers is a huge positive for everyone. If the initial container creator disappears it's significantly easier and quicker for others to pick up what they've done and continue carrying the torch.

 

With plugins, it's more complex and you have to worry about a MFT of dependencies and incompatibilities if unRAID ever has any base changes.

 

Dockers do not conflict with one another. Each Docker Container is it's own universe.

Plugins can and have caused other plugins to fail massively. Each Plugin is sharing the same swimming pool*.

 

Other major benefits to Dockers is the storage and installation of them does not use up RAM twice. Dockers are stored inside a single docker.img file contained on your cache drive. They only use RAM when the application is run. Dockers are only installed once.

 

With a plugin you first install the plugin on each and every single boot, into the "root" filesystem which is in RAM before you even run the application.

 

The other significant benefit to Docker is I have taken my Dockers and their configuration and have run them on my Win OS development server! All I had to do was change the directory mappings.

 

For your needs there isn't much with respect to OpenVPN Client Docker BUT a simple search of the Community Applications (Apps) Plugin indicates that following Docker options for OpenVPN Server:

 

OpenVPN-AS: http://lime-technology.com/forum/index.php?topic=43317.0

 

Linuxserver.io Dockers are VERY well put together and never let me down.

 

Anyway, perhaps this has got me some positive points with the Support Karma God's, although Ill probably get a barrage of abuse again for recommending Dockers over Plugins when Plugins are STILL a "Supported" method.

 

:)

Hey guys,

 

I am quite new here, so hopefully I am not missing something stupid.

 

I have openVPN up and running (client) with PIA. openVPN finds the configuration files and it connects to the vpn fine. However after a hour or 2, the vpn drops the internet connection and unraid can no longer contact the internet... (well I cant ping anything external from the console).

 

I first noticed this when my Deluge client would stop downloading after a few hours.

 

Is there a timeout here that maybe I dont know about? could it be PIA? (I wouldn't think so, because I never had a issue on my windows box)

 

SS of configuration: http://i.imgur.com/zs9511i.png

 

PIA ovpn

client
proto udp
dev tun5
remote aus-melbourne.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem



auth-user-pass /boot/config/plugins/openvpnclient/password.txt

status /tmp/openvpn/openvpn-status.log

 

Pretty lost here, obviously it would be very beneficial for me to run a vpn with my Deluge client xD.. pls halp

 

Hey guys,

 

I am quite new here, so hopefully I am not missing something stupid.

 

I have openVPN up and running (client) with PIA. openVPN finds the configuration files and it connects to the vpn fine. However after a hour or 2, the vpn drops the internet connection and unraid can no longer contact the internet... (well I cant ping anything external from the console).

 

I first noticed this when my Deluge client would stop downloading after a few hours.

 

Is there a timeout here that maybe I dont know about? could it be PIA? (I wouldn't think so, because I never had a issue on my windows box)

 

SS of configuration: http://i.imgur.com/zs9511i.png

 

PIA ovpn

client
proto udp
dev tun5
remote aus-melbourne.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem



auth-user-pass /boot/config/plugins/openvpnclient/password.txt

status /tmp/openvpn/openvpn-status.log

 

Pretty lost here, obviously it would be very beneficial for me to run a vpn with my Deluge client xD.. pls halp

 

Please read this:

 

The way vpn services work, they aggregate groups of subscribers together, and funnel them through a common gateway elsewhere on the internet. While the internet in general can't get back to your box, everybody else that is connected with you through that service can. The VPN client and server plugin for unraid are meant to set up a private vpn between your devices, not to connect your server to a vpn service. Either set up your vpn service on an endpoint firewall as an alternate connection with a firewall between you and the vpn, or use the specific downloaders with vpn built in that are specifically created to isolate the vpn from your other devices. Binhex has vpn torrent and usenet downloader dockers that work well.

 

If you want to use a Deluge Client over VPN and you don't have a router to run the VPN Client from then please see here:

 

https://lime-technology.com/forum/index.php?topic=45812.0

 

If you don't know how to quickly install it, please see here:

 

http://lime-technology.com/forum/index.php?topic=40262.0

  • 1 month later...

I am trying to connect 2 unRaid servers together via this plugin.  One in the USA running openvpn server and one in China running openvpn client and use rsync to keep a few folders in sync.  The openvpn Server is unRaid 6.1.9 in usa and I can connect to it fine via Windows Openvpn from China via my laptop.

 

I am trying to set up the openvpn client plugin on the unRaid 6.1.9 box in China.  I am using the same .opvn file that is working fine on my Windows laptop, but here in China, the unRaid box with the client installed doesn't want to start.  As it begins to start, it shows not connected tun5 not established, then shows started OK, but the status screen declares "OpenVPN client is not running"

 

The openvpn log shows the following

 

Tue May 17 18:46:27 2016 OpenVPN 2.3.11 x86_64-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 10 2016
Tue May 17 18:46:27 2016 library versions: OpenSSL 1.0.1s  1 Mar 2016, LZO 2.03
Tue May 17 18:46:27 2016 WARNING: file '/boot/config/plugins/openvpnclient/password.txt' is group or others accessible
openvpn: symbol lookup error: openvpn: undefined symbol: SSL_CTX_get0_certificate

default via 192.168.1.1 dev br0  metric 208 
127.0.0.0/8 dev lo  scope link 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.110  metric 208 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 

 

 

OpenVPN Client Configuration: 
  
Use password to login ? Yes   
Client configuration file /boot/openvpn/china.opvn
Username for OpenVPN Client:  root
Password for OpenVPN Client:  (unRaid gui password)
Start OpenVPN during array mounting: No 
Extended Routing: None

  • Author

Se some previous post about installing the OpenVPN 2.3.9 version. Some issue with unraid 6.1.9

 

 

Skickat från min iPhone med Tapatalk

Se some previous post about installing the OpenVPN 2.3.9 version. Some issue with unraid 6.1.9

 

Peter, were you talking to me for my China problem?

 

  • Author

Se some previous post about installing the OpenVPN 2.3.9 version. Some issue with unraid 6.1.9

 

Peter, were you talking to me for my China problem?

Yes

Se some previous post about installing the OpenVPN 2.3.9 version. Some issue with unraid 6.1.9

 

Peter, instead of upgrading openvpn to 2.3.9, I downgraded my unRaid from 6.1.9 all the way back to 6.1.3, and I am still having the same problems.  Midway though starting the client on unRaid 6.1.3 we get the message that

 

"tun5 not established"

"OK..... Started"

but the screen returns to:

Status:  OpenVPN Client is NOT RUNNING

 

And the openvpn logs show...

 

Thu May 19 21:27:59 2016 OpenVPN 2.3.11 x86_64-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 10 2016
Thu May 19 21:27:59 2016 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.03
Thu May 19 21:27:59 2016 WARNING: file '/boot/config/plugins/openvpnclient/password.txt' is group or others accessible
openvpn: symbol lookup error: openvpn: undefined symbol: SSL_CTX_get0_certificate

default via 192.168.1.1 dev br0  metric 208 
127.0.0.0/8 dev lo  scope link 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.110  metric 208 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 

 

Should I try a different version of unRaid, or is upgrading openvpn the only thing to do?

I hesitate to upgrade openvpn as that would make the version I have different than the supported plugin.

 

Are you planning on upgrading the plugin to 2.3.9?  (I see that openvpn client 2.3.11 is out now....)

  • Author

The latest plugin are using 2.3.11, if you try 2.3.9 i think unraid 6.1.9 is ok. But why not try the 6.2 beta? It might be some miss math with the SSL package on 6.1.9.

 

 

Skickat från min iPhone med Tapatalk

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.