OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

Any ideas why I would suddenly have openvpn just stop working? Nothing has changed except unRaid has updated.

 

The connection in the open VPN app on any of my iOS devices just spins. Shows bytes going out. But no response. Keeps taking out.

 

Checked port forwarding for UDP 1194 and it's going to the unraid IP

 

Checked that open VPN is running. It is.

 

Rebooted. Nothing

Created a new opvn file. Nothing.

 

Any ideas ???

 

**EDIT**

I have rebooted everything.  The OpenVPN logs from my iphone keep showing that not bytes are coming in.  Router has 1194 forwarded, thats the Port in the OpenVPN plugin Server Settings.  This all used to work. I have also removed the entire plugin and tried again to no avail.

What unRAID version are you on? If 6.2  I want you to save your unRAID network settings and try again. I have a new release soon that read the unRAID variables from a different way, apart from that the latest version should work in 6.2. For unRAID Version 6.1 is not affected about this and should be running fine

Link to comment

Has this been fixed or do I need to use the old plugin on 6.1?  How can I disable the auto updates that break it?  Thanks

Version 6.1 should be fine for latest plugin

 

Do we need to rebuild anything?  I have the same issue even with the latest update. Rolling back to the version that was linked two pages or do ago allows me to connect right away.

 

I appreciate the help

Link to comment

Can't seem to generate a client. Getting;

 

Adding client:

spawn ./easyrsa build-client-full nopass

Generating a 4096 bit RSA private key

..................++

...++

writing new private key to '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/private/nopass.key.XXXXy2EIKW'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:cp: cannot stat '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/issued/.crt': No such file or directory

cp: cannot stat '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/private/.key': No such file or directory

you got only one client script, instead of script plus 4 keys and certs

/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 473: ./.crt: No such file or directory

/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 477: ./.key: No such file or directory

cp: cannot stat '.crt': No such file or directory

cp: cannot stat '.key': No such file or directory

rm: cannot remove '.crt': No such file or directory

rm: cannot remove '.key': No such file or directory

Done Inline file !

Link to comment

Can you check in your openvpn folder that these files exis. It looks like the step where you should "Generate the server certificates and keys" didn't finish. You have chosen 4096 RSA key and this can take up to 60 minutes or more

 

ca.crt  dh.pem  easy-rsa/  ipp.txt  openvpnserver.ovpn  server.crt  server.key  ta.key

 

EDIT

I did a new fresh installation and all is good

 

Files in pki folder

root@Tower:/mnt/appdata/myVPNserver_test5/easy-rsa/easyrsa3/pki# ls
ca.crt  certs_by_serial/  dh.pem  index.txt  index.txt.attr  index.txt.attr.old  index.txt.old  issued/  private/  reqs/  serial  serial.old

 

file in application folder

ca.crt  clients/  dh.pem  easy-rsa/  openvpnserver.ovpn  server.crt  server.key  ta.key
root@Tower:/mnt/appdata/myVPNserver_test5#

 

files for client

root@Tower:/mnt/appdata/myVPNserver_test5/clients/peter# ls
backup/  peter.ovpn
root@Tower:/mnt/appdata/myVPNserver_test5/clients/peter#

client

Adding client:  peter
spawn ./easyrsa build-client-full peter nopass
Generating a 4096 bit RSA private key
.....++
..++
writing new private key to '/mnt/appdata/myVPNserver_test5/easy-rsa/easyrsa3/pki/private/peter.key.XXXXHipV6N'
-----
Using configuration from /mnt/appdata/myVPNserver_test5/easy-rsa/easyrsa3/openssl-1.0.cnf
Enter pass phrase for /mnt/appdata/myVPNserver_test5/easy-rsa/easyrsa3/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'peter'
Certificate is to be certified until Jul 13 02:23:13 2026 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
you got only one client script, instead of script plus 4 keys and certs
Done Inline file !

 

Link to comment

Has this been fixed or do I need to use the old plugin on 6.1?  How can I disable the auto updates that break it?  Thanks

Version 6.1 should be fine for latest plugin

 

Do we need to rebuild anything?  I have the same issue even with the latest update. Rolling back to the version that was linked two pages or do ago allows me to connect right away.

 

I appreciate the help

 

do you mean the older version of OpenVPN packages? if so I think there is files on 6.1 that also need to be updated to work with latest current version of openVPN. I can't help you here :-( Maybe try withe curent SSL packeges ?

Link to comment

Can you check in your openvpn folder that these files exis. It looks like the step where you should "Generate the server certificates and keys" didn't finish. You have chosen 4096 RSA key and this can take up to 60 minutes or more

 

*update update* I'm an idiot. It helps if you put in a name in the field for the client. Totally sorry for bothering you.

 

*update* I checked all the files you listed and they are there, minus peter of course.

 

Yeah I waited for quite a while. Didn't really keep track. It did give me a green check mark. Tried it with 2048 bit and got the same error:

 

Adding client:

spawn ./easyrsa build-client-full nopass

Generating a 2048 bit RSA private key

..................................................................................................+++

...+++

writing new private key to '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/private/nopass.key.XXXXbBXC6g'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:cp: cannot stat '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/issued/.crt': No such file or directory

cp: cannot stat '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/private/.key': No such file or directory

you got only one client script, instead of script plus 4 keys and certs

/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 473: ./.crt: No such file or directory

/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 477: ./.key: No such file or directory

cp: cannot stat '.crt': No such file or directory

cp: cannot stat '.key': No such file or directory

rm: cannot remove '.crt': No such file or directory

rm: cannot remove '.key': No such file or directory

Done Inline file !

 

Link to comment

Can you check in your openvpn folder that these files exis. It looks like the step where you should "Generate the server certificates and keys" didn't finish. You have chosen 4096 RSA key and this can take up to 60 minutes or more

 

*update update* I'm an idiot. It helps if you put in a name in the field for the client. Totally sorry for bothering you.

 

*update* I checked all the files you listed and they are there, minus peter of course.

 

Yeah I waited for quite a while. Didn't really keep track. It did give me a green check mark. Tried it with 2048 bit and got the same error:

 

Adding client:

spawn ./easyrsa build-client-full nopass

Generating a 2048 bit RSA private key

..................................................................................................+++

...+++

writing new private key to '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/private/nopass.key.XXXXbBXC6g'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:cp: cannot stat '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/issued/.crt': No such file or directory

cp: cannot stat '/mnt/cache/openvpn/easy-rsa/easyrsa3/pki/private/.key': No such file or directory

you got only one client script, instead of script plus 4 keys and certs

/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 473: ./.crt: No such file or directory

/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 477: ./.key: No such file or directory

cp: cannot stat '.crt': No such file or directory

cp: cannot stat '.key': No such file or directory

rm: cannot remove '.crt': No such file or directory

rm: cannot remove '.key': No such file or directory

Done Inline file !

Is all OK for you now ?

 

And there is new version released today :-)

 

//Peter

 

Link to comment

Thanks for the response Peter.  I am on 6.1.9.  I tried the network settings idea thinking maybe it would help.  It did not.  It is almost as if the Server is no longer listening to Port 1194.  I removed the plugin and re-installed.  I verified that the port is properly open on the router, which was unchanged as well.  I ended up having to remove the plugin and installed one of the Open VPN dockers (which is a pain to setup in contrast to your plugin) and it worked right away. 

 

Any ideas why I would suddenly have openvpn just stop working? Nothing has changed except unRaid has updated.

 

The connection in the open VPN app on any of my iOS devices just spins. Shows bytes going out. But no response. Keeps taking out.

 

Checked port forwarding for UDP 1194 and it's going to the unraid IP

 

Checked that open VPN is running. It is.

 

Rebooted. Nothing

Created a new opvn file. Nothing.

 

Any ideas ???

 

**EDIT**

I have rebooted everything.  The OpenVPN logs from my iphone keep showing that not bytes are coming in.  Router has 1194 forwarded, thats the Port in the OpenVPN plugin Server Settings.  This all used to work. I have also removed the entire plugin and tried again to no avail.

What unRAID version are you on? If 6.2  I want you to save your unRAID network settings and try again. I have a new release soon that read the unRAID variables from a different way, apart from that the latest version should work in 6.2. For unRAID Version 6.1 is not affected about this and should be running fine

Link to comment

Thanks Peter.  At least now i know i am not crazy.  Is this going to be fixed in the newer release you previously spoke about...or is it an UnRaid issue..?

 

I think it needs a new package that isn’t in 6.1

 

Peter, how can I ensure that the plugin doesn’t auto update and kill itself?  Thanks

Link to comment

Thanks Peter.  At least now i know i am not crazy.  Is this going to be fixed in the newer release you previously spoke about...or is it an UnRaid issue..?

Hi, unRAID  need an update of SSL to work with current OpenVPN.

 

 

Skickat från min iPhone med Tapatalk

Link to comment

Thanks Peter.  At least now i know i am not crazy.  Is this going to be fixed in the newer release you previously spoke about...or is it an UnRaid issue..?

 

I think it needs a new package that isn’t in 6.1

 

Peter, how can I ensure that the plugin doesn’t auto update and kill itself?  Thanks

The plugin using latest current version of OpenVPN. But did you try one of the links from me with older version of OpenVPN? If you have one of these in /boot/extra did that override the version of OpenVPN package I have in the plugin?

 

 

Skickat från min iPhone med Tapatalk

Link to comment

For you on 6.1.* can you try to install current version of SSL ( link below ) and see if the plugin works for you with latest OpenVPN Slackware packages that are in latest version of the plugin?

 

 

http://mirrors.slackware.com/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz

http://mirrors.slackware.com/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz

 

//Peter

 

Link to comment

Hey All,

 

I was wondering if there were anyway to enable TAP mode instead of TUN mode? I'm trying to get my steam home streaming up and running but without being on the same subnet it doesn't detect it. Steam unfortunately does not allow manual IP entry so there is no way of accessing it! please help!

 

Thanks

 

T

Link to comment

Hey All,

 

I was wondering if there were anyway to enable TAP mode instead of TUN mode? I'm trying to get my steam home streaming up and running but without being on the same subnet it doesn't detect it. Steam unfortunately does not allow manual IP entry so there is no way of accessing it! please help!

 

Thanks

 

T

 

Hi,

 

You can try to edit the openvpnserver.ovpn manually.

 

Follow this guide --> https://openvpn.net/index.php/open-source/documentation/miscellaneous/76-ethernet-bridging.html

 

 

//Peter

Link to comment

For you on 6.1.* can you try to install current version of SSL ( link below ) and see if the plugin works for you with latest OpenVPN Slackware packages that are in latest version of the plugin?

 

 

http://mirrors.slackware.com/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2h-x86_64-1.txz

http://mirrors.slackware.com/slackware/slackware64-current/slackware64/n/openssl-1.0.2h-x86_64-1.txz

 

//Peter

 

Seems to work.  :)

Thanks

 

Link to comment

Peter_sm, quick bug report - when I have ipp enabled, OpenVPN keeps using the ipp.txt file in the appdata share. So when I do server maintenance and have to shut the array down, OpenVPN prevents drives from unmounting - thus creating an unmount error loop and hanging the emhttp process. Therefore I cannot access the WebUI anymore and have to manually shutdown the server via SSH:

 

powerdown

 

So... from what I thought

 

1. Since ipp.txt isn't frequently accessed, it could be saved to the flash drive itself. Therefore array could be properly unmounted.

2. This brings the benefit that OpenVPN could still function while the array is down - therefore we can do maintenance from the outside world.

3. Which means that OpenVPN could also start itself up on system boot and kill itself on system shutdown.

 

4. Unless flash drive save isn't possible, then we'd have to resort to getting the unmount signal and killing the server. But this means that we can't fix our servers from the outside.

 

Since I'm out frequently, it would be a huge plus for me if it could function while the array's down and restart itself along with the server.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.