peter_sm Posted June 16, 2016 Author Share Posted June 16, 2016 Can you go to unRAID network settings and save/update and see if the config file updates. Quote Link to comment
peter_sm Posted June 16, 2016 Author Share Posted June 16, 2016 It should looks like this # Generated settings: IFNAME[0]="eth0" DESCRIPTION[0]="" USE_DHCP[0]="yes" DHCP_KEEPRESOLV="no" MTU[0]="" VLANID[0,1]="1" DESCRIPTION[0,1]="" USE_DHCP[0,1]="" VLANS[0]="2" SYSNICS="1" Quote Link to comment
Chobie Posted June 16, 2016 Share Posted June 16, 2016 Thanks peter, I went into unraid network settings and forced a change so that it saved a new copy of the network.cfg. Everything is now working when I connect to the VPN and I can access the web again! Thanks again. Quote Link to comment
randall526 Posted June 19, 2016 Share Posted June 19, 2016 Got a perplexing problem with the VPN client driving me up a wall. The plugin is dynamically updating my .ovpn config file every time I try to start the VPN Client and it some how removes the dev tun option in the file. The vpn fails to start with, no dev option defined in your .ovpn file. I'll add it back and the plugin updates the .ovpn and removes it every time and then the vpn log complains about the entry not being there. This is what my config file looks like before I start the VPN persist-tun dev tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ######### 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass This is what it looks like after the VPN fails to start and it updates my .ovpn file. It fails to start and says the dev tun/tap option is missing cause the plugin took it out.... persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ############## 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass /boot/config/plugins/openvpnclient/password.txt status /tmp/openvpn/openvpn-status Interestingly, I have another remote VPNserver using different options without a password and the plugin never trys to change the .ovpn file and it works fine. Any bright ideas? Quote Link to comment
randall526 Posted June 20, 2016 Share Posted June 20, 2016 One more thing, confident the plugin was incorrectly editing the .ovpn file which was a valid config before the plugin touched it, I decided to fire the VPN up via the command line. The following command and config file connects to my openVPN server and shows up running in the GUI. However if I bounce it via the GUI plugin, it removes the "dev tun" line and mentioned it updated the file and fails to start due to no dev tun/tap adapter defined. Maddening I say. It only does it for this setup, my other VPN server and .ovpn config file the plugin doesn't touch or try to update. Working command openvpn --writepid /var/run/openvpn/openvpn.pid --script-security 3 --mute-replay-warnings --config /boot/openvpn/pfSense-udp-1198-Sister.ovpn Working config via command line dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ######## 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass /boot/config/plugins/openvpnclient/password.txt status /tmp/openvpn/openvpn-status.log Quote Link to comment
peter_sm Posted June 20, 2016 Author Share Posted June 20, 2016 Got a perplexing problem with the VPN client driving me up a wall. The plugin is dynamically updating my .ovpn config file every time I try to start the VPN Client and it some how removes the dev tun option in the file. The vpn fails to start with, no dev option defined in your .ovpn file. I'll add it back and the plugin updates the .ovpn and removes it every time and then the vpn log complains about the entry not being there. This is what my config file looks like before I start the VPN persist-tun dev tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ######### 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass This is what it looks like after the VPN fails to start and it updates my .ovpn file. It fails to start and says the dev tun/tap option is missing cause the plugin took it out.... persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote ############## 1198 udp lport 0 verify-x509-name "pfenseRand" name pkcs12 pfSense-udp-1198-Sister.p12 ns-cert-type server comp-lzo adaptive auth-user-pass /boot/config/plugins/openvpnclient/password.txt status /tmp/openvpn/openvpn-status Interestingly, I have another remote VPNserver using different options without a password and the plugin never trys to change the .ovpn file and it works fine. Any bright ideas? Hmm, I missing this line proto udp ? I assume you want this protocol. Can you try add that line above dev tun proto udp While OpenVPN allows either the TCP or UDP protocol to be used as the VPN carrier connection, the UDP protocol will provide better protection against DoS attacks and port scanning than TCP: proto udp //Peter Quote Link to comment
randall526 Posted June 20, 2016 Share Posted June 20, 2016 The .ovpn file was partially auto generate by pfsense and it defined the UDP protocol this way remote rand526.ddns.net 1198 udp <========= I normally add the udp line separately myself as you suggested however this way works too. I proved this configuration works by starting the VPN by the command line. This works and the .ovpn file is not butchered by the unraid plugin when started this way. The plugin however when starting the VPN via the GUI keeps editing my .ovpn file and removing the "dev tun" line incorrectly just before the VPN starts. The VPN log then bawks that it's missing the "dev tun". The plugin breaks my .ovpn file every time. This proves the plugin is incorrectly messing with my .ovpn file and the configuration works prior to the plugin deciding to update it. I can see updating .ovpn in the lower right corner flash ever so briefly when I use this .ovpn. What in the plugin decides my .ovpn must be updated and removes this line.... I have no idea. My other .ovpn file I use for another VPN, the plugin doesn't touch and thus I don't get my .ovpn butchered by the plugin lol. Summing up, I think someone understanding the plugin logic rather then openVPN would have to comment as to why the plugin is messing with my .ovpn file and removing "dev tun" every-time. I think this is a plugin issue not a openVPN configuration problem. Something about my setup however the plugin is deciding it must incorrectly update my .ovpn file. Quote Link to comment
randall526 Posted June 29, 2016 Share Posted June 29, 2016 I ended up scripting around this and starting the VPN in the go file the traditional openvpn command line way and using a cron job script to keep an eye on it. GUI plugin still fails to start the VPN by removing my "dev tun" line in my ovpn config file everytime. Quote Link to comment
michaelmcq Posted June 30, 2016 Share Posted June 30, 2016 I had the server up and running but after a restart I had to go through the setup again, ended up removing and adding and now it won't install Easy RSA. I have manually run both /etc/rc.d/rc.openvpnserver download_easy-rsa and rc.openvpnserver 'download_easy-rsa' and everything seems to install fine but I never get a tick next to Easy RSA and as a result I can't create clients. I get ticks for the other 2 and I can start the VPN server but obviously I can't connect Any ideas? Quote Link to comment
peter_sm Posted June 30, 2016 Author Share Posted June 30, 2016 The .ovpn file was partially auto generate by pfsense and it defined the UDP protocol this way remote rand526.ddns.net 1198 udp <========= I normally add the udp line separately myself as you suggested however this way works too. I proved this configuration works by starting the VPN by the command line. This works and the .ovpn file is not butchered by the unraid plugin when started this way. The plugin however when starting the VPN via the GUI keeps editing my .ovpn file and removing the "dev tun" line incorrectly just before the VPN starts. The VPN log then bawks that it's missing the "dev tun". The plugin breaks my .ovpn file every time. This proves the plugin is incorrectly messing with my .ovpn file and the configuration works prior to the plugin deciding to update it. I can see updating .ovpn in the lower right corner flash ever so briefly when I use this .ovpn. What in the plugin decides my .ovpn must be updated and removes this line.... I have no idea. My other .ovpn file I use for another VPN, the plugin doesn't touch and thus I don't get my .ovpn butchered by the plugin lol. Summing up, I think someone understanding the plugin logic rather then openVPN would have to comment as to why the plugin is messing with my .ovpn file and removing "dev tun" every-time. I think this is a plugin issue not a openVPN configuration problem. Something about my setup however the plugin is deciding it must incorrectly update my .ovpn file. Add proto udp line above dev tun and it will work Quote Link to comment
peter_sm Posted June 30, 2016 Author Share Posted June 30, 2016 I had the server up and running but after a restart I had to go through the setup again, ended up removing and adding and now it won't install Easy RSA. I have manually run both /etc/rc.d/rc.openvpnserver download_easy-rsa and rc.openvpnserver 'download_easy-rsa' and everything seems to install fine but I never get a tick next to Easy RSA and as a result I can't create clients. I get ticks for the other 2 and I can start the VPN server but obviously I can't connect Any ideas? New update is available to correcting the DL of easy-rsa //Peter Quote Link to comment
randall526 Posted July 1, 2016 Share Posted July 1, 2016 changing how the udp protocol was defined worked Didn't think to change it seeing as pfsence oepnVPN server generated it that way on behalf of the VPN client and worked fine outside the plugin. I can stop and start the VPN through the WebGUI now, the small things make one happy. Thanks again. Quote Link to comment
michaelmcq Posted July 1, 2016 Share Posted July 1, 2016 I had the server up and running but after a restart I had to go through the setup again, ended up removing and adding and now it won't install Easy RSA. I have manually run both /etc/rc.d/rc.openvpnserver download_easy-rsa and rc.openvpnserver 'download_easy-rsa' and everything seems to install fine but I never get a tick next to Easy RSA and as a result I can't create clients. I get ticks for the other 2 and I can start the VPN server but obviously I can't connect Any ideas? New update is available to correcting the DL of easy-rsa //Peter Worked a charm - thank you very much Quote Link to comment
Guest Posted July 2, 2016 Share Posted July 2, 2016 Hi Peter_sm! Thanks for the great plugin! A few questions though. I use the plugin so I could stream my media from the outside networks. However, when I connect via OpenVPN, I can only see my internal network. I cannot access any websites (such as Google). This is made cumbersome by the fact that I sometimes need to search up some stuff while I work with my VM applications. I need to switch the OpenVPN on and off to search up facts and then go back to my server and save the changes. My server only has one NIC, built-in to the motherboard, how do I route my traffic from OpenVPN to the outside world? Sorry, but I'm a real noob at OpenVPN and any help would be appreciated. I've deleted /boot/config/openvpnserver and /mnt/cache/appdata/openvpn-server and have reinstalled the server plugin, so I'm on a fresh slate. Quote Link to comment
peter_sm Posted July 2, 2016 Author Share Posted July 2, 2016 Hi Peter_sm! Thanks for the great plugin! A few questions though. I use the plugin so I could stream my media from the outside networks. However, when I connect via OpenVPN, I can only see my internal network. I cannot access any websites (such as Google). This is made cumbersome by the fact that I sometimes need to search up some stuff while I work with my VM applications. I need to switch the OpenVPN on and off to search up facts and then go back to my server and save the changes. My server only has one NIC, built-in to the motherboard, how do I route my traffic from OpenVPN to the outside world? Sorry, but I'm a real noob at OpenVPN and any help would be appreciated. I've deleted /boot/config/openvpnserver and /mnt/cache/appdata/openvpn-server and have reinstalled the server plugin, so I'm on a fresh slate. Can you attach your OpenVPN Server Configuration: ? I'm ising iPad and I can reach complete LAN (tower,plex,VM) and outsid as well my config NETWORK=10.22.0.0 NETMASK=255.255.255.0 SERVER_PORT=1194 CANONICAL=xxx.yyy.com PROTOCOL=udp CIPHER="cipher aes-256-cbc" CLIENT="Enable" HASH_ALGO="auth sha256" GATEWAY="redirect-gateway" SUBNET="Disable" LAN_SUBNET="Disable" COMP_LZO="comp-lzo" IPP="ipp.txt" DHCP_1="dhcp-option DNS" TELNET_CONSOLE="No" VERB="verb 3" IP_PORT_SHARE="" Quote Link to comment
Guest Posted July 2, 2016 Share Posted July 2, 2016 Can you attach your OpenVPN Server Configuration: ? I'm ising iPad and I can reach complete LAN (tower,plex,VM) and outsid as well my config NETWORK=10.22.0.0 NETMASK=255.255.255.0 SERVER_PORT=1194 CANONICAL=xxx.yyy.com PROTOCOL=udp CIPHER="cipher aes-256-cbc" CLIENT="Enable" HASH_ALGO="auth sha256" GATEWAY="redirect-gateway" SUBNET="Disable" LAN_SUBNET="Disable" COMP_LZO="comp-lzo" IPP="ipp.txt" DHCP_1="dhcp-option DNS" TELNET_CONSOLE="No" VERB="verb 3" IP_PORT_SHARE="" Sure. server 10.8.0.0 255.255.255.0 local 192.168.0.100 dev tun port 1194 proto udp dh /mnt/cache/appdata/openvpn-server/dh.pem ca /mnt/cache/appdata/openvpn-server/ca.crt cert /mnt/cache/appdata/openvpn-server/server.crt key /mnt/cache/appdata/openvpn-server/server.key ifconfig-pool-persist /mnt/cache/appdata/openvpn-server/ipp.txt push "dhcp-option DNS 8.8.8.8" push "redirect-gateway def1" tls-server verb 3 tls-auth /mnt/cache/appdata/openvpn-server/ta.key 0 persist-key persist-tun keepalive 10 120 user nobody group users cipher aes-256-cbc client-to-client auth sha512 comp-lzo topology subnet push "resolv-retry infinite" status /var/log/openvpnserver-status.log 5 log-append /var/log/openvpnserver.log status-version 2 And as a feature suggestion, can we first change the config, then let OpenVPN restart on itself? The reason I'm asking is because when I'm out (of the house), I can't turn off OpenVPN because doing so would make me lose connection with the server, therefore I could not access the server webui to change settings and start OpenVPN up again. So, when we make changes, OpenVPN restarts itself, so we can reconnect without having to enable OpenVPN again from the WebUI. EDIT: I've tried redirect-gateway instead of redirect-gateway def1, no dice. Doesn't work at all. Can only see server (and the rest of my internal network), cannot connect to google.com. Quote Link to comment
peter_sm Posted July 2, 2016 Author Share Posted July 2, 2016 What unRAID version are you on? and please attache /boot/config/network.cfg //Peter Quote Link to comment
Guest Posted July 2, 2016 Share Posted July 2, 2016 # Generated network settings USE_DHCP="yes" IPADDR= NETMASK= GATEWAY= This is the network.cfg. I'm running on UnRAID v6.2 beta23, but that might be irrelevant because I've been having those issues before the installation of the beta. Quote Link to comment
peter_sm Posted July 2, 2016 Author Share Posted July 2, 2016 The format is old of your network.cfg, please do an update of the newtwork settings in unRAID and look at the network.cfg and try again :-) //Peter Quote Link to comment
Guest Posted July 2, 2016 Share Posted July 2, 2016 The format is old of your network.cfg, please do an update of the newtwork settings in unRAID and look at the network.cfg and try again :-) //Peter What do you mean, the format is old? You mean I have to change the network settings? And in what way should I change that? Thanks. Quote Link to comment
peter_sm Posted July 2, 2016 Author Share Posted July 2, 2016 Just go and save your network settings for unRAID. Then you will see a different format of network.cfg Quote Link to comment
Guest Posted July 2, 2016 Share Posted July 2, 2016 Just go and save your network settings for unRAID. Then you will see a different format of network.cfg Wow, it worked! I saved the network settings, and the config file changed. (by saving this, new users, I mean changing the DHCP to manual, then back to automatic) After restart of the OpenVPN plugin, I was able to access the internet. Thanks peter_sm! Oh, and one more thing. How do I know all of my traffic is getting passed through the VPN? I don't want any leaks. Thanks again! Quote Link to comment
peter_sm Posted July 2, 2016 Author Share Posted July 2, 2016 Just go and save your network settings for unRAID. Then you will see a different format of network.cfg Wow, it worked! I saved the network settings, and the config file changed. (by saving this, new users, I mean changing the DHCP to manual, then back to automatic) After restart of the OpenVPN plugin, I was able to access the internet. Thanks peter_sm! Oh, and one more thing. How do I know all of my traffic is getting passed through the VPN? I don't want any leaks. Thanks again! About the leaks I don't know, can you do some googling and see if this is a risk for openvpn server ? Quote Link to comment
Guest Posted July 2, 2016 Share Posted July 2, 2016 About the leaks I don't know, can you do some googling and see if this is a risk for openvpn server ? Sorry, it seems like we're off track. I also want outside servers (like Google) passed through the OpenVPN link before coming to my device outside. So sometimes OpenVPN servers only pass through requests for internal network, and just let external network requests through. But I've just run the IP check from my phone running on LTE, and it seems like it's passing through correctly. Thanks for the help, and the great plugin! Quote Link to comment
zarfx4 Posted July 3, 2016 Share Posted July 3, 2016 Any ideas why I would suddenly have openvpn just stop working? Nothing has changed except unRaid has updated. The connection in the open VPN app on any of my iOS devices just spins. Shows bytes going out. But no response. Keeps taking out. Checked port forwarding for UDP 1194 and it's going to the unraid IP Checked that open VPN is running. It is. Rebooted. Nothing Created a new opvn file. Nothing. Any ideas **EDIT** I have rebooted everything. The OpenVPN logs from my iphone keep showing that not bytes are coming in. Router has 1194 forwarded, thats the Port in the OpenVPN plugin Server Settings. This all used to work. I have also removed the entire plugin and tried again to no avail. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.