Guest Posted October 13, 2017 Share Posted October 13, 2017 (edited) On 2017. 10. 8. at 8:40 PM, peter_sm said: New release available , now with an new tab for download of client config files! //Peter This is sweet, thank you so much! One problem though. I tried regenerating the server keys. But when I click on the button, it just drops me back into the settings of OpenVPN with no changes. I can still see my clients, etc. I think there might be a permissions issue, so I'm going to try and delete the appdata folder that contains openvpn, but do you have any insight as to what might be going wrong? EDIT1: So after deleting the folder and recreating it, this happened when I tried to start the server: Options error: --dh fails with '/mnt/user/appdata/openvpn-server/dh.pem': No such file or directory (errno=2) Options error: --ca fails with '/mnt/user/appdata/openvpn-server/ca.crt': No such file or directory (errno=2) Options error: --cert fails with '/mnt/user/appdata/openvpn-server/server.crt': No such file or directory (errno=2) Fri Oct 13 18:39:26 2017 WARNING: cannot stat file '/mnt/user/appdata/openvpn-server/server.key': No such file or directory (errno=2) Options error: --key fails with '/mnt/user/appdata/openvpn-server/server.key': No such file or directory (errno=2) Fri Oct 13 18:39:26 2017 WARNING: cannot stat file '/mnt/user/appdata/openvpn-server/ta.key': No such file or directory (errno=2) Options error: --tls-auth fails with '/mnt/user/appdata/openvpn-server/ta.key': No such file or directory (errno=2) Options error: Please correct these errors. Use --help for more information. Hmm? I'm on 6.4.0-rc9f if that helps any. EDIT: When I click on the server generate button, I see a openssl process launched. It keeps using 100% of CPU, but the WebGUI shows that the certificate has been successfully created in a matter of a minute. What I am guessing here is that the WebGUI does not lock as long as it should. Therefore, while openssl is busy generating the configuration and the keys, the WebGUI just barrels on and lets you generate client keys. Now the client keys are meaningless because the server keys aren't done yet, but the GUI doesn't catch that. But when I try to start the server it does. I suppose I could wait for the process to finish, and then start the remaining steps, but this will be pretty confusing for any newcomers. I suggest the WebGUI should be locked while the certificates are being generated. Edited October 13, 2017 by Guest Quote Link to comment
peter_sm Posted October 13, 2017 Author Share Posted October 13, 2017 4 hours ago, ideaman924 said: This is sweet, thank you so much! I suggest the WebGUI should be locked while the certificates are being generated. Wonder howe that could be done? a check to see if the process is running and disable the buttons while is running ? Anyone have a clue how that could be done ? //Peter Quote Link to comment
peter_sm Posted October 14, 2017 Author Share Posted October 14, 2017 New Version! Now the web page is disabled when generate server certificates!! Please test and see how it works for you! //Peter Quote Link to comment
Guest Posted October 23, 2017 Share Posted October 23, 2017 On 2017. 10. 14. at 10:37 PM, peter_sm said: New Version! Now the web page is disabled when generate server certificates!! Please test and see how it works for you! //Peter Thanks! I'll make sure to test the next time I regenerate server configurations! Thank you so much @peter_sm! You're always so helpful! Quote Link to comment
Melo Posted November 8, 2017 Share Posted November 8, 2017 (edited) Hi Peter, Could you help me with this? I want to connect to Perfect Privacy VPN with the Open VPN Client Plugin, but it fails. Everything in the logs looks normal up to here: Wed Nov 8 03:43:04 2017 us=721892 GDG6: NLMSG_ERROR: error Operation not supported Wed Nov 8 03:43:04 2017 us=721908 ROUTE6: default_gateway=UNDEF Wed Nov 8 03:43:04 2017 us=726331 TUN/TAP device tun5 opened Wed Nov 8 03:43:04 2017 us=726388 TUN/TAP TX queue length set to 100 Wed Nov 8 03:43:04 2017 us=726425 do_ifconfig, tt->did_ifconfig_ipv6_setup=1 Wed Nov 8 03:43:04 2017 us=726491 /usr/sbin/ip link set dev tun5 up mtu 1500 Wed Nov 8 03:43:04 2017 us=728318 /usr/sbin/ip addr add dev tun5 10.2.19.245/24 broadcast 10.2.19.255 Wed Nov 8 03:43:04 2017 us=730138 /usr/sbin/ip -6 addr add fdbf:1d37:bbe0:0:33:3:0:1245/112 dev tun5 RTNETLINK answers: Operation not supported Wed Nov 8 03:43:04 2017 us=731940 Linux ip -6 addr add failed: external program exited with error status: 2 Wed Nov 8 03:43:04 2017 us=731981 Exiting due to fatal error Thanks in advance! Edited November 8, 2017 by Melo Quote Link to comment
Risha Posted December 2, 2017 Share Posted December 2, 2017 could someone help me to understand what or if i have done something wrong. i have setup the plugin and installed everything on my remote computer. i can get remote access to the unraid webui but i cant get access to my network shares. Quote Link to comment
peter_sm Posted December 2, 2017 Author Share Posted December 2, 2017 11 minutes ago, Risha said: could someone help me to understand what or if i have done something wrong. i have setup the plugin and installed everything on my remote computer. i can get remote access to the unraid webui but i cant get access to my network shares. Please add more info how you configured the server, or you maybe using all default settings? Quote Link to comment
Risha Posted December 2, 2017 Share Posted December 2, 2017 im using defult settings. here is a screen shot of the settings and the logs Quote Link to comment
peter_sm Posted December 2, 2017 Author Share Posted December 2, 2017 34 minutes ago, Risha said: im using defult settings. here is a screen shot of the settings and the logs Can you click on "Restore To Default values" and try again, some settings are not default, just for testing. Its differ from my default. //Peter Quote Link to comment
Risha Posted December 2, 2017 Share Posted December 2, 2017 i have done that but still no difference Quote Link to comment
peter_sm Posted December 2, 2017 Author Share Posted December 2, 2017 2 minutes ago, Risha said: i have done that but still no difference Are you connecting from a windows computer ? can you access share with IP address? can you see other client on your LAN? //Peter Quote Link to comment
Risha Posted December 2, 2017 Share Posted December 2, 2017 i am using a windows computer i can connect by entering the ip adress but its asking for network credentials Quote Link to comment
Risha Posted December 2, 2017 Share Posted December 2, 2017 i have got it working. i used the username and password that i used with openvpn and i now have access. thanks very much for your help it is greatly apreciated Quote Link to comment
docbrown Posted December 15, 2017 Share Posted December 15, 2017 As I am fairly new to everything Unraid and this plugin (installed today), I'm having the same earlier issue with easy-rsa not generating the files. I know to use an earlier version but I'm confused on how to install it in the environment. Any help will be appreciated. Quote Link to comment
peter_sm Posted December 16, 2017 Author Share Posted December 16, 2017 On 2017-12-15 at 11:15 AM, docbrown said: As I am fairly new to everything Unraid and this plugin (installed today), I'm having the same earlier issue with easy-rsa not generating the files. I know to use an earlier version but I'm confused on how to install it in the environment. Any help will be appreciated. Did a fresh installation and all works fine! please check all your settings. Quote Link to comment
digiblur Posted December 17, 2017 Share Posted December 17, 2017 Nice work! Had to do the easyrsa downgrade but all is well. Nice to see the cipher already set to a strong one. Only thing I will be adding is the TLS auth option. Would be a great feature to build into the GUI.https://community.openvpn.net/openvpn/wiki/Hardening Quote Link to comment
peter_sm Posted December 17, 2017 Author Share Posted December 17, 2017 On 2017-12-16 at 12:39 PM, peter_sm said: Did a fresh installation and all works fine! please check all your settings. Loos like they broken the easyrsa3 ... I see this in my log :-( Quote Using configuration from ./openssl-easyrsa.cnf Enter pass phrase for /mnt/cache/appdata/myVPN/easy-rsa/easyrsa3/pki/private/ca.key: ERROR: on line 16 of config file '/mnt/cache/appdata/myVPN/easy-rsa/easyrsa3/pki/extensions.temp' 23133060112000:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/mnt/cache/appdata/myVPN/easy-rsa/easyrsa3/pki/index.txt.attr','rb') 23133060112000:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182: 23133060112000:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:201: 23133060112000:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:351:line 16 Easy-RSA error: signing failed (openssl output above may have more detail) . Quote Link to comment
peter_sm Posted December 17, 2017 Author Share Posted December 17, 2017 30 minutes ago, digiblur said: Nice work! Had to do the easyrsa downgrade but all is well. Nice to see the cipher already set to a strong one. Only thing I will be adding is the TLS auth option. Would be a great feature to build into the GUI.https://community.openvpn.net/openvpn/wiki/Hardening Hi, TLS auto is default :-) Quote tls-auth /mnt/cache/appdata/myVPN/ta.key Quote Link to comment
peter_sm Posted December 17, 2017 Author Share Posted December 17, 2017 (edited) easyrsa3 are broken https://github.com/OpenVPN/easy-rsa/issues/168 Quote commenting out lines 655-659 in the executable 'easyrsa' allows the signing of servers Older releases can be found here https://github.com/OpenVPN/easy-rsa/releases Skickat från min iPhone med Tapatalk Edited December 17, 2017 by peter_sm Quote Link to comment
digiblur Posted December 17, 2017 Share Posted December 17, 2017 Oh nice! I missed that with the TLS-crypt turned on. Looks great! Quote Link to comment
digiblur Posted December 18, 2017 Share Posted December 18, 2017 Using a 192.168.1.3 IP for my unRaid box. 192.168.1.1 is my gateway, along with 192.168.1.2 is my DNS. When I connect, I can hit and use my unRaid box fine, but I can't access anything else on the LAN or go out via the WAN. Pinging from the Android device to any working address on 192.168.1.x does not work. I tried changing the OpenVPN server IP to 192.168.3.0 just to make sure it wasn't conflicting with the two other 10.0.0.x subnets I have on my router but that didn't change anything. I'm thinking it is something I'm overlooking in the routing. Redirect-gateway is set to - redirect-gateway def1 Push LAN subnet to clients is set to Yes Quote Link to comment
peter_sm Posted December 18, 2017 Author Share Posted December 18, 2017 Using a 192.168.1.3 IP for my unRaid box. 192.168.1.1 is my gateway, along with 192.168.1.2 is my DNS. When I connect, I can hit and use my unRaid box fine, but I can't access anything else on the LAN or go out via the WAN. Pinging from the Android device to any working address on 192.168.1.x does not work. I tried changing the OpenVPN server IP to 192.168.3.0 just to make sure it wasn't conflicting with the two other 10.0.0.x subnets I have on my router but that didn't change anything. I'm thinking it is something I'm overlooking in the routing. Redirect-gateway is set to - redirect-gateway def1 Push LAN subnet to clients is set to Yes Is the 2 setting above defaults? Or you changed these ? If so go for defaults. What is your default route interface ? eth0, br0 ? Verify this by the last iptables row(in red) on the log page. You should see your LAN with all settings set to defaults. I have an update to verify this much better in next release! Skickat från min iPhone med Tapatalk Quote Link to comment
digiblur Posted December 18, 2017 Share Posted December 18, 2017 (edited) 11 minutes ago, peter_sm said: Is the 2 setting above defaults? Or you changed these ? If so go for defaults. What is your default route interface ? eth0, br0 ? Verify this by the last iptables row(in red) on the log page. You should see your LAN with all settings set to defaults. I have an update to verify this much better in next release! Skickat från min iPhone med Tapatalk The redirect-gateway isn't since I wanted all traffic to pass through the VPN. Will put it back to default and give it a shot. EDIT: I don't see any row in red on the logs. Side note: I noticed the tls-crypt default is no, but the description says the default is yes. Edited December 18, 2017 by digiblur Quote Link to comment
nickm Posted December 18, 2017 Share Posted December 18, 2017 Super easy setup so far. I too am getting the "Options error: --cert fails with '/mnt/user/appdata/myVPNserver/server.crt': No such file or directory (errno=2)". I believe that's the EasyRSA...but I can't figure out how to downgrade the EasyRSA version. Can you point me in the right direction? 1 Quote Link to comment
peter_sm Posted December 18, 2017 Author Share Posted December 18, 2017 Super easy setup so far. I too am getting the "Options error: --cert fails with '/mnt/user/appdata/myVPNserver/server.crt': No such file or directory (errno=2)". I believe that's the EasyRSA...but I can't figure out how to downgrade the EasyRSA version. Can you point me in the right direction? You can try to modify easyrsa with comments above. Skickat från min iPhone med Tapatalk Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.