ThatDude Posted April 4, 2019 Share Posted April 4, 2019 21 hours ago, ThatDude said: Is there any way to push a user-specified DNS server? I have a Pi-Hole running on my LAN and I'd like my connected devices to use it's DNS IP address instead. This allows me to block ads on my connected iOS devices and for local name resolution - really useful. I figured out a workaround to set the DNS from the client side, open the ovpn file and add the following directives. #ipv4 pull-filter ignore "dhcp-option DNS" #ipv6 pull-filter ignore "dhcp-option DNS6" # put prefered dns name here dhcp-option DNS 192.168.0.200 Quote Link to comment
woocash Posted April 19, 2019 Share Posted April 19, 2019 Is it possible to separate configuration form, to be able to set different port and address for the server to operate on, and different port to be input into user configs? I have my OpenVpn server running on power 1194 internally, but it is visible outside on port 443 using a dynamic dns name. With current config it is impossible to automatically generate working configs for the clients. Quote Link to comment
bhman79 Posted April 20, 2019 Share Posted April 20, 2019 I am now getting this error" openvpn: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory Quote Link to comment
trurl Posted April 20, 2019 Share Posted April 20, 2019 8 hours ago, bhman79 said: openvpn: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory What version Unraid and what version plugin? Quote Link to comment
bhman79 Posted April 20, 2019 Share Posted April 20, 2019 2 hours ago, trurl said: What version Unraid and what version plugin? Unraid 6.4.1 Plugin 2019.02.09 Update of OpenVPN packages to 2.4.6-2 Quote Link to comment
bhman79 Posted April 20, 2019 Share Posted April 20, 2019 3 hours ago, trurl said: What version Unraid and what version plugin? I upgraded to the newest Unraid and it fixed the problem. Thanks! Quote Link to comment
Snickers Posted April 23, 2019 Share Posted April 23, 2019 (edited) Hi @all, how can i root a specific ip with a nordVPN ovp file? I got set my jDownloader Docker to a specific IP but how can i edit my ovpn file to route only this ip? or what a file must i edit? Edited April 23, 2019 by Snickers Quote Link to comment
swtz Posted May 3, 2019 Share Posted May 3, 2019 Hey all! Is there an updated link for the client configuration guide? I'm trying to get this setup so that all traffic from only 1 interface (I have two setup NOT bonded) will pass be routed through the vpn tunnel. I'm now stuck on the first step of getting the plugin to connect. I tried to go to the link on the first post for client config guide, but it doesn't take me anywhere. Is there a new one? Thanks! Quote Link to comment
Snickers Posted May 6, 2019 Share Posted May 6, 2019 Hi @all, i use the openvpn Client with NordVPN. This works fine but how can i route to the internal IP from outside? Or how can i use the client for a specific Ip/Docker? Quote Link to comment
Krzaku Posted May 13, 2019 Share Posted May 13, 2019 Every time I restart my Unraid server, the OpenVPN is unconnectable, I have to restart it manually. These are the logs before the restart: Sat May 11 21:48:26 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 7 2018 Sat May 11 21:48:26 2019 library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.10 Sat May 11 21:48:26 2019 Diffie-Hellman initialized with 2048 bit key Sat May 11 21:48:26 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sat May 11 21:48:26 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Sat May 11 21:48:26 2019 TUN/TAP device tun0 opened Sat May 11 21:48:26 2019 TUN/TAP TX queue length set to 100 Sat May 11 21:48:26 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sat May 11 21:48:26 2019 /usr/sbin/ip link set dev tun0 up mtu 1500 Sat May 11 21:48:26 2019 /usr/sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255 Sat May 11 21:48:26 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET Sat May 11 21:48:26 2019 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat May 11 21:48:26 2019 TCP/UDP: Socket bind failed on local address [AF_INET]172.16.0.10:1194: Cannot assign requested address (errno=99) Sat May 11 21:48:26 2019 Exiting due to fatal error Sat May 11 21:48:26 2019 Closing TUN/TAP interface Sat May 11 21:48:26 2019 /usr/sbin/ip addr del dev tun0 10.8.0.1/24 Any idea what this might be about? Also, a request, can you make it possible to renew the CRL certificate? It expires after a year and it's not that easy to renew manually when you don't know what you're doing. I managed somehow but other people may not. Quote Link to comment
Squid Posted May 13, 2019 Share Posted May 13, 2019 1 minute ago, Krzaku said: I have to restart it manually. Just for kicks, set OpenVPN to have a delay of 30 seconds before starting. Does it make a difference? Quote Link to comment
Krzaku Posted May 13, 2019 Share Posted May 13, 2019 4 minutes ago, Squid said: Just for kicks, set OpenVPN to have a delay of 30 seconds before starting. Does it make a difference? There is no option for that in the plugin, I can only enable or disable autostart. Quote Link to comment
Squid Posted May 13, 2019 Share Posted May 13, 2019 5 hours ago, Krzaku said: There is no option for that in the plugin, I can only enable or disable autostart. Ah. Thought you were running the docker app. Quote Link to comment
megna22 Posted May 16, 2019 Share Posted May 16, 2019 I haven't a clue what you are talking about Extensions' page? where is that? How do you get their? Theirs no such page on the client! This really suks! Quote Link to comment
Squid Posted May 16, 2019 Share Posted May 16, 2019 6 hours ago, megna22 said: I haven't a clue what you are talking about Extensions' page? where is that? How do you get their? Theirs no such page on the client! This really suks! If you're talking about this from the OP: On 9/26/2014 at 11:37 AM, peter_sm said: To install. Install the plugins, go to the 'Extensions' page Then that means the plugins tab. (Or, simply go to the Apps tab instead -> even easier) Quote Link to comment
Glassed Silver Posted May 20, 2019 Share Posted May 20, 2019 On 1/12/2017 at 3:56 PM, jonathanm said: Yeah, I understand what you want, it's just a bad idea unless you know exactly what you are doing. The VPN service does not firewall the endpoint connection, so theoretically connecting to them allows other vpn users on the same network node free access to your system totally bypassing your router, since unraid doesn't have a built in firewall. I personally would never risk it. Binhex's dockers go to great lengths to ensure isolation and security, to make sure VPN traffic doesn't leak out of the docker, or vice versa. Network security is hard. Too many ways for things to go wrong, and not many ways to do it right. Hmmm, on that note: if I connect to my VPN _per docker_ that means I'm multiplying my VPN overhead, depend on binhex' release schedule (not implying anything, just saying that I'm totally new to unRAID AND Docker so just throwing out there what's crossing my mind) and then there's the issue with not every application desirable being available as binhex vpn docker. I've seen that you can use a docker like that as proxy for other dockers, but my line of thought is that I'm relying on the application within a docker to apply the proxy connection leaving possible (unknown) background processes un-routed through the proxy. The beauty (but also a pain point in other ways) of VPNs on a classic desktop is after all a one-setup experience. Connect once, route everything or nothing. Major application missing an obvious VPN path to me right now is jDownloader. Theoretically I could just set up a VM, install my VPN's application in there, add the applications I want to the mix and have them all download to a share. Waaaaaaaaay less elegant, but at least a catch-all approach. The VM itself would obviously be configured with a firewall. Is that a lot of overhead? Sure is. Is that a great concern? Well.... 16 physical cores and 48GB of RAM say: we can do it. Despite all of that, I'd still favor the leanest approach for obvious reasons. Surely there's something I'm missing or something I misunderstood? Quote Link to comment
kormalan Posted May 26, 2019 Share Posted May 26, 2019 (edited) Hello, My Windows 10 Pro client PC is connected via an USB cable to my smartphone that shares its Internet 4G connection. I connect to the OpenVPN server without any problem with an OpenVPN GUI client x64. Ping the machines of my local network is ok. But, all connections with my web browser fail. So I do not have access to the Unraid Web interface. Of course I do not get a local IP and I do not know why !!! My Gateway is 192.168.1.254. Also, there is an error in the log of openvpn client : - Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: remote-gateway (2.4.7) Can you please help me ? Bellow all my configuration: WAN IP XXXX.XXXX.XXXX.XXXX UNRAID SERVER IP 192.168.1.200 LAN GATEWAY 192.168.1.254 OPENVPN / EASYRSA VERSION 2.4.6/Master IPCONFIG on Windows 10 Pro 64 bits ---------------------------------- Configuration IP de Windows Carte Ethernet Ethernet : Statut du média. . . . . . . . . . . . : Média déconnecté Suffixe DNS propre à la connexion. . . : lan Carte réseau sans fil Connexion au réseau local* 1 : Statut du média. . . . . . . . . . . . : Média déconnecté Suffixe DNS propre à la connexion. . . : Carte réseau sans fil Connexion au réseau local* 2 : Statut du média. . . . . . . . . . . . : Média déconnecté Suffixe DNS propre à la connexion. . . : Carte Ethernet Ethernet 2 : Suffixe DNS propre à la connexion. . . : Adresse IPv6 de liaison locale. . . . .: fe80::24fc:59a0:7f83:cdb4%17 Adresse IPv4. . . . . . . . . . . . . .: 10.8.0.6 Masque de sous-réseau. . . . . . . . . : 255.255.255.252 Passerelle par défaut. . . . . . . . . : Carte Ethernet Connexion réseau Bluetooth : Statut du média. . . . . . . . . . . . : Média déconnecté Suffixe DNS propre à la connexion. . . : Carte réseau sans fil Wi-Fi : Statut du média. . . . . . . . . . . . : Média déconnecté Suffixe DNS propre à la connexion. . . : lan Carte Ethernet Ethernet 3 : Suffixe DNS propre à la connexion. . . : Adresse IPv6 de liaison locale. . . . .: fe80::b083:1d04:ebf4:7bb4%45 Adresse IPv4. . . . . . . . . . . . . .: 192.168.42.32 Masque de sous-réseau. . . . . . . . . : 255.255.255.0 Passerelle par défaut. . . . . . . . . : 192.168.42.129 CLIENT SIDE LOG (OPENVPN CLIENT GUI on Windows 10 Pro 64 bits) -------------------------------------------------------------- Sun May 26 21:59:32 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019 Sun May 26 21:59:32 2019 Windows version 6.2 (Windows 8 or greater) 64bit Sun May 26 21:59:32 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10 Enter Management Password: Sun May 26 21:59:32 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 Sun May 26 21:59:32 2019 Need hold release from management interface, waiting... Sun May 26 21:59:32 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 Sun May 26 21:59:32 2019 MANAGEMENT: CMD 'state on' Sun May 26 21:59:32 2019 MANAGEMENT: CMD 'log all on' Sun May 26 21:59:32 2019 MANAGEMENT: CMD 'echo all on' Sun May 26 21:59:32 2019 MANAGEMENT: CMD 'bytecount 5' Sun May 26 21:59:32 2019 MANAGEMENT: CMD 'hold off' Sun May 26 21:59:32 2019 MANAGEMENT: CMD 'hold release' Sun May 26 21:59:32 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Sun May 26 21:59:32 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Sun May 26 21:59:32 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Sun May 26 21:59:32 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Sun May 26 21:59:32 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXX.XXXX.XXXX.XXXX:1194 Sun May 26 21:59:32 2019 Socket Buffers: R=[65536->65536] S=[65536->65536] Sun May 26 21:59:32 2019 UDP link local: (not bound) Sun May 26 21:59:32 2019 UDP link remote: [AF_INET]XXXX.XXXX.XXXX.XXXX:1194 Sun May 26 21:59:32 2019 MANAGEMENT: >STATE:1558900772,WAIT,,,,,, Sun May 26 21:59:32 2019 MANAGEMENT: >STATE:1558900772,AUTH,,,,,, Sun May 26 21:59:32 2019 TLS: Initial packet from [AF_INET]XXXX.XXXX.XXXX.XXXX:1194, sid=e175b8f2 8b8e5482 Sun May 26 21:59:32 2019 VERIFY OK: depth=1, CN=server Sun May 26 21:59:32 2019 VERIFY KU OK Sun May 26 21:59:32 2019 Validating certificate extended key usage Sun May 26 21:59:32 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sun May 26 21:59:32 2019 VERIFY EKU OK Sun May 26 21:59:32 2019 VERIFY OK: depth=0, CN=server Sun May 26 21:59:33 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Sun May 26 21:59:33 2019 [server] Peer Connection Initiated with [AF_INET]XXXX.XXXX.XXXX.XXXX:1194 Sun May 26 21:59:34 2019 MANAGEMENT: >STATE:1558900774,GET_CONFIG,,,,,, Sun May 26 21:59:34 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) --- Sun May 26 21:59:34 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.254,redirect-gateway local def1,remote-gateway 192.168.1.200,resolv-retry infinite,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' --- Sun May 26 21:59:34 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3: remote-gateway (2.4.7) --- Sun May 26 21:59:34 2019 Options error: option 'resolv-retry' cannot be used in this context ([PUSH-OPTIONS]) Sun May 26 21:59:34 2019 OPTIONS IMPORT: timers and/or timeouts modified Sun May 26 21:59:34 2019 OPTIONS IMPORT: --ifconfig/up options modified Sun May 26 21:59:34 2019 OPTIONS IMPORT: route options modified Sun May 26 21:59:34 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sun May 26 21:59:34 2019 OPTIONS IMPORT: peer-id set Sun May 26 21:59:34 2019 OPTIONS IMPORT: adjusting link_mtu to 1625 Sun May 26 21:59:34 2019 OPTIONS IMPORT: data channel crypto options modified Sun May 26 21:59:34 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sun May 26 21:59:34 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sun May 26 21:59:34 2019 interactive service msg_channel=920 Sun May 26 21:59:34 2019 ROUTE_GATEWAY 192.168.42.129/255.255.255.0 I=45 HWADDR=02:7c:59:35:30:5f Sun May 26 21:59:34 2019 open_tun Sun May 26 21:59:34 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{D8BE8B5E-39EB-4160-B671-197B2CBA8E5B}.tap Sun May 26 21:59:34 2019 TAP-Windows Driver Version 9.21 Sun May 26 21:59:34 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {D8BE8B5E-39EB-4160-B671-197B2CBA8E5B} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Sun May 26 21:59:34 2019 Successful ARP Flush on interface [17] {D8BE8B5E-39EB-4160-B671-197B2CBA8E5B} Sun May 26 21:59:34 2019 MANAGEMENT: >STATE:1558900774,ASSIGN_IP,,10.8.0.6,,,, Sun May 26 21:59:36 2019 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up Sun May 26 21:59:36 2019 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5 Sun May 26 21:59:36 2019 Route addition via service succeeded Sun May 26 21:59:36 2019 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5 Sun May 26 21:59:36 2019 Route addition via service succeeded Sun May 26 21:59:36 2019 MANAGEMENT: >STATE:1558900776,ADD_ROUTES,,,,,, Sun May 26 21:59:36 2019 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5 Sun May 26 21:59:36 2019 Route addition via service succeeded Sun May 26 21:59:36 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun May 26 21:59:36 2019 Initialization Sequence Completed Sun May 26 21:59:36 2019 MANAGEMENT: >STATE:1558900776,CONNECTED,SUCCESS,10.8.0.6,XXXX.XXXX.XXXX.XXXX,1194,, DEFAUKLT CONFIG - CLIENT SIDE CONFIG (OPENVPN CLIENT GUI on Windows 10 Pro 64 bits) ----------------------------------------------------------------------------------- remote XXXX.XXXX.XXXX.XXXX tls-client cipher AES-256-GCM auth sha512 client dev tun proto udp port 1194 nobind persist-key persist-tun resolv-retry infinite comp-lzo adaptive verb 3 mute-replay-warnings tls-version-min 1.2 remote-cert-tls server remote-cert-eku "TLS Web Server Authentication" route-delay 2 tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA38:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA DEFAULT CONFIG - SERVER SIDE CONFIG ----------------------------------- Dynamic DNS OpenVPN server IP 10.8.0.0 Netmask 255.255.255.0 Allow Client to Client no Pushing DHCP options to clients DNS local gateway Port for the server 1194 Tunnel Protocol UDP Encryption Ciphers AES-256-GCM Hash Algorithm SHA512 Control channel encryption (tls-crypt) yes ifconfig-pool-persist ipp.txt yes Redirect-gateway redirect gateway def1 Topology subnet no Push LAN subnet to the clients yes LZO Compression adaptive TELNET management console no LOG settings 3 OpenVPN Port-Share Edited May 27, 2019 by kormalan Quote Link to comment
Serenity_Duck Posted May 29, 2019 Share Posted May 29, 2019 Hi, I changed from OpenVPN AS from Linuxservers to yours. At first, good job Everything is working fine for me at the moment. But I have one question, maybe I oversee something, but is it possible to force the client with the .ovpn file to enter a password? Thank you 2 Quote Link to comment
gacpac Posted May 29, 2019 Share Posted May 29, 2019 Hi, I changed from OpenVPN AS from Linuxservers to yours. At first, good job Everything is working fine for me at the moment. But I have one question, maybe I oversee something, but is it possible to force the client with the .ovpn file to enter a password? Thank you Let me know if you get how tooSent from my Pixel 2 XL using Tapatalk 1 Quote Link to comment
Taddeusz Posted May 31, 2019 Share Posted May 31, 2019 (edited) Recently I've been getting this message from Tunnelblick about the comp-lzo option being deprecated. I know I can click the checkbox so that the warning doesn't appear again but is there a better fix for this? A way to use a better supported compression option? Edited May 31, 2019 by Taddeusz 1 Quote Link to comment
Bureaucromancer Posted June 3, 2019 Share Posted June 3, 2019 (edited) On 5/3/2019 at 12:48 PM, swtz said: Hey all! Is there an updated link for the client configuration guide? I'm trying to get this setup so that all traffic from only 1 interface (I have two setup NOT bonded) will pass be routed through the vpn tunnel. I'm now stuck on the first step of getting the plugin to connect. I tried to go to the link on the first post for client config guide, but it doesn't take me anywhere. Is there a new one? Thanks! Is there a working client config guide anywhere? Link is to the forum home page.... Edit: https://web.archive.org/web/20160807091818/http://lime-technology.com/forum/index.php?topic=19439.0 Very old, but it does still work if you have an idea what you're looking at. Short version is that the one click install works, and ovpn files go in an openvpn directory you will need to create in the root of the flash drive. Edited June 3, 2019 by Bureaucromancer Quote Link to comment
petern Posted June 7, 2019 Share Posted June 7, 2019 On 5/31/2019 at 10:16 AM, Taddeusz said: Recently I've been getting this message from Tunnelblick about the comp-lzo option being deprecated. I know I can click the checkbox so that the warning doesn't appear again but is there a better fix for this? A way to use a better supported compression option? I got rid of this warning by changing "comp-lzo" to "compress lzo" in my config file as noted in the link below:https://github.com/Nyr/openvpn-install/issues/430 Quote Link to comment
Taddeusz Posted June 7, 2019 Share Posted June 7, 2019 (edited) It would be nice to see an option to select compression type and/or syntax. By that I mean being able to select whether to use 'comp-lzo' or the 'compress' command. Then also if you choose to select the 'compress' command being able to select between 'lzo', 'lz4', or 'lz4-v2'. Understanding that 'comp-lzo' is deprecated I believe 'compress lzo' should be the default syntax. Having a GUI like this means putting in enough functionality so that someone doesn't need to make manual edits like this unless it's something obscure. Edited June 7, 2019 by Taddeusz Quote Link to comment
Taddeusz Posted June 7, 2019 Share Posted June 7, 2019 Well, this is a revolting development. I changed the "comp-lzo yes" lines and all "compress" types break my connection using the official OpenVPN iOS app. Tunnelblick works fine though. Quote Link to comment
Taddeusz Posted June 7, 2019 Share Posted June 7, 2019 Well, after all that I see that the type of compression is selectable in the GUI. And in the end I decided to just disable compression. Especially after reading that having it enabled is not currently secure due to the VORACLE attack vector. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.