Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OpenVPN Client:32 and 64-bit: Your Private and Secure Path to the Internet

Featured Replies

meh that sounds too much like work and my track record with such things is less than perfect.

 

I would be absolutely terrified of messing that hard with unRaid, especially when i have a current working solution as it is... I went a little heavy on my build just so I could run multiple vms on top of unRaid anyways.

 

I would, however, be interested in looking at the script to see how you went about it. If nothing else for the learning so I wont be so intimidated by such undertakings in the future.

 

Thanks for the answer too!

  • 2 weeks later...
  • Replies 546
  • Views 164.7k
  • Created
  • Last Reply

While now it works like a charm, i can't access remotely to mserver anymore. I have port open and redirection in order to acess to the server interface, subsonic, etc.

They all are unreachable now. Moreover, even my android app Dsub (using subsonic) can't connect to the server.

I wonder what happened since i installed OpenVPN and turned it on. I thought i could access to the server with the IP (my very own IP).

 

FYR, it doesn't ping too for the open ports (like 80.60.123.32:5000), it only pings with the IP only (like 80.60.123.32)

 

*80.60.123.32 random IP i typed, not mine huh

 

I had a similar problem instead, my unRAID box is in a 192.168.5.x subnet connected to a second router in a 192.168.4.x subnet (the 5.x router is configure to be a router not gateway, both using tomato firmware). The issue would arise because the first router (4.x)  has a vpn server running so establishing a connect via the vpn would not work accessing my unRAID box in the 5.x zone.

 

Long story short, I believe by installing the openvpn plugin, it modifies the routing table on your unRAID box and as such you might need to add a static route to be able to access it remotely.

Just installed the latest version and running into some problems.  I wouldn't work at all then after reading about the spaces in the .ovpn file name I fixed that part now I get this.

 

Wed Apr 10 19:17:49 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013

Wed Apr 10 19:17:49 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible

Wed Apr 10 19:17:49 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Wed Apr 10 19:17:49 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Apr 10 19:17:49 2013 Socket Buffers: R=[163840->131072] S=[163840->131072]

Wed Apr 10 19:17:49 2013 UDPv4 link local: [undef]

Wed Apr 10 19:17:49 2013 UDPv4 link remote: [AF_INET]192.30.83.214:1443

 

Basically stops there and the service wont start.

 

.ovpn file from proxy.sh

 

client

dev tun

proto udp

 

remote-random

remote 192.30.83.214 1443

 

resolv-retry infinite

nobind

persist-key

persist-remote-ip

persist-tun

ca proxysh.crt

verb 3

route-method exe

explicit-exit-notify 2

route-delay 2

comp-lzo

 

auth-user-pass /boot/config/openvpn/password.txt

status /tmp/openvpn/openvpn-status.log

 

 

Confirmed that password.txt contaons correct info.  Also wondering if the "WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible" is something to worry about.  I did do a chmod 700 on the file earlier but it seems to have reverted.

Have installed the 2.6.6, now getting this:

Sun Apr 14 22:36:28 2013 DEPRECATED OPTION: --tls-remote, please update your configuration
Sun Apr 14 22:36:28 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013
Sun Apr 14 22:36:28 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible
Sun Apr 14 22:36:28 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 22:36:28 2013 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
Sun Apr 14 22:36:28 2013 No valid translation found for TLS cipher 'DHE-DSS-AES256-SHA:AES256-SHA'
Sun Apr 14 22:36:28 2013 Failed to set restricted TLS cipher list, too long (>4095). (OpenSSL)
Sun Apr 14 22:36:28 2013 Exiting due to fatal error

 

Anyone enlighten me?

 

UPDATE: Replaced the cipher name in my OVPN file with the name listed "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" and everything went according to plan.

Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection?

Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection?

 

Ya, I have essentially the same question.  Wanting to exclude the plex port.

 

Anyone?

 

Thanks,

Steve

 

Btw: plugin works great with privateinternetaccess.  Thanks!

Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection?

 

Ya, I have essentially the same question.  Wanting to exclude the plex port.

 

Anyone?

 

Thanks,

Steve

 

Btw: plugin works great with privateinternetaccess.  Thanks!

 

I'm on PIA as well. Maybe I'll have to make a script that punches a hole in the vpn so we can get a port.

Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection?

 

Ya, I have essentially the same question.  Wanting to exclude the plex port.

 

Anyone?

 

Thanks,

Steve

 

Btw: plugin works great with privateinternetaccess.  Thanks!

 

I'm on PIA as well. Maybe I'll have to make a script that punches a hole in the vpn so we can get a port.

 

I'm not sure this answers your question and I'm not sure what kind of services you have running on your unRAID box, but I wanted a way to selectively control what ips/services go through the vpn. One way I figured to do this is by essentially establishing the vpn connection at the router level (router supporting the tomato firmware) and with a little iptables magic you can selectively assign ip address or services that you'd like to use the vpn.

  • 2 weeks later...

hi another Private Internet Access  user here and I am looking for a similar solution,but I want to open the incoming transmission port for seeding . I tried the router level vpn but that doesn't work for me (yet) because I have a pptp vpn server running on my router, and if i start the client on the router it gives me multiple nat error and I can't access my lan via ddns. 

 

Is there a way to get around the multiple nat and ddns issue? that would be the best way so that every device behind my main router goes through the vpn client, and I could still access my lan remotely  via my vpn server. But then i would still need to figure out how to  port forward the incoming port for transmission .

 

how can I port forward with this plugin

would this  work on unraid ?https://www.privateinternetaccess.com/forum/index.php?p=/discussion/180/port-forwarding-without-the-application-advanced-users

 

I would really appreciate any help on this.

thanks

 

sorry if this is the wrong place to post this maybe I should have put it in the user customizations, but this seemed fitting.

 

Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection?

 

Ya, I have essentially the same question.  Wanting to exclude the plex port.

 

Anyone?

 

Thanks,

Steve

 

Btw: plugin works great with privateinternetaccess.  Thanks!

 

I'm on PIA as well. Maybe I'll have to make a script that punches a hole in the vpn so we can get a port.

 

I'm not sure this answers your question and I'm not sure what kind of services you have running on your unRAID box, but I wanted a way to selectively control what ips/services go through the vpn. One way I figured to do this is by essentially establishing the vpn connection at the router level (router supporting the tomato firmware) and with a little iptables magic you can selectively assign ip address or services that you'd like to use the vpn.

I am using Private Internet Access with this OpenVPN plugin.

Occasionally I use Transmission for a torrent & this is what I did to get it working for me. My router is not involved with the VPN; the OpenVPN plugin is on my unRAID server.

 

PIA has 4 servers that allow port forwarding: Canada, Netherlands, Romania & Switzerland. There are good instructions on how to get the plugin to connect in this thread, so skipping that part... if you need help, just ask. Instructions below are for once you are connected, how to set port forwarding through PIA with Transmission.

 

Once connected to one of the 4 port forward servers via the plugin, telnet into your server to create the file ".pia_client_id":

head -n 100 /dev/urandom | md5sum | tr -d " -" > /mnt/cache/.custom/openvpn/.pia_client_id

This command to create "/mnt/cache/.custom/openvpn/.pia_client_id" should only need to be created once. The Port forwarding without the application page says to use the $HOME / ~ directory, but since the ~ directory is in RAM, use your cache drive (or somewhere on the flash drive or on the parity protected array... this file will be accessed hourly). If you use another directory, make sure to change the path everywhere below where ".pia_client_id" is called.

 

The curl command needs to be run once an hour to keep the port open (according to PIA). I created a bash script at /mnt/cache/.custom/openvpn/port_open.sh (make sure to chmod +x the script). Include the following lines (substitute USERNAME_HERE for your username, PASSWORD_HERE for your password... & "/mnt/cache/.custom/openvpn/.pia_client_id" to the location of the .pia_client_id you created in the first command, if you are using a different path).

#!/bin/bash
ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip 
curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened
awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash

 

Now, to run the script hourly, execute the following line as root:

echo "25 * * * * /mnt/cache/.custom/openvpn/port_open.sh" >> /var/spool/cron/crontabs/root

You can add this line to "/boot/config/go" so that the cron job will persist through reboots.

The above should allow you to keep a port open through PIA for Transmission. I like to go an extra step to have Transmission bound to the IP address given by PIA (so if the tunnel goes down, my server does not try to use another connection). I have manually been editing the "bind-address-ipv4" variable in the settings.json file for Transmission... but wanted to come up with a way that does not require me to manually edit the file. I have not fully tested this method & welcome improvements / suggestions.

 

I edited the above "/mnt/cache/.custom/openvpn/port_open.sh" file with the following:

#!/bin/bash
ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip 
curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened
awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash
ps -ef |grep "transmission-daemon -i" |grep -v grep > /tmp/vpn_ps

VPNPS=$(awk '{print $10;}' /tmp/vpn_ps)
VPNIP=$(cat /tmp/vpn_ip)
if [[ $VPNPS != $VPNIP ]] ; then                                     
   kill $(awk '{print $2;}' /tmp/vpn_ps)   
   awk '{print "/usr/bin/transmission-daemon -i "$0;}' /tmp/vpn_ip |bash
fi

As above, substitute USERNAME_HERE for your username, PASSWORD_HERE for your password... & "/mnt/cache/.custom/openvpn/.pia_client_id" to the location of the .pia_client_id you created in the first command, if you are using a different path.

I have installed version 2.6.6 and am struggling to get connect to privateinternetaccess.com. Here are my files:

 

.opvn:

 

client

dev tun

proto udp

remote us-texas.privateinternetaccess.com 1194

resolv-retry infinite

nobind

persist-key

persist-remote-ip

persist-tun

ca ca.crt

tls-client

remote-cert-tls server

comp-lzo

verb 1

reneg-sec 0

 

auth-user-pass /boot/openvpn/password.txt

 

Error Log:

 

Tue May  7 11:02:35 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013

Tue May  7 11:02:35 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible

Tue May  7 11:02:35 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 11:02:35 2013 UDPv4 link local: [undef]

Tue May  7 11:02:35 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:35 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Tue May  7 11:02:35 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 11:02:35 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 11:02:35 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 11:02:35 2013 TLS Error: TLS handshake failed

Tue May  7 11:02:35 2013 SIGUSR1[soft,tls-error] received, process restarting

Tue May  7 11:02:37 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 11:02:37 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:37 2013 UDPv4 link local: [undef]

Tue May  7 11:02:37 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:38 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 11:02:38 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 11:02:38 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 11:02:38 2013 TLS Error: TLS handshake failed

Tue May  7 11:02:38 2013 SIGUSR1[soft,tls-error] received, process restarting

Tue May  7 11:02:40 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 11:02:40 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:40 2013 UDPv4 link local: [undef]

Tue May  7 11:02:40 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:40 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 11:02:40 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 11:02:40 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 11:02:40 2013 TLS Error: TLS handshake failed

Tue May  7 11:02:40 2013 SIGUSR1[soft,tls-error] received, process restarting

Tue May  7 11:02:42 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 11:02:42 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:42 2013 UDPv4 link local: [undef]

Tue May  7 11:02:42 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194

Tue May  7 11:02:42 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 11:02:42 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 11:02:42 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 11:02:42 2013 TLS Error: TLS handshake failed

Tue May  7 11:02:42 2013 SIGUSR1[soft,tls-error] received, process restarting

 

I get the error that tun0 is not established.

 

What am I doing wrong?

 

Thanks,

Adam

@lainie

 

    wow thank you so much !!!! that is excellent ,  exactly what i needed and more ! will try it later tonight and thanks for the info on binding the ip in transmission that is very useful.

 

One question , what does the period in the code do? for example        " /mnt/cache/.custom/openvpn/.pia_client_id"  I've seen it in other places before and was curious about it, I'm guessing something to do with cache folders or files?.  thanks again for the great info and help!

 

 

@adamrobles

 

        hi I don't know if this will help but it's what had me tripped up when starting, I saw somewhere in this thread that you have to remove the space in the .ovpn file name, so if you're trying to use texas server then instead of the file name  "US Texas.ovpn" in your openvpn folder you would need to change it to "USTexas.ovpn"  thats what worked for me ,hope it helps.

Thanks @Breakline but my file name is just config.ovpn so there is no space in the filename.

 

Can anyone else help? I am at a loss here :(

@adamrobles - Do you have 2 password.txt files? I notice you list "auth-user-pass /boot/openvpn/password.txt" in your ovpn file, but the 2nd line of your log shows '/boot/config/openvpn/password.txt' (slightly different path to the password.txt file).

 

 

@ breakline - Having a period at the beginning of a file or directory name makes the file or directory hidden. If you have a directory containing some hidden files & some regular / non-hidden files & run the "ls" command (to list the contents of the directory), you will only see the non-hidden / regular files. However, if you instead use the "ls -a" command, all files (both hidden & non-hidden) will be displayed.

 

In some unRAID versions (think it is 4.x & under), if you wanted to run an application from the cache drive, you needed to create a hidden directory for the application (or else the mover script would move it to the parity protected array when the mover script runs nightly). Newer unRAID versions (think all the 5 betas & RCs) have the option to create "cache only" shares without using a period at the beginning of the file/directory name.

 

When I first installed several of the apps on my server, I followed directions that recommended creating a "/mnt/cache/.custom" directory for apps. Later, I found more updated instructions & plugins... but what I had worked so I have not changed it.

 

As for the ".pia_client_id" file, the Port forwarding w/o the app page used that name. I think PIA chose for it to be hidden since once it has been created there is not much reason to see it or mess with it again.

 

You can put the .pia_client_id file wherever you like. The file needs to be accessed hourly to keep the port open... because of the frequent access, placing it on the flash drive will shorten the time your flash drive lasts... or placing it on the parity protected array will spin up the disk hourly... so if you have a cache drive or SNAP drive that stays spun up, that will be the best location for the .pia_client_id file. Just make sure to update the path to the .pia_client_id along with your username & password in the commands that call it.

ok that is now fixed:

 

ovpn:

 

client

dev tun

proto udp

remote us-texas.privateinternetaccess.com 1194

resolv-retry infinite

nobind

persist-key

persist-remote-ip

persist-tun

ca ca.crt

tls-client

remote-cert-tls server

comp-lzo

verb 1

reneg-sec 0

 

 

auth-user-pass /boot/config/openvpn/password.txt

status /tmp/openvpn/openvpn-status.log

 

Log:

Tue May  7 15:39:23 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013

Tue May  7 15:39:23 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible

Tue May  7 15:39:23 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 15:39:23 2013 UDPv4 link local: [undef]

Tue May  7 15:39:23 2013 UDPv4 link remote: [AF_INET]23.29.120.218:1194

Tue May  7 15:39:23 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Tue May  7 15:39:24 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 15:39:24 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 15:39:24 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 15:39:24 2013 TLS Error: TLS handshake failed

Tue May  7 15:39:24 2013 SIGUSR1[soft,tls-error] received, process restarting

Tue May  7 15:39:26 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 15:39:26 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.120.218:1194

Tue May  7 15:39:26 2013 UDPv4 link local: [undef]

Tue May  7 15:39:26 2013 UDPv4 link remote: [AF_INET]23.29.120.218:1194

Tue May  7 15:39:29 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 15:39:29 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 15:39:29 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 15:39:29 2013 TLS Error: TLS handshake failed

Tue May  7 15:39:29 2013 SIGUSR1[soft,tls-error] received, process restarting

Tue May  7 15:39:31 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue May  7 15:39:31 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.120.218:1194

Tue May  7 15:39:31 2013 UDPv4 link local: [undef]

Tue May  7 15:39:31 2013 UDPv4 link remote: [AF_INET]23.29.120.218:1194

Tue May  7 15:39:31 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Tue May  7 15:39:31 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May  7 15:39:31 2013 TLS Error: TLS object -> incoming plaintext read error

Tue May  7 15:39:31 2013 TLS Error: TLS handshake failed

Tue May  7 15:39:31 2013 SIGUSR1[soft,tls-error] received, process restarting

 

 

I still get the same error.

 

How do I create this tun0 device in ifconfig?

 

Adam

there is a bug ;)

 

Options error: --auth-user-pass fails with '/boot/config/openvpn/password.txtstatus': No such file or directory

Options error: Please correct these errors.

Use --help for more information.

 

This i get after install latest 2.6.6

 

when i change password.txt on password.txtstatus - then start working :)

I am using Private Internet Access with this OpenVPN plugin.

Occasionally I use Transmission for a torrent & this is what I did to get it working for me. My router is not involved with the VPN; the OpenVPN plugin is on my unRAID server.

 

PIA has 4 servers that allow port forwarding: Canada, Netherlands, Romania & Switzerland. There are good instructions on how to get the plugin to connect in this thread, so skipping that part... if you need help, just ask. Instructions below are for once you are connected, how to set port forwarding through PIA with Transmission.

 

Once connected to one of the 4 port forward servers via the plugin, telnet into your server to create the file ".pia_client_id":

head -n 100 /dev/urandom | md5sum | tr -d " -" > /mnt/cache/.custom/openvpn/.pia_client_id

This command to create "/mnt/cache/.custom/openvpn/.pia_client_id" should only need to be created once. The Port forwarding without the application page says to use the $HOME / ~ directory, but since the ~ directory is in RAM, use your cache drive (or somewhere on the flash drive or on the parity protected array... this file will be accessed hourly). If you use another directory, make sure to change the path everywhere below where ".pia_client_id" is called.

 

The curl command needs to be run once an hour to keep the port open (according to PIA). I created a bash script at /mnt/cache/.custom/openvpn/port_open.sh (make sure to chmod +x the script). Include the following lines (substitute USERNAME_HERE for your username, PASSWORD_HERE for your password... & "/mnt/cache/.custom/openvpn/.pia_client_id" to the location of the .pia_client_id you created in the first command, if you are using a different path).

#!/bin/bash
ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip 
curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened
awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash

 

Now, to run the script hourly, execute the following line as root:

echo "25 * * * * /mnt/cache/.custom/openvpn/port_open.sh" >> /var/spool/cron/crontabs/root

You can add this line to "/boot/config/go" so that the cron job will persist through reboots.

 

awesome! thank you again for taking the time to help me with this,  very informative .

 

so i implemented the port_open.sh script  that you posted but how can i tell if its working? when i open Transmission Remote GUI and go to >tools>transmission options>network>test port it still says port closed ,  and in my system log i keep getting a lot of " Scrape error: Could not connect to tracker" . and a whole lot of Saved "/mnt/disk/apps/transmission/stats.json" (bencode.c:1733) like every few minutes. 

 

I have my transmission port set as 36424 here is what i get when i run: lsof -i -n -P

COMMAND     PID        USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
rpc.portm   937         bin    4u  IPv4     551      0t0  UDP *:111
rpc.portm   937         bin    5u  IPv4     552      0t0  TCP *:111 (LISTEN)
rpc.statd   941        root    5u  IPv4    4376      0t0  UDP *:703
rpc.statd   941        root    7u  IPv4    4385      0t0  UDP *:52456
rpc.statd   941        root    8u  IPv4    4388      0t0  TCP *:33174 (LISTEN)
inetd       951        root    4u  IPv4     566      0t0  TCP *:37 (LISTEN)
inetd       951        root    5u  IPv4     567      0t0  UDP *:37
inetd       951        root    6u  IPv4     568      0t0  TCP *:21 (LISTEN)
inetd       951        root    7u  IPv4     569      0t0  TCP *:23 (LISTEN)
ntpd        958        root   16u  IPv4     578      0t0  UDP *:123
ntpd        958        root   17u  IPv4     582      0t0  UDP 127.0.0.1:123
ntpd        958        root   18u  IPv4     583      0t0  UDP 192.168.0.4:123
ntpd        958        root   20u  IPv4 1161117      0t0  UDP 10.171.1.6:123
transmiss  7776      nobody    9u  IPv4 1212618      0t0  UDP *:43503
transmiss  7776      nobody   10u  IPv4 1212622      0t0  TCP *:9091 (LISTEN)
transmiss  7776      nobody   11u  IPv4 1212623      0t0  TCP *:36424 (LISTEN)
transmiss  7776      nobody   12u  IPv4 1212625      0t0  UDP *:36424
transmiss  7776      nobody   16u  IPv4 1938323      0t0  TCP 10.171.1.6:45473->203.219.131.165:51413 (ESTABLISHED)
smbd      10612        root   29u  IPv4 1914558      0t0  TCP 192.168.0.4:445->192.168.0.6:58744 (ESTABLISHED)
awk       12387        root    3u  IPv4 1938715      0t0  TCP *:8080 (LISTEN)
python    17748 unraid-plex    7u  IPv4 1934815      0t0  TCP *:42591 (LISTEN)
emhttp    17948        root    3u  IPv4   24840      0t0  TCP *:80 (LISTEN)
nmbd      18003        root    9u  IPv4   24893      0t0  UDP *:137
nmbd      18003        root   10u  IPv4   24894      0t0  UDP *:138
nmbd      18003        root   11u  IPv4   24896      0t0  UDP 192.168.0.4:137
nmbd      18003        root   12u  IPv4   24897      0t0  UDP 192.168.0.255:137
nmbd      18003        root   13u  IPv4   24898      0t0  UDP 192.168.0.4:138
nmbd      18003        root   14u  IPv4   24899      0t0  UDP 192.168.0.255:138
smbd      18005        root   25u  IPv4   24924      0t0  TCP *:445 (LISTEN)
smbd      18005        root   26u  IPv4   24926      0t0  TCP *:139 (LISTEN)
in.telnet 19292        root    0u  IPv4 1938761      0t0  TCP 192.168.0.4:23->192.168.0.6:59912 (ESTABLISHED)
in.telnet 19292        root    1u  IPv4 1938761      0t0  TCP 192.168.0.4:23->192.168.0.6:59912 (ESTABLISHED)
in.telnet 19292        root    2u  IPv4 1938761      0t0  TCP 192.168.0.4:23->192.168.0.6:59912 (ESTABLISHED)
openvpn   24754        root    4u  IPv4 1159659      0t0  UDP *:36071
Plex      24841 unraid-plex   21u  IPv4   35267      0t0  TCP *:32400 (LISTEN)
Plex      24841 unraid-plex   37u  IPv4 1918416      0t0  TCP 192.168.0.4:32400->192.168.0.98:54288 (ESTABLISHED)
Plex      24841 unraid-plex   42u  IPv4   34808      0t0  UDP *:32414
Plex      24841 unraid-plex   43u  IPv4   34809      0t0  UDP *:32410
Plex      24841 unraid-plex   45u  IPv4   34811      0t0  UDP *:32413
Plex      24841 unraid-plex   46u  IPv4   34812      0t0  UDP 127.0.0.1:58065
Plex      24841 unraid-plex   47u  IPv4   34813      0t0  UDP 192.168.0.4:56252
Plex      24841 unraid-plex   48u  IPv4   34814      0t0  UDP 127.0.0.1:52163
Plex      24841 unraid-plex   49u  IPv4   34815      0t0  UDP 192.168.0.4:36454
lighttpd  24874        root    4u  IPv4   35436      0t0  TCP *:81 (LISTEN)
lighttpd  24874        root    5u  IPv4 1938767      0t0  TCP 192.168.0.4:81->192.168.0.6:59913 (ESTABLISHED)
Plex      24982 unraid-plex   11u  IPv4   35854      0t0  UDP *:1900
Plex      24982 unraid-plex   14u  IPv4   35857      0t0  TCP *:1677 (LISTEN)
Plex      24982 unraid-plex   17u  IPv4   35862      0t0  UDP *:12422
Plex      24982 unraid-plex   20u  IPv4   35865      0t0  UDP *:4738
Plex      24982 unraid-plex   23u  IPv4   35868      0t0  TCP *:32469 (LISTEN)
Plex      24982 unraid-plex   26u  IPv4   35521      0t0  TCP 127.0.0.1:37249->127.0.0.1:52577 (CLOSE_WAIT)
Plex      24982 unraid-plex   28u  IPv4   35553      0t0  UDP *:34114
Plex      24982 unraid-plex   32u  IPv4   35556      0t0  UDP *:60846
Plex      24982 unraid-plex   40u  IPv4   34805      0t0  UDP 192.168.0.4:36067->192.168.0.1:53
Plex      24982 unraid-plex   41u  IPv4   34806      0t0  UDP 10.141.1.6:46753->10.141.1.5:5351
vboxwebsr 28892        root   12u  IPv4 1617540      0t0  TCP 192.168.0.4:18083 (LISTEN)

 

maybe thats not the right command ( I tried a few) but what i found.

 

 

and one other thing when i edit settings.json file to bind  transmission to ipv4 adress all my torrents go red and unable to connect , should i make sure there are no torrents in transmission when i implement the bind ipv4 adress?

so i implemented the port_open.sh script  that you posted but how can i tell if its working?

What output do you get from these 2 commands?

cat /tmp/vpn_ip 
cat /tmp/vpn_port_opened

vpn_ip should be an ip address starting with 10.x.x.x.

vpn_port_opened should be the port Transmission is set to use.

 

In the port_open.sh script, the "ifconfig" line checks for your PIA local IP address & saves it to /tmp/vpn_ip. The "curl" command opens the port & saves it to /tmp/vpn_port_opened. The awk command sets the port opened in Transmission (without having to edit the settings file or restart Transmission).

 

when i open Transmission Remote GUI and go to >tools>transmission options>network>test port it still says port closed ,  and in my system log i keep getting a lot of " Scrape error: Could not connect to tracker" . and a whole lot of Saved "/mnt/disk/apps/transmission/stats.json" (bencode.c:1733) like every few minutes. 

I am using the web GUI instead of remote GUI, not sure of the differences. When working, the Transmission web GUI should show port opened & the port should be the same as /tmp/vpn_port_opened. My syslog shows lots of stats saved & torrent resumed messages.

 

I have my transmission port set as 36424 here is what i get when i run: lsof -i -n -P

COMMAND     PID        USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
rpc.portm   937         bin    4u  IPv4     551      0t0  UDP *:111
rpc.portm   937         bin    5u  IPv4     552      0t0  TCP *:111 (LISTEN)
rpc.statd   941        root    5u  IPv4    4376      0t0  UDP *:703
rpc.statd   941        root    7u  IPv4    4385      0t0  UDP *:52456
rpc.statd   941        root    8u  IPv4    4388      0t0  TCP *:33174 (LISTEN)
transmiss  7776      nobody    9u  IPv4 1212618      0t0  UDP *:43503
transmiss  7776      nobody   10u  IPv4 1212622      0t0  TCP *:9091 (LISTEN)
transmiss  7776      nobody   11u  IPv4 1212623      0t0  TCP *:36424 (LISTEN)
transmiss  7776      nobody   12u  IPv4 1212625      0t0  UDP *:36424
transmiss  7776      nobody   16u  IPv4 1938323      0t0  TCP 10.171.1.6:45473->203.219.131.165:51413 (ESTABLISHED)

Looks like Transmission is running on port 36424. Is that the port reported opened in /tmp/vpn_port_opened?

 

and one other thing when i edit settings.json file to bind  transmission to ipv4 adress all my torrents go red and unable to connect , should i make sure there are no torrents in transmission when i implement the bind ipv4 adress?

Whenever you edit the settings.json file, Transmission has to be stopped & restarted (else it overwrites your settings). Should not have to empty out existing torrents though.

 

 

 

ok so i finally had some time to play around with this a little bit and its working almost perfect,

 

after i run the script it shows the ip and port forward but only when I manually enter the port forward in transmission it works  , I go to test incoming port and it shows "incoming port tested successfully" should I set it to random port on daemon launch?

 

but , when i run the port_open.sh script I get this ---->>       

Unexpected response: <h1>401: Unauthorized</h1>Unauthorized Usere: application/x-www-form-urlencoded

 

 

and after so long it changes the port forward  , I'm not sure if this is because of PIA changing it every so often or because i stop and restart openvpn and transmission. I tried with both scripts port forward and port forward + binding that you posted but same results.

 

thanks again lainie for helping with this I think once it gets worked out it should be stickied because I'm sure I'm not the only one finding this very beneficial. if I can help you in any way let me know.

 

 

ok so i finally had some time to play around with this a little bit and its working almost perfect,

 

after i run the script it shows the ip and port forward but only when I manually enter the port forward in transmission it works  , I go to test incoming port and it shows "incoming port tested successfully" should I set it to random port on daemon launch?

 

awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash

This command uses the port number from previous commands, saved in /tmp/vpn_port_opened, to change the port in Transmission. The port should not need to be changed manually.

 

No, you do not want a random port... you want the port set by /usr/bin/transmission-remote. It might not matter once the script runs correctly... the script should change the port while Transmission is running without you having to restart Transmission... I left "Random Port" unchecked on mine.

 

but , when i run the port_open.sh script I get this ---->>       

Unexpected response: <h1>401: Unauthorized</h1>Unauthorized Usere: application/x-www-form-urlencoded

 

This looks like a problem authenticating the "curl" command line to PIA. Did you change USERNAME_HERE for your PIA username, PASSWORD_HERE for your PIA password?

 

If this "curl" command is not authenticating correctly with PIA, the "awk" command discussed above will not work... All 3 commands have to be run sequentially & correctly as each command uses information obtained from a previous command.

 

and after so long it changes the port forward  , I'm not sure if this is because of PIA changing it every so often or because i stop and restart openvpn and transmission. I tried with both scripts port forward and port forward + binding that you posted but same results.

If you stop & restart openvpn, you will get a new IP (at least I seem to get a new one every time I disconnect & reconnect)... until the script runs, no port will be open for the new IP. How often do you have port_open.sh set to run in cron?

 

Stopping & restarting Transmission will not change the IP & port from PIA... however, if Transmission is not running when the "awk" command of the script is executed & for some reason the port has changed, you will not have the new port assigned until the script runs again.

 

I think the problem is you are getting "Unauthorized User" from the script. Double, triple & quadruple check the

curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened

command to make sure your information is correct.

 

thanks again lainie for helping with this I think once it gets worked out it should be stickied because I'm sure I'm not the only one finding this very beneficial. if I can help you in any way let me know.

I wonder if it is easier to port forward with other VPN providers. I might write up something for a web page & create a sub-domain for it on my site like I did with VirtualBox... have not had the time so far. Glad it is helpful to you & that you are making progress with it.

  • 2 weeks later...

Hi everyone,

 

I just subscribed to PIA, and got it set up with this plugin thanks to you all.  You guys are awesome!

 

I also have transmission on my unraid box.  I'm just curious what the advantage is for port forwarding.  I just added a couple torrents last night, and it seems like my seeding is OK.  Currently the torrents have 1 of 2 or 2 of 2 peers seeding to.  This makes me wonder if I truly am utilizing the VPN, because I thought I wouldn't be able to seed behind the VPN.  Can anyone explain this to me?  Is there a way to confirm that my traffic is being routed through PIA?

 

Thanks in advance.  Sorry for the noob questions, I've been on usenet and haven't used bittorrent for quite some time.

  • 3 weeks later...
root@Icarus:~# /etc/rc.d/rc.openvpn start

ca.crt

Netherlands.ovpn

Your ovpn file already have the option --> /boot/config/openvpn/password.txt

Your ovpn file already have the option --> persist-remote-ip

Your ovpn file already have the option --> status /tmp/openvpn/openvpn-status.log

Starting Openvpn Tunnel: wait .........

nohup: redirecting stderr to stdout

The OpenVPN Client is running with Process 21505

Not connected!  tun0  don't established, check your account settings!!!

Stoping Openvpn Tunnel.....

... OK

The OpenVPN Client is running with Process 21505

Writing to the plugin config file....

root@Icarus:~#

 

any thoughts?

at all?

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.