OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

Hello! Before I say anything, I should preface my message with the fact that I'm new to UnRaid and server hardware/networking as a whole. I do have some experience with home networking and consumer hardware, but nothing that would probably help me in this case.

 

I recently installed the OpenVPN Client Plugin to help with anonymizing torrent traffic for my dockers (via TorGuard VPN Providor), and while it works, it is limiting my DL speeds HEAVILY. While I know using a VPN will affect speeds to an extent, this seems abnormally slow. My downloads via QBittorrent seem to be limited to a max speed of 1MB/s total when using the plugin. Without it, I get up to my normal 12MB speeds (sometimes higher depending on the hour). This affects all my torrent clients and sab as well. I've done some preliminary testing as shown with the attached files below (i've also attached my diagnostics in case that is useful):

 

I've done VM testing (whose traffic I've learned is not affected by the plugin. All traffic seems to come through with my ISP's IP. This is actually pretty cool as I only want my dockers affected anyways), both with, and without the TorGuard client and built-in OpenVPN client (using generated files). The speeds, while a little slower than my desktop speeds, are still well above the speeds I get with the server plugin and dockers.

 

I've also tried testing on my desktop. As you can see, both with the client and without, the speeds are high, so it seems to be related either to the docker or the plugin itself.

 

I've changed ciphers as well, trying all of CBC and GCM (GCM seems to perform better, but I'm still locked under that artificial 1MB cap) as well as trying different servers. I also attempted opening ports via my VPN just to test, but it made no difference (I should mention that none of these tests were done with opened ports. My normal speeds of 12 and excess are typically done without needing to forward anything at all). All of this is going through my LAN. When I did my testing, I made sure nothing was downloading, and that only one client at a time was attached (though I should be able to connect up to 8 devices concurrently if I remember correctly).

 

Before admitting defeat and just running a VM for all of my torrenting, I'd like to see if I can continue usage with the dockers for performance reasons. Unfortunately, I haven't been able to find any specific reason as to why this is happening. Any help would be greatly appreciated. Thank you!

desktop_withoutVPN.PNG

desktop_withVPN.PNG

UbuntuVM_withoutVPN.PNG

UbuntuVM_withVPN_OPVNfile.PNG

tower-diagnostics-20191218-1657.zip

Link to comment
8 minutes ago, trurl said:

There are some torrent dockers with builtin VPN. Search on the Apps page.

Hello! So that was actually my go-to when I setup UnRaid, however, the VPN Binhex included with the dockers was not compatible with my TorGuard configuration. Binhex warned that this may be the case and that not all providers would be compatible. I was unable to find anyone with a similar setup.

Link to comment
59 minutes ago, jonathanm said:

Since 6.8 includes Wireguard, I wouldn't expect a whole lot of attention being paid to these plugins in the future.

I was not aware this was an option. This would have been nice to know much earlier.

 

57 minutes ago, blinside995 said:


Fair enough. WireGuard was incredibly simple to deploy.


Sent from my iPhone using Tapatalk

How is the performance? Does it cover the entire server or does it work like the OpenVPN plugin and only affect dockers?

Link to comment
15 hours ago, deathscreton said:

I was not aware this was an option. This would have been nice to know much earlier.

 

How is the performance? Does it cover the entire server or does it work like the OpenVPN plugin and only affect dockers?

It was mentioned in the release thread for 6.8. Everyone should read the release thread before updating.

 

And there is a guide to setting it up. Lots of ways to set it up. It can even cover your whole LAN.

 

 

  • Like 1
Link to comment
  • 3 months later...

Thanks for this plugin. I just discovered it and you made setting up an openvpn server as easy as pivpn.

 

I do have wireguard installed and setup but I need to run my vpn server on TCP. My ISP is doing something on UDP that causes my vpn connection to run extremely slow. I found running my vpn server on tcp got me 5 times the speed. So until either I figure out the problem with my isp or wireguard allows tcp, I'll use this plugin.

 

This plugin also frees up my rpi for other things and keeps servers consolidated to unraid. Thanks again.

Link to comment
  • 2 weeks later...

Hi everyone, 

 

i have a Problem downloading the EASYRSA Version. I think the release list is the problem, see screenshot. I tried to change easyrsa_version_full_path.txt, unfortunately without success.

 

 

root@srv:/usr/local/emhttp/plugins/openvpnserver/scripts# rc.openvpnserver download_easy-rsa
https://github.comlink
master.zip
Going to download ....https://github.comlink
--2020-04-26 22:13:12--  https://github.comlink/
Resolving github.comlink (github.comlink)... failed: Name or service not known.
wget: unable to resolve host address ‘github.comlink’
<190>Apr 26 22:13:12 rc.openvpnserver[11151]: Deleting the client folder and files when new easyrsa are insatlled.
Deleting the client folder and files when new easyrsa are insatlled.
unzip:  cannot find or open master.zip, master.zip.zip or master.zip.ZIP.
mv: cannot stat 'easy-rsa*': No such file or directory
chmod: cannot access 'easy-rsa': No such file or directory

 

 

https://github.comlink is not a vaild link

 

Thanks for help

Update EASYRSA.png

Link to comment
Hi everyone, 
 
i have a Problem downloading the EASYRSA Version. I think the release list is the problem, see screenshot. I tried to change easyrsa_version_full_path.txt, unfortunately without success.
 
 
root@srv:/usr/local/emhttp/plugins/openvpnserver/scripts# rc.openvpnserver download_easy-rsa
https://github.comlink
master.zip
Going to download ....https://github.comlink
--2020-04-26 22:13:12--  https://github.comlink/
Resolving github.comlink (github.comlink)... failed: Name or service not known.
wget: unable to resolve host address ‘github.comlink’
Apr 26 22:13:12 rc.openvpnserver[11151]: Deleting the client folder and files when new easyrsa are insatlled.
Deleting the client folder and files when new easyrsa are insatlled.
unzip:  cannot find or open master.zip, master.zip.zip or master.zip.ZIP.
mv: cannot stat 'easy-rsa*': No such file or directory
chmod: cannot access 'easy-rsa': No such file or directory
 
 
https://github.comlink is not a vaild link
 
Thanks for help
1423336130_UpdateEASYRSA.thumb.png.aa2d82fa9925a4740208da310eebf96c.png

There have been som updates on their GitHub pages. An update is now released.


Skickat från min iPhone med Tapatalk
Link to comment
On 10/26/2019 at 5:01 AM, David Bott said:

@peter_sm Thanks for the thought of modifying the actual openvpn server file you want to use.  Before I tried that I took a closer look at the connection log, via your plug-in, and did see this line...

 

Sat Oct 26 07:36:18 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,comp-lzo no,route-gateway 172.21.92.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.92.25 255.255.254.0,peer-id 0,cipher AES-256-GCM'

 

...so it seems that ping and ping-restart are part of it yet does not seem to solve the issue. BTW... I did also try adding the lines to the file to different settings, but after stopping and starting the OPENVPN client again, the same values showed up in the log.  So it does not seems to be part of that file. So not sure where these settings are being set from as it dies not seem to be the server.ovpn files. 

 

I did happen to notice also that it reads... 

 

Sat Oct 26 07:36:17 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  7 2018
Sat Oct 26 07:36:17 2019 library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.10

 

...wondering if i does not need to be updated? (It may be current for all I know.)

 

Otherwise the plug-in does just perfect for what I wanted.  Something that puts my UnRAID internet traffic through a VPN and it does that.  Even updates for docker files or plugins all use the VPN.  But the issue is, once you loose internet for X amount of time, it will not redo the tunnel and your entire server does not have access to the Internet. (You can still reach it from inside the network of course.)  The GUI also stops working.   (Side note....At least on mine, when I choose to STOP the OpenVPN service the says Stopping but then the screen becomes empty from the UnRaid Menu bar down. You need to click on SETTINGS and the OPENVPN Client option again to go back in and see if it stopped.  No biggie...but just a heads up.)

 

But the big thing is it not coming back up.  Sometimes I may not notice for days and have things stacked up to come down.

 

If you may care to look into this, I am happy to test.  If not, I understand as it has not been touched in some time but is really the open option I have found that does the server as a client in one easy to setup, understand, and use plug-in.     

 

You also mentioned "keepalive what I know is a server function" ... Just don't seem to see a setting for that anywhere.

 

Thank you again.

I know this is from last year but was wondering if anyone has found a fix for this? As I am experiencing the same problems.  The plugin not reconnecting and having to restart the array to get it properly work.  Spectrum has been doing alot of maintance\upgrades in my area so internet has been reseting thruout the day. 

Link to comment
  • 4 weeks later...

Awesome, thanks for putting this together. I installed it and got it working immediately. I connected to the OpenVPN Server Network that my unRaid is on. I was then able to ping the IP of my unRaid server, and SSH to it!

 

My next goal is to remote desktop into a virtual machine on my network. I am unable to do so. I am able to do it when I am locally on my network. Do I need to do something in OpenVPN to allow access to a machine other than the VPN server, or to allow specific ports to be used?

Link to comment
  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...

Hello all,

 

Apologies, I am completely stuck and fear I am asking a simple question...

 

1. Plugin installed

2. Cert & misc settings tab - valid appdata folder, click update list of easyRSA, select the latest version. It downloads to my PC.

3. Main OpenVPN server tab - "Easyrsa is not downloaded". Click on "install rsa key management package". 

4. Screen reloads but nothing changes. It still says "Easyrsa is not downloaded".

 

I've looked everywhere but can't find what I have done wrong. Any help greatly appreciated!

Link to comment

Thanks, yes I've got wireguard working and it's great. But I would like to have openvpn working too as a backup option as I am using Unraid in a small office with various computers, etc. . The Openvpn-as docker needs a licence for more than 2 users so is not an option...

Link to comment
7 hours ago, jppanchaud said:

Thanks, yes I've got wireguard working and it's great. But I would like to have openvpn working too as a backup option as I am using Unraid in a small office with various computers, etc. . The Openvpn-as docker needs a licence for more than 2 users so is not an option...

Have not time now to update... but some changes on githup page and to fix this you can for now try to update the script --> /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver

 

Line 349  change f16 to f14

Line 376 change f16 to f14

Link to comment
  • 2 weeks later...

I am running this plugin and have multiple users with it. However, I have some inconsistencies with the users. 

 

My personal one has the ability to access anything I so choose. However, other users are unable to access certain items on another subnet. Is there something that I have to do within the server config to make sure that all the subnets can be access? Or should I just switch to wireguard?

Link to comment
  • 2 weeks later...

I have Unraid version 6.8.3 and latest plugin version as on 3rd August 2020. 

 

I have added the .ovpn file in the /boot/openvpn folder. 

 

However, I am still seeing the "Choose a file" in the plugin screen and am not able to connect. I am attaching the details in the screenshot. Any solution to this?

unraid.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.