tr0910 Posted January 9, 2017 Share Posted January 9, 2017 Hi, "Initialization Sequence Completed" indicate that all went OK, and the process are running. and you stopped the connection with "ctrl +c" If you like to see the prompt after connection you need to add a & at the end of your command, like this openvpn --config /boot/openvpn/karli.ovpn & You can then check if the process are running with this command. ps -ef | grep openvpn Running with a "&" suffix still results in the same hung terminal session. After pressing Ctrl C and checking ps nobody 14748 1 0 2016 ? 00:00:09 openvpn --writepid /var/run/openvpnserver/openvpnserver.pid --config /mnt/cache/appdata/myVPNserver/openvpnserver.ovpn --script-security 2 --daemon root 25180 127452 0 14:53 pts/2 00:00:00 openvpn --config /boot/openvpn/karli.ovpn root 33595 127452 0 15:09 pts/2 00:00:00 grep openvpn This shows that it is still running and I can ping the IPMI interface and the running remote unRaid server. However running ipmitool -I lan -H 192.168.1.179 -U ADMIN -P ADMIN chassis power status Error: Unable to establish LAN session Unable to get Chassis Power Status So it isn't really full connected?? My bad.... I was checking wrong ipmi ip address. This shows that it is correctly working even though the terminal is hung.... ipmitool -I lan -H 192.168.1.178 -U ADMIN -P ADMIN chassis power status Chassis Power is on Quote Link to comment
nexusmaniac Posted January 11, 2017 Share Posted January 11, 2017 Hi, I've tried searching through this thread (search is so annoying ) But can't find the answer! Is it possible to use the OpenVPN client plugin to connect only specific things, i.e. I need all of my dockers going through a VPN except for Plex, which doesn't work remotely when going through a VPN So is there a way to bypass / exclude a single docker container from using the VPN / TUN interface? Any help would be greatly appreciated! Thanks Quote Link to comment
JonathanM Posted January 12, 2017 Share Posted January 12, 2017 Is it possible to use the OpenVPN client plugin to connect only specific things, i.e. I need all of my dockers going through a VPN except for Plex, which doesn't work remotely when going through a VPN So is there a way to bypass / exclude a single docker container from using the VPN / TUN interface? Any help would be greatly appreciated! Thanks Normally this specific plugin is used to provide a private tunnel for you to connect back to your server from outside securely. Connecting to a VPN service is better served by Binhex's VPN enabled torrent and nzb dockers. Quote Link to comment
nexusmaniac Posted January 12, 2017 Share Posted January 12, 2017 Is it possible to use the OpenVPN client plugin to connect only specific things, i.e. I need all of my dockers going through a VPN except for Plex, which doesn't work remotely when going through a VPN So is there a way to bypass / exclude a single docker container from using the VPN / TUN interface? Any help would be greatly appreciated! Thanks Normally this specific plugin is used to provide a private tunnel for you to connect back to your server from outside securely. Connecting to a VPN service is better served by Binhex's VPN enabled torrent and nzb dockers. I'm talking about the client, to push all traffic through a PIA VPN As opposed to hosting a VPN server to connect back into my home network I have used various VPN dockers but I very much prefer this implementation, meaning I can use dockers which take up less room, all use the same alpine base image (big user of LinuxServerIO dockers ) I just hoped there would be a way of either excluding a docker from the tun5 network... OR a way in the docker config to use a completely separate network / network interface Quote Link to comment
JonathanM Posted January 12, 2017 Share Posted January 12, 2017 I'm talking about the client, to push all traffic through a PIA VPN As opposed to hosting a VPN server to connect back into my home network Yeah, I understand what you want, it's just a bad idea unless you know exactly what you are doing. The VPN service does not firewall the endpoint connection, so theoretically connecting to them allows other vpn users on the same network node free access to your system totally bypassing your router, since unraid doesn't have a built in firewall. I personally would never risk it. Binhex's dockers go to great lengths to ensure isolation and security, to make sure VPN traffic doesn't leak out of the docker, or vice versa. Network security is hard. Too many ways for things to go wrong, and not many ways to do it right. Quote Link to comment
nexusmaniac Posted January 12, 2017 Share Posted January 12, 2017 I'm talking about the client, to push all traffic through a PIA VPN As opposed to hosting a VPN server to connect back into my home network Yeah, I understand what you want, it's just a bad idea unless you know exactly what you are doing. The VPN service does not firewall the endpoint connection, so theoretically connecting to them allows other vpn users on the same network node free access to your system totally bypassing your router, since unraid doesn't have a built in firewall. I personally would never risk it. Binhex's dockers go to great lengths to ensure isolation and security, to make sure VPN traffic doesn't leak out of the docker, or vice versa. Network security is hard. Too many ways for things to go wrong, and not many ways to do it right. Aha, ok cool - Well that's fair enough! Sadly my Linux networking knowledge is very lacking... I'll have to sacrifice using my tiny docker containers and grab VPN specific versions Thanks! Quote Link to comment
neuk34 Posted January 13, 2017 Share Posted January 13, 2017 Hello, I'm using sabnzbd and deluge. How to be sure that the both softwares are covering by the vpn? Thanks Using this plugin? Dunno, I'm doing it the easy way, using Binhex's excellent VPN enabled dockers. He builds them with failsafes against accidental IP leakage, and as a bonus has privoxy baked in so you can use the same VPN tunnel to browse through if you want. I wouldn't use this plugin to connect to a VPN service, it's meant for you to create a private tunnel to allow secure remote access for your own devices when you are away from home. Binhex plugins are not working on my server : [info] Starting OpenVPN... 2017-01-13 11:08:00,703 DEBG 'start-script' stdout output: Fri Jan 13 11:08:00 2017 OpenVPN 2.3.12 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [iPv6] built on Aug 24 2016 Fri Jan 13 11:08:00 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Fri Jan 13 11:08:00 2017 WARNING: file 'credentials.conf' is group or others accessible 2017-01-13 11:08:00,897 DEBG 'start-script' stdout output: Fri Jan 13 11:08:00 2017 UDPv4 link local: [undef] Fri Jan 13 11:08:00 2017 UDPv4 link remote: [AF_INET]81.171.85.68:1194 2017-01-13 11:08:00,961 DEBG 'start-script' stdout output: Fri Jan 13 11:08:00 2017 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN Fri Jan 13 11:08:00 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed Fri Jan 13 11:08:00 2017 TLS_ERROR: BIO read tls_read_plaintext error Fri Jan 13 11:08:00 2017 TLS Error: TLS object -> incoming plaintext read error Fri Jan 13 11:08:00 2017 TLS Error: TLS handshake failed So, I'm still going to use openvpn client plugin. But my port are all closed on transmission. How could I open them being still covered by von? Thanks Quote Link to comment
neuk34 Posted January 15, 2017 Share Posted January 15, 2017 could you please help? Thanks ! Quote Link to comment
SmallwoodDR82 Posted January 23, 2017 Share Posted January 23, 2017 @peter fantastic job! I'm running client (2016.12.31a) on unRAID 6.2.4 and everything is working perfectly. My question - I noticed someone asking about auto start on boot instead of with array for the openvpn server. With me running the client is there a way for the openvpn client plugin to start on boot rather than waiting for array? My issue is this unRAID box is not local to me and if I need to stop the array on this box to make an unRAID change I lose connectivity due to vpn closing. I'd like the VPN to be connected basically all the time while the webgui is running. Any thoughts? Maybe a feature request? Thanks for everything and I'm happy to test! Quote Link to comment
peter_sm Posted January 23, 2017 Author Share Posted January 23, 2017 @peter fantastic job! I'm running client (2016.12.31a) on unRAID 6.2.4 and everything is working perfectly. My question - I noticed someone asking about auto start on boot instead of with array for the openvpn server. With me running the client is there a way for the openvpn client plugin to start on boot rather than waiting for array? My issue is this unRAID box is not local to me and if I need to stop the array on this box to make an unRAID change I lose connectivity due to vpn closing. I'd like the VPN to be connected basically all the time while the webgui is running. Any thoughts? Maybe a feature request? Thanks for everything and I'm happy to test! Hi SmallwoodDR82, What you can try with is to add below line to your go file located in /boot/config/ /etc/rc.d/rc.openvpnclient start //Peter Quote Link to comment
ksignorini Posted January 24, 2017 Share Posted January 24, 2017 I'm confused. I've installed the server, installed RSA, generated certs, and added a client. I can even start the server and my client name appears in a list as an expected client. But when I added the client name I got a window saying that it all went well and generated an inline file (I attached a screenshot here). But how do I download that file to give to my client? Thanks! Quote Link to comment
peter_sm Posted January 24, 2017 Author Share Posted January 24, 2017 Take a look under the client folder for the path you entered in the cert config. It should also be some help text to activate , I think this info exist where to DL the client file, if not I can make it more clear in the window. Skickat från min iPhone med Tapatalk Quote Link to comment
ksignorini Posted January 24, 2017 Share Posted January 24, 2017 Take a look under the client folder for the path you entered in the cert config. It should also be some help text to activate , I think this info exist where to DL the client file, if not I can make it more clear in the window. Skickat från min iPhone med Tapatalk Now that I know where to look, I just used FTP to grab the file and voila. I can't wait to test it from a coffee shop with my Mac. One more question regarding OpenVPN client (not server this time) which I may also use for another purpose. My VPN provider only gives me a cert file--it does not give me a .ovpn file. Can I still configure the OpenVPN client you packaged for unRAID to connect to them? Thanks again. Great work. Quote Link to comment
peter_sm Posted January 24, 2017 Author Share Posted January 24, 2017 One more question regarding OpenVPN client (not server this time) which I may also use for another purpose. My VPN provider only gives me a cert file--it does not give me a .ovpn file. Can I still configure the OpenVPN client you packaged for unRAID to connect to them? Thanks again. Great work. What I know a ovpn or config file needs for all vpn. //Peter Quote Link to comment
ksignorini Posted January 24, 2017 Share Posted January 24, 2017 One more question regarding OpenVPN client (not server this time) which I may also use for another purpose. My VPN provider only gives me a cert file--it does not give me a .ovpn file. Can I still configure the OpenVPN client you packaged for unRAID to connect to them? Thanks again. Great work. What I know a ovpn or config file needs for all vpn. //Peter After trying a different VPN service, it all works now. One final question: Am I able to keep the OpenVPN client connected but still keep the OpenVPN server also open for incoming connections? Thanks again. Quote Link to comment
SmallwoodDR82 Posted January 25, 2017 Share Posted January 25, 2017 @peter fantastic job! I'm running client (2016.12.31a) on unRAID 6.2.4 and everything is working perfectly. My question - I noticed someone asking about auto start on boot instead of with array for the openvpn server. With me running the client is there a way for the openvpn client plugin to start on boot rather than waiting for array? My issue is this unRAID box is not local to me and if I need to stop the array on this box to make an unRAID change I lose connectivity due to vpn closing. I'd like the VPN to be connected basically all the time while the webgui is running. Any thoughts? Maybe a feature request? Thanks for everything and I'm happy to test! Hi SmallwoodDR82, What you can try with is to add below line to your go file located in /boot/config/ /etc/rc.d/rc.openvpnclient start //Peter Peter so this works perfect thanks! My final issue is even with the array mounting option set to 'no' and the go file adjustment. If I stop the array to make an unraid change the OpenVPN client stops the VPN connection. Shouldn't it stay connected when array is offline? When I stopped the array, I then have no way to start it again Thanks for the help in advance! Quote Link to comment
ksignorini Posted January 25, 2017 Share Posted January 25, 2017 Peter - So one thing that isn't working when I connect to my unRAID box with OpenVPN from my Mac is access to shares. I seem to have a great connection otherwise and can access computers via local IP, just no shares. Thoughts? Quote Link to comment
peter_sm Posted January 25, 2017 Author Share Posted January 25, 2017 Peter - So one thing that isn't working when I connect to my unRAID box with OpenVPN from my Mac is access to shares. I seem to have a great connection otherwise and can access computers via local IP, just no shares. Thoughts? You should be able to connect even with hostname. and your complete LAN shall be available as well. Did you modified much of the default settings? //Peter Quote Link to comment
ksignorini Posted January 25, 2017 Share Posted January 25, 2017 Peter - So one thing that isn't working when I connect to my unRAID box with OpenVPN from my Mac is access to shares. I seem to have a great connection otherwise and can access computers via local IP, just no shares. Thoughts? You should be able to connect even with hostname. and your complete LAN shall be available as well. Did you modified much of the default settings? //Peter It's not and I didn't modify any of the defaults. Quote Link to comment
tr0910 Posted January 25, 2017 Share Posted January 25, 2017 Here is what happens if I run the client from the command line. It connects, but the terminal hangs... openvpn --config /boot/openvpn/karli.ovpn & [1] 58675 root@Kim:/boot/RhettKarli# Wed Jan 25 12:08:35 2017 OpenVPN 2.4.0 x86_64-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 29 2016 Wed Jan 25 12:08:35 2017 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 Wed Jan 25 12:08:35 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]23.127.66.250:1197 Wed Jan 25 12:08:35 2017 UDP link local: (not bound) Wed Jan 25 12:08:35 2017 UDP link remote: [AF_INET]23.127.66.250:1197 Wed Jan 25 12:08:35 2017 [server] Peer Connection Initiated with [AF_INET]23.127.66.250:1197 Wed Jan 25 12:08:36 2017 TUN/TAP device tun1 opened Wed Jan 25 12:08:36 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Jan 25 12:08:36 2017 /usr/sbin/ip link set dev tun1 up mtu 1500 Wed Jan 25 12:08:36 2017 /usr/sbin/ip addr add dev tun1 10.8.0.3/24 broadcast 10.8.0.255 RTNETLINK answers: File exists Wed Jan 25 12:08:36 2017 ERROR: Linux route add command failed: external program exited with error status: 2 RTNETLINK answers: File exists Wed Jan 25 12:08:36 2017 ERROR: Linux route add command failed: external program exited with error status: 2 Wed Jan 25 12:08:36 2017 Initialization Sequence Completed ^C Running with a "&" suffix still results in the same hung terminal session. After pressing Ctrl C and checking ps nobody 14748 1 0 2016 ? 00:00:09 openvpn --writepid /var/run/openvpnserver/openvpnserver.pid --config /mnt/cache/appdata/myVPNserver/openvpnserver.ovpn --script-security 2 --daemon root 25180 127452 0 14:53 pts/2 00:00:00 openvpn --config /boot/openvpn/karli.ovpn root 33595 127452 0 15:09 pts/2 00:00:00 grep openvpn Is this the right way to kill an VPN session to a server? It also hangs the bash terminal.. You need to press Ctrl C to continue, and then it seems to work fine again. pkill -SIGTERM -f 'openvpn --config /boot/openvpn/karli.ovpn' & How do I kill hung openvpn command line sessions? I want to script the following openvpn start do some stuff with the vpn active openvpn stop but hung sessions are causing a problem. Quote Link to comment
ksignorini Posted January 25, 2017 Share Posted January 25, 2017 Peter - So one thing that isn't working when I connect to my unRAID box with OpenVPN from my Mac is access to shares. I seem to have a great connection otherwise and can access computers via local IP, just no shares. Thoughts? You should be able to connect even with hostname. and your complete LAN shall be available as well. Did you modified much of the default settings? //Peter It's not and I didn't modify any of the defaults. Peter, It turns out I can access the shares via IP address, but not NETBIOS name. Perhaps there's no internal DNS or NETBIOS naming being passed through the VPN. (I'm not terribly familiar with how this is done.) Is there anything with OpenVPN that would be causing this or is this some other thing related to my network? Thanks. Quote Link to comment
Eisi2005 Posted February 9, 2017 Share Posted February 9, 2017 [solved] at this moment the user is offline in the status page Hi, today i have install the vpn server. It works out of the box. Thanks for this great plugin. One Question, when a user connect to the server i could see on the status page that the user is offline, but when the user disconnect, the user will still shown as online though the connection is disconnected on client side. Quote Link to comment
peter_sm Posted February 9, 2017 Author Share Posted February 9, 2017 Can you try to give it same time before reload the page ? Will it disappear then ? I will try by my self how it looks. Quote Link to comment
Eisi2005 Posted February 13, 2017 Share Posted February 13, 2017 Yes if i wait some time, the users disappear. Quote Link to comment
steppi Posted February 24, 2017 Share Posted February 24, 2017 Hello everyone! I want to connect to my corporate network Openvpn. I installed the plugin "Openvpn-client", but I do not know where to place the conf file and cert ... If I go to "chose to file" nothing happens. Thanks for your help! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.