Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OpenVPN Client:32 and 64-bit: Your Private and Secure Path to the Internet

Featured Replies

  • Author

I already have a beta that can route specifics IP through the tunnel.... some more fine tuning....

 

we will see if I can work on your function as well..... ;-)

 

//Peter

  • Replies 546
  • Views 164.7k
  • Created
  • Last Reply
  • Author

New version with a function to Route specific IP through VPN tunnel

 

//P

New version with a function to Route specific IP through VPN tunnel

 

//P

 

Looks like the link to version 2.5.2 is broken. Can you re-upload the new code?

Thanks.

Lets think about a scenario where a user would only want to tunnel two addresses through a tunnel. Everything else would go through the normal internet connection.

 

Lets take an example where we only want to tunnel xbmc.org and lime-technology.com through the vpn.

 

We would use your addon to connect to the vpn and we can see that our ip address changed. That is because our normal ip route is through the tunnel and in this scenario we don't want that.

 

ip route delete "0.0.0.0/1"
ip route delete "128.0.0.0/1"

 

Now the ip address has changed back to the normal ISP ip address and nothing goes through the vpn.

 

Now we need to find out the ip addresses of xbmc and lime-technology and we can just use ping:

ping xbmc.org
PING xbmc.org (205.251.128.242) 56(84) bytes of data.

ping lime-technology.com
PING lime-technology.com (216.119.154.106)

Now that we have the ip addresses we can add them to the whitelist:

(I like to replace the last part of the ip address with .0/24 to make sure i get all of the sites ip range)

 

#           Destination           VPN tunnel (check address at the right bottom of "ip route show")               
ip route add 205.251.128.0/24 via 10.200.4.1 dev tun0
ip route add 216.119.154.0/24 via 10.200.4.1 dev tun0

 

Now you can test using

tracepath xbmc.org 
tracepath google.com

You can see that xbmc.org goes through the vpn but google goes through the router and ISP.

 

These changes need to be typed in again if you disconnect/reconnect

 

I have a question about this, and please correct me if I'm wrong. For the first route wouldn't you want to route to the exact ip address instead of the entire 205.251.128.0 subnet? So the command would actually be "ip route add 205.251.128.242 via 10.200.4.1 dev tun0". It's a small point, but it has the potential to route traffic through the VPN you may not have intended to route.

Thanks for the great update !!

 

You are right that tunneling the whole subnet is a bit of a risk, but IMO better than missing some ip addresses and taking the time to figure out exactly what ip addresses are part of the website.

  • 2 weeks later...

I couldnt download the final file with script ....

Had to remove all references to "--no-check-certificate" from script

and then re-run install.

Now it installs, though cannot get it working. I have user keys which require no password.

 

Cheers

Andy

 

 

file /boot/packages/openvpn-2.2.2-i486-2-autologin.txz: downloading from --no-check-certificate http://dl.dropbox.com/u/46562247/openvpn-2.2.2-i486-2-autologin.txz ... wget: unrecognized option `--no-check-certificate'

Usage: wget [OPTION]... ...

 

Try `wget --help' for more options.

bad download, deleting

 

Warning: unlink(/boot/packages/openvpn-2.2.2-i486-2-autologin.txz): No such file or directory in /usr/local/sbin/installplg on line 70

root@Zen:~#

 

wow.

 

I love how whenever I get a bug up my bum and want to add some sort of function to my unraid server, low and behold a community member has already crafted a great way to go about it!

 

Thanks for the work bud! Can't wait to start tinkering with this.

I can't understand why I have not seen this thread earlier. I'm setting up an offsite unRAID server for mirroring the main unRAID server. Bridging the offsite server to my home network and OpenVPN server (pfSense) would be great. I should be able to rsync without forwarding ports. :)

  • 2 weeks later...

Hi,

 

I loaded the plug, set up the vpn info and it shows successful.  ---great.....

I can connect to my vpn - ipvanish serves just fine

 

 

The problem , is when i download, the speed drops way down.

 

With no vpn - download speed - 9.1mbps --- with vpn 188kbps

Tried several of the ipvanish servers - but just about the same - super slow

 

Any suggestions?

 

Thanks for the Excellent Plugs..

Joe

 

 

Running the latest version of unraid 5

Sabnzb

Sickbeard

Airvideo

OpenVpn

etc.....

I'm having a hard time getting running...I believe I am having permission/ownership problems with the /boot/openvpn/(config files)....they are all root:root and I think they should be nobody:users for the plugin to use as it's probably running that way, right?

 

But my system will not let me chown or chgrp on the /boot/openvpn folder or files within...I have been doing some reading and think it may have something to do with the filesystem on the usb being FAT?

  • 2 weeks later...

The /boot/ location is your flash drive, which doesn't store permissions. root:root should work fine. I just checked, and mine have the same permissions.

 

What led you to believe you have ownership issues? Do you have any log information you could post?

  • 3 weeks later...

thanks for the plugin, it is working great. I have one question. I want everything running through the VPN except one specific service on one specific port. I cannot figure out a way to have just that one service go through to the normal IP and not through the VPN. Is there anyway to accomplish this?

thanks for the plugin, it is working great. I have one question. I want everything running through the VPN except one specific service on one specific port. I cannot figure out a way to have just that one service go through to the normal IP and not through the VPN. Is there anyway to accomplish this?

lol, I asked Peter this same question through a PM a couple days back. If someone can come up with the commands to do something like this I think he'd consider it as an option in the plugin, but it is currently not being worked on.

 

FWIW, I proposed the "Route only specific ip addresses:" module in the OpenVPN Config GUI have the drop-down options be to Route through VPN: (A)-All (B)-Only listed addresses (webbadress.txt) ©-Only unlisted addresses (not_webbadress.txt)

Because the question arose from my using the openVPN client (which worked perfectly for me) to try and avoid my ISP blocking P2P traffic I hope that you will forgive me linking the following thread from the Lounge section:

 

http://lime-technology.com/forum/index.php?topic=24946.0

 

It concerns potential security risks that arise from connecting an unraid server to a third party VPN service provider.

 

I'm sure that most here are aware of the issues but I count myself as a reasonably experienced computer user and the fact that using a VPN tunnel carried any security risks hadn't occurred to me until I started to test things.

 

 

  • 2 weeks later...
  • Author

Update plugin, using now OpenVPN 2.3.0

 

//Peter

I tried to set it up on my unraid, but i doesn't work very well.

Probably i made some mistakes...

 

I use perfect-privacy.com, so i have these files for one server: .opvn, .cacrt, .clientcrt, .takey, .p12, .clientkey

 

Everytime i want to connect there's the message: "An error accured, probably there is some issue with your acount!!!, Try to login in again !!"

 

Do you have any idea?

Hi,

 

Did you get this to work? I'm having the same problem as you and I'm also using a PKCS #12 keyfile instead of username and password.

When starting the OpenVPN client I'm getting

Sun Jan 13 21:35:49 2013 Cannot load CA certificate file /boot/openvpn/ (OpenSSL)
Sun Jan 13 21:35:49 2013 Exiting due to fatal error

 

Any ideas?

 

  • Author

Pleas try to install the plugin manually first, after all other plugin are installed, might be a issue with SSL packages, this plugin now uses a never one than all the other plugin have, and if you still see this error message, try to login some more times...

 

//Peter

 

 

I think everything installs just fine.

The thing is that I don't use a CA.

 

When I manually start OpenVPN from command prompt I get

ls: cannot access *.crt: No such file or directory

And thats because I should not need a .crt file. I use this on several computers (Windows) and several android phones so I know it works.

 

Best regards

I think everything installs just fine.

The thing is that I don't use a CA.

 

When I manually start OpenVPN from command prompt I get

ls: cannot access *.crt: No such file or directory

And thats because I should not need a .crt file. I use this on several computers (Windows) and several android phones so I know it works.

 

Best regards

After some trial and error I got it to work. What I did was to copy the CA certificate from pfSense to a .crt file that I stored together with the .opvn on unRAID.

  • Author

thanks for the plugin, it is working great. I have one question. I want everything running through the VPN except one specific service on one specific port. I cannot figure out a way to have just that one service go through to the normal IP and not through the VPN. Is there anyway to accomplish this?

lol, I asked Peter this same question through a PM a couple days back. If someone can come up with the commands to do something like this I think he'd consider it as an option in the plugin, but it is currently not being worked on.

 

FWIW, I proposed the "Route only specific ip addresses:" module in the OpenVPN Config GUI have the drop-down options be to Route through VPN: (A)-All (B)-Only listed addresses (webbadress.txt) ©-Only unlisted addresses (not_webbadress.txt)

 

Maybe its easy as this .... after the tunnel is up,  executing this...

ip route add nnn.nnn.nnn.nn via 192.168.0.1 dev eth0

nnn = specific IP that you want be bypassed from the tunnel

and 192.168.0.1 is the local gateway on your LAN, and pass this to eth0 ??

 

 

running route -n it shows the IP address trough eth0 instead of tap0

 

If this is a correct way to bypass some IP address from the tunnel, I add this function as well  :D

 

//Peter

The plug-in works great. :)

It automatically connects my offsite backup server to my onsite LAN, and I can rsync from onsite unRAID server to offsite backup server.

What I cannot do, is accessing the offsite backup server from a computer that is on the offsite LAN. Is that possible?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.