OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

1 hour ago, trurl said:

That version has Wireguard VPN built in. 

I read that but unfortunately I am behind CGNAT so DDNS won't work for me. I was planning to get openVPN to AWS or any other cloud provider and using that public IP to have unattended access when on vacation. 

Link to comment
  • 2 weeks later...

I just recently added the server plugin to a new server I brought online and have been having some trouble.  I updated the cs.openvpnserver to fix the j16 to j14 on the two lines and that did the trick, but I'm having trouble generating the server certificates.  I know they can take time to generate as I have successfully set up two of these servers with the OpenVPN Server plugin in the past.  Here's what I'm getting now in the log...

 

"/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 769: ./easyrsa: Permission denied"

 

I looked at the scripting in the file at 769, but I'll admit I'm not the expert here.  Looking for any advice.  Thank you in advance.

Link to comment

Hi,

 

first thanks for the support in this thread or board 🙂

I configured "OpenVPN Client" with my provider pia or with nordvpn. Both works fine and all dockers route over the tunnel.

Now i have one Problem:

my unRaid IP: 192.168.11.100

my homenetwork: 192.168.11.0/24

my other networks (192.168.10.0/24, 192.168.12.0/24, 192.168.13.0/24) > they are connected over LAN LAN VPN over unify

 

if i started the Openvpn Cflient i only could connect to my homenetwork (192.168.11.0/24) and not to my Lan-Lan networks and also not from my Lan-Lan networks to my homenetwork.

my routing without OpenVPN Client:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         USG.local       0.0.0.0         UG    209    0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.11.0    0.0.0.0         255.255.255.0   U     209    0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

 

my routing WITH OpenVPN client

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.8.1        128.0.0.0       UG    0      0        0 tun5
default         USG.local       0.0.0.0         UG    209    0        0 br0
10.8.8.0        0.0.0.0         255.255.255.0   U     0      0        0 tun5
89.40.changed   USG.local       255.255.255.255 UGH   0      0        0 br0
128.0.0.0       10.8.8.1        128.0.0.0       UG    0      0        0 tun5
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.11.0    0.0.0.0         255.255.255.0   U     209    0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

 

How could i manage that?

 

Thanks a lot

Edited by MCP
Link to comment
On 8/24/2020 at 7:05 PM, LeGreatMaxiking said:

Hey I´m stuck. Wanted to redo my VPN after wiping my cache drive.

 

When i click on "Install RSA Key..." nothing happens

Screenshot_50.png

Screenshot_51.png

I am having the same issue. New user. Can someone explain how to install the files manually? I tried copying to /mnt/user/appdata/myVPNServer/easy-rsa/  but nothing happens when i refresh.

 

EDIT: I managed to get this working. The correct path for anyone that wants to do install easy-rsa manually is:

/mnt/user/appdata/myVPNServer/easy-rsa/easyrsa3/

 

I moved the contents from the extracted folder to the above location and then it pics up the installed version and can proceed.

 

Edited by DeathStrike87
Link to comment

Had also the same issues with installing RSA. Looks like in `/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver` line 376 it tries to get the easy-rsa zip url, but something must have changed and it fails to parse it out correctly:

 

EASYRSA_DL_VERSION=$(curl  --fail --silent https://github.
com/OpenVPN/easy-rsa/ | grep zip | grep archive |  cut -  
d\" -f16 | cut -d\" -f1 | sed 's#^#https://github.com#g' |
grep -v "sig")                                            


For a quick dirty fix I just hardcoded the package url there.

Edited by hkinks
Link to comment

I have the same problem with the item "Insatll RSA Key management Package (Easy-RSA).

What is the folder path for where I have to unpack the ZIP or how can I rewrite the rc.openvpnserver?

 

EDIT:

I have found my mistake.
I had extracted the master.zip into the folder and not the normal version.

Edited by BladeXP1985
Link to comment
  • 3 weeks later...
On 9/1/2020 at 7:44 PM, hkinks said:

Had also the same issues with installing RSA. Looks like in `/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver` line 376 it tries to get the easy-rsa zip url, but something must have changed and it fails to parse it out correctly:

 


EASYRSA_DL_VERSION=$(curl  --fail --silent https://github.
com/OpenVPN/easy-rsa/ | grep zip | grep archive |  cut -  
d\" -f16 | cut -d\" -f1 | sed 's#^#https://github.com#g' |
grep -v "sig")                                            


For a quick dirty fix I just hardcoded the package url there.

Had the same issue, you need to edit that line and replace "-f16" with "-f14".

Install works great after this edit. Github probably modified its HTML.

  • Like 2
  • Thanks 1
Link to comment
  • 3 weeks later...
On 9/20/2020 at 11:09 AM, armandkd said:

Had the same issue, you need to edit that line and replace "-f16" with "-f14".

Install works great after this edit. Github probably modified its HTML.

This fixed it! But now I got the same problem when clicking "GENERATE THE SERVER CERTIFICATES AND KEYS" :/

Link to comment

Hi Peter,

 

I just configured my second Unraid Server, and so far everything worked. I changed the Cert and Misc Settings and saved them. But now, when I want to Install Easy RSA it seemingly does nothing, and the page just reloades. And then it still says I have to download easy rsa. But when I check the openvpn folder, there are just index.htmls appearing every time I press install... then I just deleted these and copied the easy rsa folder from the working unraid server, and then I got all the 3 checkboxes green. But when I now press on the start the server button, again, it just reloads and nothing happens... 

 

I have absolutely no Idea why its not working... they are Identical in regards to the specs and the settings...

 

I hope you can help me! 

 

Best regards 

 

Septimus

Screenshot 2020-10-07 001733.png

Edited by Septimus Heap
Link to comment

noob to unraid and I wanted to setup OpenVPN so that it could connect to my VPN service (Mullvad) and I can route certain containers traffic to OpenVPN.  I'm assuming that I need to install the client and not the server but when I did it asked to to add the Mullvad config file but while I can do the select file drop down it doesn't actually do anything.  How do I upload the config file if this doesn't work?

Link to comment
  • 3 weeks later...
On 8/22/2020 at 5:07 PM, MCP said:

Hi,

 

first thanks for the support in this thread or board 🙂

I configured "OpenVPN Client" with my provider pia or with nordvpn. Both works fine and all dockers route over the tunnel.

Now i have one Problem:

my unRaid IP: 192.168.11.100

my homenetwork: 192.168.11.0/24

my other networks (192.168.10.0/24, 192.168.12.0/24, 192.168.13.0/24) > they are connected over LAN LAN VPN over unify

 

if i started the Openvpn Cflient i only could connect to my homenetwork (192.168.11.0/24) and not to my Lan-Lan networks and also not from my Lan-Lan networks to my homenetwork.

my routing without OpenVPN Client:


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         USG.local       0.0.0.0         UG    209    0        0 br0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.11.0    0.0.0.0         255.255.255.0   U     209    0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

 

my routing WITH OpenVPN client


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.8.1        128.0.0.0       UG    0      0        0 tun5
default         USG.local       0.0.0.0         UG    209    0        0 br0
10.8.8.0        0.0.0.0         255.255.255.0   U     0      0        0 tun5
89.40.changed   USG.local       255.255.255.255 UGH   0      0        0 br0
128.0.0.0       10.8.8.1        128.0.0.0       UG    0      0        0 tun5
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.11.0    0.0.0.0         255.255.255.0   U     209    0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

 

How could i manage that?

 

Thanks a lot

I have the same issue.
I have setup and port forwarded and able to connect successfully to my home network but unable to access LAN folders/LAN addresses eg the router/unraid.
Anyone have any tips? One clue might be the fact that I have a modem and a router connected to that (I have port forwarded from the modem to my router).

Thank you!

Link to comment
Fri Oct 30 17:58:31 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Fri Oct 30 17:58:31 2020 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Fri Oct 30 17:58:31 2020 Diffie-Hellman initialized with 4096 bit key
Fri Oct 30 17:58:31 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Fri Oct 30 17:58:31 2020 ECDH curve secp384r1 added
Fri Oct 30 17:58:31 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Oct 30 17:58:31 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Oct 30 17:58:31 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Oct 30 17:58:31 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Oct 30 17:58:31 2020 ROUTE_GATEWAY 192.168.3.1/255.255.255.0 IFACE=br0 HWADDR=00:1b:21:54:c1:c0
Fri Oct 30 17:58:31 2020 TUN/TAP device tun0 opened
Fri Oct 30 17:58:31 2020 TUN/TAP TX queue length set to 100
Fri Oct 30 17:58:31 2020 /usr/sbin/ip link set dev tun0 up mtu 1500
Fri Oct 30 17:58:31 2020 /usr/sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Fri Oct 30 17:58:31 2020 /usr/sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Fri Oct 30 17:58:31 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Oct 30 17:58:31 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Oct 30 17:58:31 2020 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.3.20:1194: Cannot assign requested address (errno=99)
Fri Oct 30 17:58:31 2020 Exiting due to fatal error
Fri Oct 30 17:58:31 2020 /usr/sbin/ip route del 10.8.0.0/24
Fri Oct 30 17:58:31 2020 Closing TUN/TAP interface
Fri Oct 30 17:58:31 2020 /usr/sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2

Failed to bind port

Link to comment
  • 2 weeks later...

Hi guys, just wanted to say thanks to the developer of this plugin, it's been working flawlessly for me for the last year or so, but recently (maybe 2-3 weeks ago), something seems to have changed and now I can't get it to work. I have been able to generate several ovpn's without issue and connected remotely via ios, android and laptop, so I had a decent handle on setting up connections. Since i've installed and connected wireguard though, the openvpn server is running, but none of the devices can connect. the log on the client just seems to freeze. I've refreshed certs and created a fresh ovpn but to no avail. I was wondering if anyone was aware of wireguard installation/activation knocking something out on the openvpn side?

 

I liked having openvpn running as a backup to wireguard (am in another country to my server). Any thoughts?

The error appears to be TLS handshake related, but that's gone straight over my head...

 

Thu Nov 12 16:51:02 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1194
Thu Nov 12 16:51:02 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Nov 12 16:51:02 2020 UDP link local: (not bound)
Thu Nov 12 16:51:02 2020 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1194
Thu Nov 12 16:51:02 2020 MANAGEMENT: >STATE:1605178262,WAIT,,,,,,
Thu Nov 12 16:52:03 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Nov 12 16:52:03 2020 TLS Error: TLS handshake failed


thx

*** EDIT: i restarted the server again but now am getting the blank install rsa key management package issue as a few posts above. I managed to manually install easyrsa, but am stuck with generating server certs... it just loops without actually generating as far as I can tell ***

 

 

Edited by baldfox
update
Link to comment

Hi,
I just installed the openvpn CLIENT plugin which connects to the openvpn.net server on their cloud.
My unraid server has two network cards:


eth0 - br0 192.168.2.0/24 with gateway 192.168.2.1 (adsl line with slow upload)
eth1 - br1. 192.168.1.0/24 with gateway 192.168.1.1 (LTE line with fast upload)

 

is it possible to make a way that the plugin uses the eth1 network interface for the activation of the tunnel to the server and at the same time redirects the traffic to the eth0 interface?

 

This is to be able to take advantage of the VPN on the fast LTE line. I have not installed the VPN server directly on unraid because the LTE line has no public IP address but is under NAT

thanks

Link to comment

Hi!

Trying to get the Client Plugin to work, I always get the following error:

 

neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

 

Being new to UnRAID, I have no idea what this means. Connecting to my OpenVPN server from Windows or Android works without problems.

 

Thanks in advance! 🙂

Link to comment
Wed Nov 18 18:34:10 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Wed Nov 18 18:34:10 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Wed Nov 18 18:34:10 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.52.1:1198
Wed Nov 18 18:34:10 2020 UDP link local: (not bound)
Wed Nov 18 18:34:10 2020 UDP link remote: [AF_INET]212.102.52.1:1198

I have found that the VPN is giving the above, and i see others have the same issue.

How can I resolve this?

Link to comment
On 11/17/2020 at 4:09 PM, Turnspit said:

Hi!

Trying to get the Client Plugin to work, I always get the following error:

 

neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

 

Being new to UnRAID, I have no idea what this means. Connecting to my OpenVPN server from Windows or Android works without problems.

 

Thanks in advance! 🙂

I found a solution to my problem!
 

I've added the following line to my .ovpn-file:

askpass /boot/openvpn/auth.pass

 

Then I created the auth.pass file besides the .ovpn-file and just added a single line with my OVPN-client password to it.

 

In the plugin, I deactivated the login option, startet the connection and - voila - I successfully connected my unRAID client to my OVPN-Server. 🙂

Link to comment
On 11/18/2020 at 6:39 PM, MrLinford said:

Wed Nov 18 18:34:10 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Wed Nov 18 18:34:10 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Wed Nov 18 18:34:10 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.52.1:1198
Wed Nov 18 18:34:10 2020 UDP link local: (not bound)
Wed Nov 18 18:34:10 2020 UDP link remote: [AF_INET]212.102.52.1:1198

I have found that the VPN is giving the above, and i see others have the same issue.

How can I resolve this?

I finally got some time to look at this, ended up having to download new OpenVPN setting from my VPN provider

Link to comment
On 11/12/2020 at 8:53 PM, baldfox said:

 

*** EDIT: i restarted the server again but now am getting the blank install rsa key management package issue as a few posts above. I managed to manually install easyrsa, but am stuck with generating server certs... it just loops without actually generating as far as I can tell ***

 

 

 

same issue for me. i got a feeling this plugin will soon be unmaintained due to WG

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.