OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

hi  I new to this stuff so I been posting wrong area...

I run  "OpenVPN --config  pfsense.ovpn"   or  "OpenVPN pfsense.ovpn"   

it trys to connect it stops and locks me out of unraid…   Unraid becomes totally useless  locks me out  and locks me out of shares.. till I physically power it down and back up

 

openvpn unraid fault 1a.png

openvpn unraid fault 2a.png

Link to comment
On 2/18/2019 at 10:33 AM, blurp76 said:

I'm trying to assign static IP addresses to VPN clients, how to add client-config-dir do server configuration?

or is there some other way to accomplish this?

Ok I found that I can just add:

client-config-dir /mnt/user/appdata/openvpnserver/ccd

to /mnt/user/appdata/openvpnserver/openvpnserver.ovpn

It works fine after creating the ccd folder with various clients configuration

 

The only problem is that any modification on the server config from the gui will overwrite the configuration and remove the client-config-dir.

 

Would it be possible to add some field for custom options in the server configuration gui?

 

Thanks

Link to comment

Having an issue, just installed, (I can connect on my phone with the client i previously had on it from linuxservers container)

 

On my windows Machines i cant connect it gives an error on the server logs:

Sun Mar  3 16:17:24 2019 us=933773 tls-crypt unwrap error: packet too short
Sun Mar  3 16:17:24 2019 us=933801 TLS Error: tls-crypt unwrapping failed from [AF_INET]166.170.xx.xxx:61646

 

my windows client version is OpenVPN Connect 2.6.0.100, i am kinda figuring it is the client causing it? but i cant find 2.4.6, to my knowledge this plugin does not have a webgui to download the client am i correct?

 

any help is appreciated.

Link to comment
Having an issue, just installed, (I can connect on my phone with the client i previously had on it from linuxservers container)
 
On my windows Machines i cant connect it gives an error on the server logs:
Sun Mar  3 16:17:24 2019 us=933773 tls-crypt unwrap error: packet too short
Sun Mar  3 16:17:24 2019 us=933801 TLS Error: tls-crypt unwrapping failed from [AF_INET]166.170.xx.xxx:61646
 
my windows client version is OpenVPN Connect 2.6.0.100, i am kinda figuring it is the client causing it? but i cant find 2.4.6, to my knowledge this plugin does not have a webgui to download the client am i correct?
 
any help is appreciated.
Don't use open vpn connect. That is meant for the OpenVPN access server. Use the regular

Sent from my Pixel 2 XL using Tapatalk

Link to comment

I am fairly new to this so sorry if this is obvious. I finally got everything setup, but am unable to generate the certificates. Any help is appreciated. I had issues with Easy RSA and finally got it installed manually.  The log is showing this: 

 

Quote

spawn ./easyrsa build-ca
spawn ./easyrsa build-server-full server nopass
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 769: ./easyrsa: Permission denied

Let me know if I can provide more information.

Thanks!
 

Link to comment

@peter_sm your program doesnt work with Unraid 6.6.7    ive been trying to reinstall it to try to get it to work

but you can save a server cert... but you cant generate certs you cant do the RSA   cant create a Users   and i tried to delete users  but no option had to manually delete it .. but doesnt seem to setup at all under 6.6.7

  • Like 1
Link to comment
On 3/12/2019 at 8:10 PM, comet424 said:

@peter_sm your program doesnt work with Unraid 6.6.7    ive been trying to reinstall it to try to get it to work

but you can save a server cert... but you cant generate certs you cant do the RSA   cant create a Users   and i tried to delete users  but no option had to manually delete it .. but doesnt seem to setup at all under 6.6.7

 

On 3/12/2019 at 11:43 PM, RCFilm said:

@peter_sm I can confirm the plug-in has broken for 6.7.0-rc5. If you could please push an update. :)

I am running 6.6.7, not sure about 6.7.0-rc5, but I have his app set up and running on mine.

 

I am only having 1 issue. OpenVPN app starts with the array on boot up, shows successfully, but I am not able to get a client to connect. It is like the server doesn't respond. I have to manually restart the application and then everything works just fine. But, if unRAID reboots openVPN comes back up but connections don't work again until I manually restart the app. 

Has anyone run into this before? This is my first time encountering this problem.

Link to comment
2 minutes ago, comet424 said:

@ElBurrito  it worked in 6.6.7 if you had it installed under 6.6.6  and upgraded to 6.6.7    if you uninstall  server  and reinstall it under 6.6.7 you wont be able to set up the client certs etc..

least thats what happened for me...  

I did have it installed prior to upgrading but I accidentally deleted the config files for it and had issues trying to get it to regenerate certs and client profiles. I ended up removing the app entirely and doing fresh reinstall saved in a new location.

Link to comment
2 minutes ago, comet424 said:

ah ok ... ya im unable to get certs or RSA to generate when you hit the generate button  in 6.6.7  just server config is only thing that will work  

Yeah, I did have that problem. I think it was an issue with recognizing that I had extracted the Easy-RSA files in the folder, I believe it was installed in appdata on my cache drives. I reinstalled the app, pointed the folder location for the certs to "/boot/openvpn/", downloaded on of the easy-rsa files, sftp-ed it to my server, unzipped it in "boot/openvpn/" and then renamed the resulting folder "easy-rsa-3.x.x" to "easy-rsa". Once I did that, the "Install RSA Key" button worked and then the generate button worked again.

As far as my other problem I just did a user script to restart the app after booting. At least as a work around for now.

Link to comment

so im having issues  I got the server to run on a remote side unraid.. and on the unraid at home

I run the command prompt   OpenVPN --config mike.ovpn  it partially connects but doesn't finish I don't get the command prompt    and when I press ctrl C then it shows more  

 

root@backupserver:/boot/openvpn# openvpn --config mike.ovpn
Wed Mar 20 23:00:04 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  7 2018
Wed Mar 20 23:00:04 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10
Wed Mar 20 23:00:04 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Mar 20 23:00:04 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 20 23:00:04 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Mar 20 23:00:04 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 20 23:00:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]76.75.123.76:1200
Wed Mar 20 23:00:04 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Mar 20 23:00:04 2019 UDP link local: (not bound)
Wed Mar 20 23:00:04 2019 UDP link remote: [AF_INET]76.75.123.76:1200
Wed Mar 20 23:00:04 2019 TLS: Initial packet from [AF_INET]76.75.123.76:1200, sid=41fc641e 67fc7399
Wed Mar 20 23:00:05 2019 VERIFY OK: depth=1, CN=server
Wed Mar 20 23:00:05 2019 VERIFY KU OK
Wed Mar 20 23:00:05 2019 Validating certificate extended key usage
Wed Mar 20 23:00:05 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Mar 20 23:00:05 2019 VERIFY EKU OK
Wed Mar 20 23:00:05 2019 VERIFY OK: depth=0, CN=server
Wed Mar 20 23:00:05 2019 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Wed Mar 20 23:00:05 2019 [server] Peer Connection Initiated with [AF_INET]76.75.123.76:1200
Wed Mar 20 23:00:06 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 20 23:00:06 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,redirect-gatewaydef1,remote-gateway 192.168.1.8,resolv-retry infinite,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Wed Mar 20 23:00:06 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3:remote-gateway (2.4.6)
Wed Mar 20 23:00:06 2019 Options error: option 'resolv-retry' cannot be used in this context ([PUSH-OPTIONS])
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: route options modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: peer-id set
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Mar 20 23:00:06 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Mar 20 23:00:06 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 20 23:00:06 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 20 23:00:06 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=br0 HWADDR=00:0a:e4:8b:e1:e4
Wed Mar 20 23:00:06 2019 TUN/TAP device tun1 opened
Wed Mar 20 23:00:06 2019 TUN/TAP TX queue length set to 100
Wed Mar 20 23:00:06 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Mar 20 23:00:06 2019 /usr/sbin/ip link set dev tun1 up mtu 1500
Wed Mar 20 23:00:06 2019 /usr/sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 76.75.123.76/32 via 192.168.0.1
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Mar 20 23:00:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache optionto prevent this
Wed Mar 20 23:00:09 2019 Initialization Sequence Completed

and see here when I press Ctrl C to exit.. so whats all wrong  

and why doesn't OpenVPN server side ask for a password when I make a user 

Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Mar 20 23:00:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache optionto prevent this
Wed Mar 20 23:00:09 2019 Initialization Sequence Completed
^CWed Mar 20 23:03:34 2019 event_wait : Interrupted system call (code=4)
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 10.8.0.1/32
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 76.75.123.76/32
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 0.0.0.0/1
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 128.0.0.0/1
Wed Mar 20 23:03:34 2019 Closing TUN/TAP interface
Wed Mar 20 23:03:34 2019 /usr/sbin/ip addr del dev tun1 local 10.8.0.6 peer 10.8.0.5
Wed Mar 20 23:03:34 2019 SIGINT[hard,] received, process exiting
root@backupserver:/boot/openvpn#

 

Link to comment
  • 2 weeks later...

Hi,

Installed this plugin on 6.6.7, and after changing the settings to what I require, am unable to get a client to connect - I will continue fault finding, but in the meantime, if you set LZO compression to No in the Server Config page, whenever you create files, line 17 is simply a 0.

 

should it be

"comp-LZO No"

or

"comp-LZO 0"?

Link to comment
On 6/30/2018 at 2:13 PM, Ashe said:

Hi Peter

Just a heads up that iOS seems to prefer a *.ovpn12 file now rather than the *.p12 file. No problem with renaming the generated *.p12 file and it then imports fine


Sent from my iPhone using Tapatalk

Thank you for this! I was getting completely stuck following the instructions in the readme that's generated with the cert.

  • Like 1
Link to comment

Is there any way to push a user-specified DNS server?

 

I have a Pi-Hole running on my LAN and I'd like my connected devices to use it's DNS IP address instead.

 

This allows me to block ads on my connected iOS devices and for local name resolution - really useful.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.