OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

56 minutes ago, huffsper said:

Is it possible to run the OpenVPN server plugin completely independent from the array? All my disks are encrypted so I would like to be able to remote connect into the machine and decrypt it after it boots.

You can add this line to end of your go file. Then it will start when booting.  But this need you to have your config folder set up to your USB or UD

 

 /etc/rc.d/rc.openvpnserver start

 

  • Like 1
Link to comment
17 hours ago, peter_sm said:

You can add this line to end of your go file. Then it will start when booting.  But this need you to have your config folder set up to your USB or UD

 


 /etc/rc.d/rc.openvpnserver start

 

 

Thanks! :)

 

When connecting from a Linux machine I get "WARNING: No server certificate verification method has been enabled.". Shouldn't enabling tls-crypt prevent that message? Or is there something else I'm missing?

Link to comment
3 hours ago, huffsper said:

 

Thanks! :)

 

When connecting from a Linux machine I get "WARNING: No server certificate verification method has been enabled.". Shouldn't enabling tls-crypt prevent that message? Or is there something else I'm missing?

Sorry, can't debug this, try google and if you come up with an solution please let me know.

Check openvpn forum for more help

//Peter

Link to comment
I just set this up and im able to connect, however all I can access it the unraid gui. None of the dockers web ui  such as sonarr and radarr I cannot access.

I don’t know your configuration settings about openvpn or dockers.

Default setting give you access to your LAN
//Peter


Skickat från min iPhone med Tapatalk
Link to comment
5 hours ago, peter_sm said:

I don’t know your configuration settings about openvpn or dockers.

Default setting give you access to your LAN
//Peter


Skickat från min iPhone med Tapatalk

 

Everything is default over here, thus im confused. I used to have openvpn installed on a raspberry pi and it was fine.

 

Does it matter that my dockers have its own static ip and not host /bridge? 

Edited by mkono87
Link to comment
 
Everything is default over here, thus im confused. I used to have openvpn installed on a raspberry pi and it was fine.
 
Does it matter that my dockers have its own static ip and not host /bridge? 

Should not matter, but docker IP is on your default LAN? (Eth0 or br0)


Skickat från min iPhone med Tapatalk
Link to comment
18 hours ago, mkono87 said:

 

Everything is default over here, thus im confused. I used to have openvpn installed on a raspberry pi and it was fine.

 

Does it matter that my dockers have its own static ip and not host /bridge? 

 

There's your problem. unRAID itself cannot access containers that have their own static IP.

Link to comment
On 3/22/2018 at 12:32 AM, peter_sm said:


Should not matter, but docker IP is on your default LAN? (Eth0 or br0)


Skickat från min iPhone med Tapatalk

br0  which is what i had all the dockers set too. I changed them to bridge and they all are accessable with open vpn.

Link to comment
  • 2 weeks later...

Hi I keep getting this error when I try and start the server:

Options error: --explicit-exit-notify can only be used with --proto udp
Use --help for more information.

I have the server set to TCP Port 443 so I can access it from a restricted network. It used to work then I reinstalled Unraid and my configuration no longer functions. I temporarily removed the line from the config file, will this be permanent? Any ideas for a permanent solution?

Edited by guyturner797
Link to comment

Hi @peter_sm, just posting here to write about an issue with OpenVPN. This sounds really weird...

 

So after moving to China, the settings page for OpenVPN will not open.

 

Yes, I have physically moved to China, and the server came alongside. Everything works except for the OpenVPN settings page.

 

What happens is, every few seconds, I see a request for SystemTemp.php in Firefox Developer Tools (Network pane). This keeps repeating for about a minute before it eventually times out. When it does, all I see is the header for the server and no content underneath.

 

image.thumb.png.9ccfa041f2c5066357d87985e5e6e83e.png

 

I am guessing that the Great Firewall of China is blocking a script or something that the page requires - thus it never loads.

 

Can this be changed so that the page loads regardless of script results? Thanks. And what's the script trying to do in the background?

Link to comment
10 hours ago, ideaman924 said:

Hi @peter_sm, just posting here to write about an issue with OpenVPN. This sounds really weird...

 

So after moving to China, the settings page for OpenVPN will not open.

 

Yes, I have physically moved to China, and the server came alongside. Everything works except for the OpenVPN settings page.

 

What happens is, every few seconds, I see a request for SystemTemp.php in Firefox Developer Tools (Network pane). This keeps repeating for about a minute before it eventually times out. When it does, all I see is the header for the server and no content underneath.

 

image.thumb.png.9ccfa041f2c5066357d87985e5e6e83e.png

 

I am guessing that the Great Firewall of China is blocking a script or something that the page requires - thus it never loads.

 

Can this be changed so that the page loads regardless of script results? Thanks. And what's the script trying to do in the background?

Hi,

 

It could be the function to get your WAN  IP on this address --> icanhazip.com

Or the new function to get info from easyrsa github project --> https://github.com/OpenVPN/easy-rsa

 

//Peter

 

Link to comment
Hi,

 

It could be the function to get your WAN  IP on this address --> icanhazip.com

Or the new function to get info from easyrsa github project --> https://github.com/OpenVPN/easy-rsa

 

It's quite common in China for updates and installs to hang for no reason. Then suddenly a week later, it will work fine. When you are behind the GFW, this is normal. Expect to be frustrated.

 

I used to use Peter's plugin from China accessing my unRaid server in America. In 2014 that was good enough to access Facebook Google etc from China. But that is no longer the case. New tools are required now.

Link to comment
1 hour ago, peter_sm said:

(...)

It could be the function to get your WAN  IP on this address --> icanhazip.com

Or the new function to get info from easyrsa github project --> https://github.com/OpenVPN/easy-rsa

(...)

Thanks for the quick answer! I tried the first link and it wouldn't load. I have no idea why the GFC blocks a IP address website *shruggie*

GitHub works fine in China without a VPN, so the second function should probably work.

 

Regarding the WAN IP, I have my own domain pointing to a DDNS service that routes to my server (kinda mandatory because China keeps switching my residential IP address), is there an option so it stops polling an external service? It can read the IP from my subdomain. If that doesn't work, maybe a fallback website could be implemented?

 

EDIT: Possible fallback: https://api.ipify.org/

1 hour ago, tr0910 said:

It's quite common in China for updates and installs to hang for no reason. Then suddenly a week later, it will work fine. When you are behind the GFW, this is normal. Expect to be frustrated.

 

Yup, I get this completely! I'm in the process of setting up a network-wide VPN so I don't run into this issue anymore, but until then I'll have to resort to asking in forums :P

 

Quote

I used to use Peter's plugin from China accessing my unRaid server in America. In 2014 that was good enough to access Facebook Google etc from China. But that is no longer the case. New tools are required now.

 

Yeah, they blocked OpenVPN quite shoddily, sometimes it works, sometimes it doesn't. It doesn't help me anyway in my case, because the server's with me in China. I'm just OpenVPN-ing into the server so that I can administrate it from a remote location.

Edited by Guest
Link to comment
1 hour ago, ideaman924 said:

Thanks for the quick answer! I tried the first link and it wouldn't load. I have no idea why the GFC blocks a IP address website *shruggie*

GitHub works fine in China without a VPN, so the second function should probably work.

 

Regarding the WAN IP, I have my own domain pointing to a DDNS service that routes to my server (kinda mandatory because China keeps switching my residential IP address), is there an option so it stops polling an external service? It can read the IP from my subdomain. If that doesn't work, maybe a fallback website could be implemented?

 

EDIT: Possible fallback: https://api.ipify.org/

 

Yup, I get this completely! I'm in the process of setting up a network-wide VPN so I don't run into this issue anymore, but until then I'll have to resort to asking in forums :P

 

 

Yeah, they blocked OpenVPN quite shoddily, sometimes it works, sometimes it doesn't. It doesn't help me anyway in my case, because the server's with me in China. I'm just OpenVPN-ing into the server so that I can administrate it from a remote location.

Can you check latest update ? maybe needs a reboot to get all in place !

 

 the file

/var/local/emhttp/plugins/openvpnserver/check-my-ip.sh 

 

should looks like this now

 

#!/bin/bash
if ping -c 1 icanhazip.com  &>/dev/null
then
        curl -s --max-time 15 --silent icanhazip.com
else
        curl -s --max-time 15 --silent  https://api.ipify.org/
fi

 

Link to comment
1 hour ago, peter_sm said:

Can you check latest update ? maybe needs a reboot to get all in place !

(...)

Still not sure what's the problem. It won't load.

 

I tried going to both websites and they all work now, so I'm pretty certain it's not the IP checking feature anymore. The same problem occurs.

 

What does that easyrsa script do, exactly?

Link to comment
1 hour ago, peter_sm said:

Can you ping google --> 8.8.8.8

 

I just tested it, surprisingly yes.

 

Any other causes for this problem? What could I help to debug? I'm on latest 6.5.0 if that helps, though this problem was there before (6.4.0)

Edited by Guest
Link to comment

I don't know what I'm doing wrong I used to have this set up and working great. I stopped using it and changed my ddns to duckdns, now I'm unable to connect, and getting the following error in the openvpn ios app:

 

Error DNS resolve error on 'http://mydomain.duckdns.org' for UDP session: DNS/RRset does not exist.

 

I am able to resolve my ddns to my IP with mxtools, and duckdns has my correct IP 

 

The only other thing I changed was adding a pi-hole to my local LAN

Link to comment
2 minutes ago, mostlydave said:

I don't know what I'm doing wrong I used to have this set up and working great. I stopped using it and changed my ddns to duckdns, now I'm unable to connect, and getting the following error in the openvpn ios app:

 

Error DNS resolve error on 'http://mydomain.duckdns.org' for UDP session: DNS/RRset does not exist.

 

I am able to resolve my ddns to my IP with mxtools, and duckdns has my correct IP 

 

The only other thing I changed was adding a pi-hole to my local LAN

DNS resolutions can take up to 24 hours to propagate. Wait a few and try again

Link to comment
23 hours ago, ideaman924 said:

 

I just tested it, surprisingly yes.

 

Any other causes for this problem? What could I help to debug? I'm on latest 6.5.0 if that helps, though this problem was there before (6.4.0)

Can you telnet in and run this command and see what happens?

 

/etc/rc.d/rc.openvpnserver restart

And

/etc/rc.d/rc.openvpnserver getonlineversion

 

Edited by peter_sm
Link to comment
6 hours ago, peter_sm said:

Can you telnet in and run this command and see what happens?

(...)

 

Running the first command:

root@derrickserver:~# /etc/rc.d/rc.openvpnserver restart
Stoping Openvpnserver.....
... Stopped
Deleting iptables rule ....
Starting Openvpn server.....
nohup: redirecting stderr to stdout
OK... Started
Adding iptables rule .....
br0
11       0     0 MASQUERADE  all  --  *      br0     10.8.0.0/24          0.0.0.0/0
root@derrickserver:~#

Running the second command took a long time, but eventually:

 

root@derrickserver:~# /etc/rc.d/rc.openvpnserver getonlineversion

root@derrickserver:~#

So something's going funky with the second one. What's going on?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.