comet424 Posted February 22, 2019 Share Posted February 22, 2019 hi I new to this stuff so I been posting wrong area... I run "OpenVPN --config pfsense.ovpn" or "OpenVPN pfsense.ovpn" it trys to connect it stops and locks me out of unraid… Unraid becomes totally useless locks me out and locks me out of shares.. till I physically power it down and back up Quote Link to comment
comet424 Posted February 22, 2019 Share Posted February 22, 2019 im also thinking your OpenVPN Unraid version is not compatible to connect to a OpenVPN PFsense Router software.. and then it locks me out of unraid Quote Link to comment
blurp76 Posted February 23, 2019 Share Posted February 23, 2019 On 2/18/2019 at 10:33 AM, blurp76 said: I'm trying to assign static IP addresses to VPN clients, how to add client-config-dir do server configuration? or is there some other way to accomplish this? Ok I found that I can just add: client-config-dir /mnt/user/appdata/openvpnserver/ccd to /mnt/user/appdata/openvpnserver/openvpnserver.ovpn It works fine after creating the ccd folder with various clients configuration The only problem is that any modification on the server config from the gui will overwrite the configuration and remove the client-config-dir. Would it be possible to add some field for custom options in the server configuration gui? Thanks Quote Link to comment
GingerNinja0913 Posted March 2, 2019 Share Posted March 2, 2019 Pressing "Generate the Server Certificate and Keys" seems to not to anything. Is it supposed to? Or, how do I generate these? Quote Link to comment
Shaank0 Posted March 3, 2019 Share Posted March 3, 2019 Having an issue, just installed, (I can connect on my phone with the client i previously had on it from linuxservers container) On my windows Machines i cant connect it gives an error on the server logs: Sun Mar 3 16:17:24 2019 us=933773 tls-crypt unwrap error: packet too short Sun Mar 3 16:17:24 2019 us=933801 TLS Error: tls-crypt unwrapping failed from [AF_INET]166.170.xx.xxx:61646 my windows client version is OpenVPN Connect 2.6.0.100, i am kinda figuring it is the client causing it? but i cant find 2.4.6, to my knowledge this plugin does not have a webgui to download the client am i correct? any help is appreciated. Quote Link to comment
gacpac Posted March 3, 2019 Share Posted March 3, 2019 Having an issue, just installed, (I can connect on my phone with the client i previously had on it from linuxservers container) On my windows Machines i cant connect it gives an error on the server logs: Sun Mar 3 16:17:24 2019 us=933773 tls-crypt unwrap error: packet too short Sun Mar 3 16:17:24 2019 us=933801 TLS Error: tls-crypt unwrapping failed from [AF_INET]166.170.xx.xxx:61646 my windows client version is OpenVPN Connect 2.6.0.100, i am kinda figuring it is the client causing it? but i cant find 2.4.6, to my knowledge this plugin does not have a webgui to download the client am i correct? any help is appreciated.Don't use open vpn connect. That is meant for the OpenVPN access server. Use the regular Sent from my Pixel 2 XL using Tapatalk Quote Link to comment
mrrilling Posted March 10, 2019 Share Posted March 10, 2019 I am fairly new to this so sorry if this is obvious. I finally got everything setup, but am unable to generate the certificates. Any help is appreciated. I had issues with Easy RSA and finally got it installed manually. The log is showing this: Quote spawn ./easyrsa build-ca spawn ./easyrsa build-server-full server nopass /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 769: ./easyrsa: Permission denied Let me know if I can provide more information. Thanks! Quote Link to comment
casiooo Posted March 12, 2019 Share Posted March 12, 2019 I've got everything working perfectly. However i'm not able to figure out how to apply the tunnel to interface eth1 instead of eth0? Quote Link to comment
comet424 Posted March 13, 2019 Share Posted March 13, 2019 @peter_sm your program doesnt work with Unraid 6.6.7 ive been trying to reinstall it to try to get it to work but you can save a server cert... but you cant generate certs you cant do the RSA cant create a Users and i tried to delete users but no option had to manually delete it .. but doesnt seem to setup at all under 6.6.7 1 Quote Link to comment
RCFilm Posted March 13, 2019 Share Posted March 13, 2019 @peter_sm I can confirm the plug-in has broken for 6.7.0-rc5. If you could please push an update. Quote Link to comment
peter_sm Posted March 13, 2019 Author Share Posted March 13, 2019 This will have very low priority in my life since I do it on my limited free time. 1 Quote Link to comment
ElBurrito Posted March 15, 2019 Share Posted March 15, 2019 On 3/12/2019 at 8:10 PM, comet424 said: @peter_sm your program doesnt work with Unraid 6.6.7 ive been trying to reinstall it to try to get it to work but you can save a server cert... but you cant generate certs you cant do the RSA cant create a Users and i tried to delete users but no option had to manually delete it .. but doesnt seem to setup at all under 6.6.7 On 3/12/2019 at 11:43 PM, RCFilm said: @peter_sm I can confirm the plug-in has broken for 6.7.0-rc5. If you could please push an update. I am running 6.6.7, not sure about 6.7.0-rc5, but I have his app set up and running on mine. I am only having 1 issue. OpenVPN app starts with the array on boot up, shows successfully, but I am not able to get a client to connect. It is like the server doesn't respond. I have to manually restart the application and then everything works just fine. But, if unRAID reboots openVPN comes back up but connections don't work again until I manually restart the app. Has anyone run into this before? This is my first time encountering this problem. Quote Link to comment
comet424 Posted March 15, 2019 Share Posted March 15, 2019 @ElBurrito it worked in 6.6.7 if you had it installed under 6.6.6 and upgraded to 6.6.7 if you uninstall server and reinstall it under 6.6.7 you wont be able to set up the client certs etc.. least thats what happened for me... Quote Link to comment
ElBurrito Posted March 15, 2019 Share Posted March 15, 2019 2 minutes ago, comet424 said: @ElBurrito it worked in 6.6.7 if you had it installed under 6.6.6 and upgraded to 6.6.7 if you uninstall server and reinstall it under 6.6.7 you wont be able to set up the client certs etc.. least thats what happened for me... I did have it installed prior to upgrading but I accidentally deleted the config files for it and had issues trying to get it to regenerate certs and client profiles. I ended up removing the app entirely and doing fresh reinstall saved in a new location. Quote Link to comment
comet424 Posted March 15, 2019 Share Posted March 15, 2019 ah ok ... ya im unable to get certs or RSA to generate when you hit the generate button in 6.6.7 just server config is only thing that will work Quote Link to comment
ElBurrito Posted March 15, 2019 Share Posted March 15, 2019 2 minutes ago, comet424 said: ah ok ... ya im unable to get certs or RSA to generate when you hit the generate button in 6.6.7 just server config is only thing that will work Yeah, I did have that problem. I think it was an issue with recognizing that I had extracted the Easy-RSA files in the folder, I believe it was installed in appdata on my cache drives. I reinstalled the app, pointed the folder location for the certs to "/boot/openvpn/", downloaded on of the easy-rsa files, sftp-ed it to my server, unzipped it in "boot/openvpn/" and then renamed the resulting folder "easy-rsa-3.x.x" to "easy-rsa". Once I did that, the "Install RSA Key" button worked and then the generate button worked again. As far as my other problem I just did a user script to restart the app after booting. At least as a work around for now. Quote Link to comment
peter_sm Posted March 15, 2019 Author Share Posted March 15, 2019 Hi, Plugin is updated to manage the updates that was on github pages for easyrsa 🙂 Quote Link to comment
bengele Posted March 19, 2019 Share Posted March 19, 2019 Dear All, is there a way that i can run this plugin in tap mode? Regards Bengele Quote Link to comment
comet424 Posted March 21, 2019 Share Posted March 21, 2019 so im having issues I got the server to run on a remote side unraid.. and on the unraid at home I run the command prompt OpenVPN --config mike.ovpn it partially connects but doesn't finish I don't get the command prompt and when I press ctrl C then it shows more root@backupserver:/boot/openvpn# openvpn --config mike.ovpn Wed Mar 20 23:00:04 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 7 2018 Wed Mar 20 23:00:04 2019 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10 Wed Mar 20 23:00:04 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Wed Mar 20 23:00:04 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Wed Mar 20 23:00:04 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Wed Mar 20 23:00:04 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Wed Mar 20 23:00:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]76.75.123.76:1200 Wed Mar 20 23:00:04 2019 Socket Buffers: R=[212992->212992] S=[212992->212992] Wed Mar 20 23:00:04 2019 UDP link local: (not bound) Wed Mar 20 23:00:04 2019 UDP link remote: [AF_INET]76.75.123.76:1200 Wed Mar 20 23:00:04 2019 TLS: Initial packet from [AF_INET]76.75.123.76:1200, sid=41fc641e 67fc7399 Wed Mar 20 23:00:05 2019 VERIFY OK: depth=1, CN=server Wed Mar 20 23:00:05 2019 VERIFY KU OK Wed Mar 20 23:00:05 2019 Validating certificate extended key usage Wed Mar 20 23:00:05 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Mar 20 23:00:05 2019 VERIFY EKU OK Wed Mar 20 23:00:05 2019 VERIFY OK: depth=0, CN=server Wed Mar 20 23:00:05 2019 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Wed Mar 20 23:00:05 2019 [server] Peer Connection Initiated with [AF_INET]76.75.123.76:1200 Wed Mar 20 23:00:06 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Mar 20 23:00:06 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,redirect-gatewaydef1,remote-gateway 192.168.1.8,resolv-retry infinite,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' Wed Mar 20 23:00:06 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3:remote-gateway (2.4.6) Wed Mar 20 23:00:06 2019 Options error: option 'resolv-retry' cannot be used in this context ([PUSH-OPTIONS]) Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: timers and/or timeouts modified Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: --ifconfig/up options modified Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: route options modified Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: peer-id set Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: adjusting link_mtu to 1625 Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: data channel crypto options modified Wed Mar 20 23:00:06 2019 Data Channel: using negotiated cipher 'AES-256-GCM' Wed Mar 20 23:00:06 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Wed Mar 20 23:00:06 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Wed Mar 20 23:00:06 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=br0 HWADDR=00:0a:e4:8b:e1:e4 Wed Mar 20 23:00:06 2019 TUN/TAP device tun1 opened Wed Mar 20 23:00:06 2019 TUN/TAP TX queue length set to 100 Wed Mar 20 23:00:06 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Mar 20 23:00:06 2019 /usr/sbin/ip link set dev tun1 up mtu 1500 Wed Mar 20 23:00:06 2019 /usr/sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5 Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 76.75.123.76/32 via 192.168.0.1 Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.5 Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.5 Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5 Wed Mar 20 23:00:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache optionto prevent this Wed Mar 20 23:00:09 2019 Initialization Sequence Completed and see here when I press Ctrl C to exit.. so whats all wrong and why doesn't OpenVPN server side ask for a password when I make a user Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5 Wed Mar 20 23:00:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache optionto prevent this Wed Mar 20 23:00:09 2019 Initialization Sequence Completed ^CWed Mar 20 23:03:34 2019 event_wait : Interrupted system call (code=4) Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 10.8.0.1/32 Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 76.75.123.76/32 Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 0.0.0.0/1 Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 128.0.0.0/1 Wed Mar 20 23:03:34 2019 Closing TUN/TAP interface Wed Mar 20 23:03:34 2019 /usr/sbin/ip addr del dev tun1 local 10.8.0.6 peer 10.8.0.5 Wed Mar 20 23:03:34 2019 SIGINT[hard,] received, process exiting root@backupserver:/boot/openvpn# Quote Link to comment
comet424 Posted March 21, 2019 Share Posted March 21, 2019 what im trying to do is OPENVPN from Unraid to and UNraid and then run RYSNC for data transfer then disconnect OPENVPN so I having issues Quote Link to comment
Duggie264 Posted March 29, 2019 Share Posted March 29, 2019 Hi, Installed this plugin on 6.6.7, and after changing the settings to what I require, am unable to get a client to connect - I will continue fault finding, but in the meantime, if you set LZO compression to No in the Server Config page, whenever you create files, line 17 is simply a 0. should it be "comp-LZO No" or "comp-LZO 0"? Quote Link to comment
Duggie264 Posted March 29, 2019 Share Posted March 29, 2019 Generating some 4096 RSA certs - should more than one thread be getting allocated? Cheers Duggie Quote Link to comment
ThatDude Posted April 3, 2019 Share Posted April 3, 2019 On 6/30/2018 at 2:13 PM, Ashe said: Hi Peter Just a heads up that iOS seems to prefer a *.ovpn12 file now rather than the *.p12 file. No problem with renaming the generated *.p12 file and it then imports fine Sent from my iPhone using Tapatalk Thank you for this! I was getting completely stuck following the instructions in the readme that's generated with the cert. 1 Quote Link to comment
ThatDude Posted April 3, 2019 Share Posted April 3, 2019 Is there any way to push a user-specified DNS server? I have a Pi-Hole running on my LAN and I'd like my connected devices to use it's DNS IP address instead. This allows me to block ads on my connected iOS devices and for local name resolution - really useful. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.