peter_sm Posted March 19, 2018 Author Share Posted March 19, 2018 56 minutes ago, huffsper said: Is it possible to run the OpenVPN server plugin completely independent from the array? All my disks are encrypted so I would like to be able to remote connect into the machine and decrypt it after it boots. You can add this line to end of your go file. Then it will start when booting. But this need you to have your config folder set up to your USB or UD /etc/rc.d/rc.openvpnserver start 1 Quote Link to comment
huffsper Posted March 20, 2018 Share Posted March 20, 2018 17 hours ago, peter_sm said: You can add this line to end of your go file. Then it will start when booting. But this need you to have your config folder set up to your USB or UD /etc/rc.d/rc.openvpnserver start Thanks! When connecting from a Linux machine I get "WARNING: No server certificate verification method has been enabled.". Shouldn't enabling tls-crypt prevent that message? Or is there something else I'm missing? Quote Link to comment
peter_sm Posted March 20, 2018 Author Share Posted March 20, 2018 3 hours ago, huffsper said: Thanks! When connecting from a Linux machine I get "WARNING: No server certificate verification method has been enabled.". Shouldn't enabling tls-crypt prevent that message? Or is there something else I'm missing? Sorry, can't debug this, try google and if you come up with an solution please let me know. Check openvpn forum for more help //Peter Quote Link to comment
huffsper Posted March 20, 2018 Share Posted March 20, 2018 1 hour ago, peter_sm said: Sorry, can't debug this, try google and if you come up with an solution please let me know. Check openvpn forum for more help //Peter Here's documentation about the warning https://openvpn.net/index.php/open-source/documentation/howto.html#mitm The chance of me experiencing a MITM attack is probably 0,00001% so it's likely not worth the effort anyway. Quote Link to comment
mkono87 Posted March 21, 2018 Share Posted March 21, 2018 I just set this up and im able to connect, however all I can access it the unraid gui. None of the dockers web ui such as sonarr and radarr I cannot access. Quote Link to comment
peter_sm Posted March 21, 2018 Author Share Posted March 21, 2018 I just set this up and im able to connect, however all I can access it the unraid gui. None of the dockers web ui such as sonarr and radarr I cannot access.I don’t know your configuration settings about openvpn or dockers.Default setting give you access to your LAN//PeterSkickat från min iPhone med Tapatalk Quote Link to comment
mkono87 Posted March 21, 2018 Share Posted March 21, 2018 (edited) 5 hours ago, peter_sm said: I don’t know your configuration settings about openvpn or dockers. Default setting give you access to your LAN //Peter Skickat från min iPhone med Tapatalk Everything is default over here, thus im confused. I used to have openvpn installed on a raspberry pi and it was fine. Does it matter that my dockers have its own static ip and not host /bridge? Edited March 21, 2018 by mkono87 Quote Link to comment
peter_sm Posted March 22, 2018 Author Share Posted March 22, 2018 Everything is default over here, thus im confused. I used to have openvpn installed on a raspberry pi and it was fine. Does it matter that my dockers have its own static ip and not host /bridge? Should not matter, but docker IP is on your default LAN? (Eth0 or br0)Skickat från min iPhone med Tapatalk Quote Link to comment
huffsper Posted March 22, 2018 Share Posted March 22, 2018 18 hours ago, mkono87 said: Everything is default over here, thus im confused. I used to have openvpn installed on a raspberry pi and it was fine. Does it matter that my dockers have its own static ip and not host /bridge? There's your problem. unRAID itself cannot access containers that have their own static IP. Quote Link to comment
mkono87 Posted March 23, 2018 Share Posted March 23, 2018 On 3/22/2018 at 12:32 AM, peter_sm said: Should not matter, but docker IP is on your default LAN? (Eth0 or br0) Skickat från min iPhone med Tapatalk br0 which is what i had all the dockers set too. I changed them to bridge and they all are accessable with open vpn. Quote Link to comment
guyturner797 Posted April 1, 2018 Share Posted April 1, 2018 (edited) Hi I keep getting this error when I try and start the server: Options error: --explicit-exit-notify can only be used with --proto udp Use --help for more information. I have the server set to TCP Port 443 so I can access it from a restricted network. It used to work then I reinstalled Unraid and my configuration no longer functions. I temporarily removed the line from the config file, will this be permanent? Any ideas for a permanent solution? Edited April 1, 2018 by guyturner797 Quote Link to comment
Guest Posted April 9, 2018 Share Posted April 9, 2018 Hi @peter_sm, just posting here to write about an issue with OpenVPN. This sounds really weird... So after moving to China, the settings page for OpenVPN will not open. Yes, I have physically moved to China, and the server came alongside. Everything works except for the OpenVPN settings page. What happens is, every few seconds, I see a request for SystemTemp.php in Firefox Developer Tools (Network pane). This keeps repeating for about a minute before it eventually times out. When it does, all I see is the header for the server and no content underneath. I am guessing that the Great Firewall of China is blocking a script or something that the page requires - thus it never loads. Can this be changed so that the page loads regardless of script results? Thanks. And what's the script trying to do in the background? Quote Link to comment
peter_sm Posted April 10, 2018 Author Share Posted April 10, 2018 10 hours ago, ideaman924 said: Hi @peter_sm, just posting here to write about an issue with OpenVPN. This sounds really weird... So after moving to China, the settings page for OpenVPN will not open. Yes, I have physically moved to China, and the server came alongside. Everything works except for the OpenVPN settings page. What happens is, every few seconds, I see a request for SystemTemp.php in Firefox Developer Tools (Network pane). This keeps repeating for about a minute before it eventually times out. When it does, all I see is the header for the server and no content underneath. I am guessing that the Great Firewall of China is blocking a script or something that the page requires - thus it never loads. Can this be changed so that the page loads regardless of script results? Thanks. And what's the script trying to do in the background? Hi, It could be the function to get your WAN IP on this address --> icanhazip.com Or the new function to get info from easyrsa github project --> https://github.com/OpenVPN/easy-rsa //Peter Quote Link to comment
tr0910 Posted April 10, 2018 Share Posted April 10, 2018 Hi, It could be the function to get your WAN IP on this address --> icanhazip.com Or the new function to get info from easyrsa github project --> https://github.com/OpenVPN/easy-rsa It's quite common in China for updates and installs to hang for no reason. Then suddenly a week later, it will work fine. When you are behind the GFW, this is normal. Expect to be frustrated. I used to use Peter's plugin from China accessing my unRaid server in America. In 2014 that was good enough to access Facebook Google etc from China. But that is no longer the case. New tools are required now. Quote Link to comment
Guest Posted April 10, 2018 Share Posted April 10, 2018 (edited) 1 hour ago, peter_sm said: (...) It could be the function to get your WAN IP on this address --> icanhazip.com Or the new function to get info from easyrsa github project --> https://github.com/OpenVPN/easy-rsa (...) Thanks for the quick answer! I tried the first link and it wouldn't load. I have no idea why the GFC blocks a IP address website *shruggie* GitHub works fine in China without a VPN, so the second function should probably work. Regarding the WAN IP, I have my own domain pointing to a DDNS service that routes to my server (kinda mandatory because China keeps switching my residential IP address), is there an option so it stops polling an external service? It can read the IP from my subdomain. If that doesn't work, maybe a fallback website could be implemented? EDIT: Possible fallback: https://api.ipify.org/ 1 hour ago, tr0910 said: It's quite common in China for updates and installs to hang for no reason. Then suddenly a week later, it will work fine. When you are behind the GFW, this is normal. Expect to be frustrated. Yup, I get this completely! I'm in the process of setting up a network-wide VPN so I don't run into this issue anymore, but until then I'll have to resort to asking in forums Quote I used to use Peter's plugin from China accessing my unRaid server in America. In 2014 that was good enough to access Facebook Google etc from China. But that is no longer the case. New tools are required now. Yeah, they blocked OpenVPN quite shoddily, sometimes it works, sometimes it doesn't. It doesn't help me anyway in my case, because the server's with me in China. I'm just OpenVPN-ing into the server so that I can administrate it from a remote location. Edited April 10, 2018 by Guest Quote Link to comment
tr0910 Posted April 10, 2018 Share Posted April 10, 2018 My China IP address changes every 48 hours like clockwork Quote Link to comment
peter_sm Posted April 10, 2018 Author Share Posted April 10, 2018 1 hour ago, ideaman924 said: Thanks for the quick answer! I tried the first link and it wouldn't load. I have no idea why the GFC blocks a IP address website *shruggie* GitHub works fine in China without a VPN, so the second function should probably work. Regarding the WAN IP, I have my own domain pointing to a DDNS service that routes to my server (kinda mandatory because China keeps switching my residential IP address), is there an option so it stops polling an external service? It can read the IP from my subdomain. If that doesn't work, maybe a fallback website could be implemented? EDIT: Possible fallback: https://api.ipify.org/ Yup, I get this completely! I'm in the process of setting up a network-wide VPN so I don't run into this issue anymore, but until then I'll have to resort to asking in forums Yeah, they blocked OpenVPN quite shoddily, sometimes it works, sometimes it doesn't. It doesn't help me anyway in my case, because the server's with me in China. I'm just OpenVPN-ing into the server so that I can administrate it from a remote location. Can you check latest update ? maybe needs a reboot to get all in place ! the file /var/local/emhttp/plugins/openvpnserver/check-my-ip.sh should looks like this now #!/bin/bash if ping -c 1 icanhazip.com &>/dev/null then curl -s --max-time 15 --silent icanhazip.com else curl -s --max-time 15 --silent https://api.ipify.org/ fi Quote Link to comment
Guest Posted April 10, 2018 Share Posted April 10, 2018 1 hour ago, peter_sm said: Can you check latest update ? maybe needs a reboot to get all in place ! (...) Still not sure what's the problem. It won't load. I tried going to both websites and they all work now, so I'm pretty certain it's not the IP checking feature anymore. The same problem occurs. What does that easyrsa script do, exactly? Quote Link to comment
peter_sm Posted April 10, 2018 Author Share Posted April 10, 2018 8 minutes ago, ideaman924 said: What does that easyrsa script do, exactly? It creates all the server/clients keys and certificates Can you ping google --> 8.8.8.8 Quote Link to comment
Guest Posted April 10, 2018 Share Posted April 10, 2018 (edited) 1 hour ago, peter_sm said: Can you ping google --> 8.8.8.8 I just tested it, surprisingly yes. Any other causes for this problem? What could I help to debug? I'm on latest 6.5.0 if that helps, though this problem was there before (6.4.0) Edited April 10, 2018 by Guest Quote Link to comment
mostlydave Posted April 11, 2018 Share Posted April 11, 2018 I don't know what I'm doing wrong I used to have this set up and working great. I stopped using it and changed my ddns to duckdns, now I'm unable to connect, and getting the following error in the openvpn ios app: Error DNS resolve error on 'http://mydomain.duckdns.org' for UDP session: DNS/RRset does not exist. I am able to resolve my ddns to my IP with mxtools, and duckdns has my correct IP The only other thing I changed was adding a pi-hole to my local LAN Quote Link to comment
Guest Posted April 11, 2018 Share Posted April 11, 2018 2 minutes ago, mostlydave said: I don't know what I'm doing wrong I used to have this set up and working great. I stopped using it and changed my ddns to duckdns, now I'm unable to connect, and getting the following error in the openvpn ios app: Error DNS resolve error on 'http://mydomain.duckdns.org' for UDP session: DNS/RRset does not exist. I am able to resolve my ddns to my IP with mxtools, and duckdns has my correct IP The only other thing I changed was adding a pi-hole to my local LAN DNS resolutions can take up to 24 hours to propagate. Wait a few and try again Quote Link to comment
peter_sm Posted April 11, 2018 Author Share Posted April 11, 2018 (edited) 23 hours ago, ideaman924 said: I just tested it, surprisingly yes. Any other causes for this problem? What could I help to debug? I'm on latest 6.5.0 if that helps, though this problem was there before (6.4.0) Can you telnet in and run this command and see what happens? /etc/rc.d/rc.openvpnserver restart And /etc/rc.d/rc.openvpnserver getonlineversion Edited April 11, 2018 by peter_sm Quote Link to comment
mostlydave Posted April 11, 2018 Share Posted April 11, 2018 10 hours ago, ideaman924 said: DNS resolutions can take up to 24 hours to propagate. Wait a few and try again I setup that new ddns at least a month ago, so I'm thinking that's not the problem at this point Quote Link to comment
Guest Posted April 11, 2018 Share Posted April 11, 2018 6 hours ago, peter_sm said: Can you telnet in and run this command and see what happens? (...) Running the first command: root@derrickserver:~# /etc/rc.d/rc.openvpnserver restart Stoping Openvpnserver..... ... Stopped Deleting iptables rule .... Starting Openvpn server..... nohup: redirecting stderr to stdout OK... Started Adding iptables rule ..... br0 11 0 0 MASQUERADE all -- * br0 10.8.0.0/24 0.0.0.0/0 root@derrickserver:~# Running the second command took a long time, but eventually: root@derrickserver:~# /etc/rc.d/rc.openvpnserver getonlineversion root@derrickserver:~# So something's going funky with the second one. What's going on? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.