trurl Posted August 3, 2020 Share Posted August 3, 2020 4 hours ago, geekmay said: Unraid version 6.8.3 That version has Wireguard VPN built in. Quote Link to comment
geekmay Posted August 3, 2020 Share Posted August 3, 2020 1 hour ago, trurl said: That version has Wireguard VPN built in. I read that but unfortunately I am behind CGNAT so DDNS won't work for me. I was planning to get openVPN to AWS or any other cloud provider and using that public IP to have unattended access when on vacation. Quote Link to comment
ImBadAtThis Posted August 4, 2020 Share Posted August 4, 2020 @peter_sm Before I install, I just wanted to make sure that this is still supported. I see discussion of potentially deprecating bc of wireguard implementation. Quote Link to comment
ReidS Posted August 14, 2020 Share Posted August 14, 2020 I just recently added the server plugin to a new server I brought online and have been having some trouble. I updated the cs.openvpnserver to fix the j16 to j14 on the two lines and that did the trick, but I'm having trouble generating the server certificates. I know they can take time to generate as I have successfully set up two of these servers with the OpenVPN Server plugin in the past. Here's what I'm getting now in the log... "/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 769: ./easyrsa: Permission denied" I looked at the scripting in the file at 769, but I'll admit I'm not the expert here. Looking for any advice. Thank you in advance. Quote Link to comment
MCP Posted August 22, 2020 Share Posted August 22, 2020 (edited) Hi, first thanks for the support in this thread or board 🙂 I configured "OpenVPN Client" with my provider pia or with nordvpn. Both works fine and all dockers route over the tunnel. Now i have one Problem: my unRaid IP: 192.168.11.100 my homenetwork: 192.168.11.0/24 my other networks (192.168.10.0/24, 192.168.12.0/24, 192.168.13.0/24) > they are connected over LAN LAN VPN over unify if i started the Openvpn Cflient i only could connect to my homenetwork (192.168.11.0/24) and not to my Lan-Lan networks and also not from my Lan-Lan networks to my homenetwork. my routing without OpenVPN Client: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default USG.local 0.0.0.0 UG 209 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.11.0 0.0.0.0 255.255.255.0 U 209 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 my routing WITH OpenVPN client Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun5 default USG.local 0.0.0.0 UG 209 0 0 br0 10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tun5 89.40.changed USG.local 255.255.255.255 UGH 0 0 0 br0 128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun5 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.11.0 0.0.0.0 255.255.255.0 U 209 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 How could i manage that? Thanks a lot Edited August 22, 2020 by MCP Quote Link to comment
LeGreatMaxiking Posted August 24, 2020 Share Posted August 24, 2020 (edited) Hey I´m stuck. Wanted to redo my VPN after wiping my cache drive. When i click on "Install RSA Key..." nothing happens Edited August 24, 2020 by LeGreatMaxiking Quote Link to comment
DeathStrike87 Posted August 26, 2020 Share Posted August 26, 2020 (edited) On 8/24/2020 at 7:05 PM, LeGreatMaxiking said: Hey I´m stuck. Wanted to redo my VPN after wiping my cache drive. When i click on "Install RSA Key..." nothing happens I am having the same issue. New user. Can someone explain how to install the files manually? I tried copying to /mnt/user/appdata/myVPNServer/easy-rsa/ but nothing happens when i refresh. EDIT: I managed to get this working. The correct path for anyone that wants to do install easy-rsa manually is: /mnt/user/appdata/myVPNServer/easy-rsa/easyrsa3/ I moved the contents from the extracted folder to the above location and then it pics up the installed version and can proceed. Edited August 26, 2020 by DeathStrike87 Quote Link to comment
hkinks Posted September 1, 2020 Share Posted September 1, 2020 (edited) Had also the same issues with installing RSA. Looks like in `/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver` line 376 it tries to get the easy-rsa zip url, but something must have changed and it fails to parse it out correctly: EASYRSA_DL_VERSION=$(curl --fail --silent https://github. com/OpenVPN/easy-rsa/ | grep zip | grep archive | cut - d\" -f16 | cut -d\" -f1 | sed 's#^#https://github.com#g' | grep -v "sig") For a quick dirty fix I just hardcoded the package url there. Edited September 1, 2020 by hkinks Quote Link to comment
BladeXP1985 Posted September 2, 2020 Share Posted September 2, 2020 (edited) I have the same problem with the item "Insatll RSA Key management Package (Easy-RSA). What is the folder path for where I have to unpack the ZIP or how can I rewrite the rc.openvpnserver? EDIT: I have found my mistake. I had extracted the master.zip into the folder and not the normal version. Edited September 2, 2020 by BladeXP1985 Quote Link to comment
armandkd Posted September 20, 2020 Share Posted September 20, 2020 On 9/1/2020 at 7:44 PM, hkinks said: Had also the same issues with installing RSA. Looks like in `/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver` line 376 it tries to get the easy-rsa zip url, but something must have changed and it fails to parse it out correctly: EASYRSA_DL_VERSION=$(curl --fail --silent https://github. com/OpenVPN/easy-rsa/ | grep zip | grep archive | cut - d\" -f16 | cut -d\" -f1 | sed 's#^#https://github.com#g' | grep -v "sig") For a quick dirty fix I just hardcoded the package url there. Had the same issue, you need to edit that line and replace "-f16" with "-f14". Install works great after this edit. Github probably modified its HTML. 2 1 Quote Link to comment
glockmane Posted October 5, 2020 Share Posted October 5, 2020 On 9/20/2020 at 11:09 AM, armandkd said: Had the same issue, you need to edit that line and replace "-f16" with "-f14". Install works great after this edit. Github probably modified its HTML. This fixed it! But now I got the same problem when clicking "GENERATE THE SERVER CERTIFICATES AND KEYS" Quote Link to comment
Septimus Heap Posted October 6, 2020 Share Posted October 6, 2020 (edited) Hi Peter, I just configured my second Unraid Server, and so far everything worked. I changed the Cert and Misc Settings and saved them. But now, when I want to Install Easy RSA it seemingly does nothing, and the page just reloades. And then it still says I have to download easy rsa. But when I check the openvpn folder, there are just index.htmls appearing every time I press install... then I just deleted these and copied the easy rsa folder from the working unraid server, and then I got all the 3 checkboxes green. But when I now press on the start the server button, again, it just reloads and nothing happens... I have absolutely no Idea why its not working... they are Identical in regards to the specs and the settings... I hope you can help me! Best regards Septimus Edited October 6, 2020 by Septimus Heap Quote Link to comment
Nnyan Posted October 9, 2020 Share Posted October 9, 2020 noob to unraid and I wanted to setup OpenVPN so that it could connect to my VPN service (Mullvad) and I can route certain containers traffic to OpenVPN. I'm assuming that I need to install the client and not the server but when I did it asked to to add the Mullvad config file but while I can do the select file drop down it doesn't actually do anything. How do I upload the config file if this doesn't work? Quote Link to comment
jesta Posted October 28, 2020 Share Posted October 28, 2020 The "Logs" page is partly empty for me. Only the "$ ip route show" window is populated with information, the openvpn log and status doesn't show up. I guess status is empty if I'm running in client mode? Where does the plugin expect the log file to be? Quote Link to comment
chrisp7 Posted October 28, 2020 Share Posted October 28, 2020 On 8/22/2020 at 5:07 PM, MCP said: Hi, first thanks for the support in this thread or board 🙂 I configured "OpenVPN Client" with my provider pia or with nordvpn. Both works fine and all dockers route over the tunnel. Now i have one Problem: my unRaid IP: 192.168.11.100 my homenetwork: 192.168.11.0/24 my other networks (192.168.10.0/24, 192.168.12.0/24, 192.168.13.0/24) > they are connected over LAN LAN VPN over unify if i started the Openvpn Cflient i only could connect to my homenetwork (192.168.11.0/24) and not to my Lan-Lan networks and also not from my Lan-Lan networks to my homenetwork. my routing without OpenVPN Client: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default USG.local 0.0.0.0 UG 209 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.11.0 0.0.0.0 255.255.255.0 U 209 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 my routing WITH OpenVPN client Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun5 default USG.local 0.0.0.0 UG 209 0 0 br0 10.8.8.0 0.0.0.0 255.255.255.0 U 0 0 0 tun5 89.40.changed USG.local 255.255.255.255 UGH 0 0 0 br0 128.0.0.0 10.8.8.1 128.0.0.0 UG 0 0 0 tun5 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.11.0 0.0.0.0 255.255.255.0 U 209 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 How could i manage that? Thanks a lot I have the same issue. I have setup and port forwarded and able to connect successfully to my home network but unable to access LAN folders/LAN addresses eg the router/unraid. Anyone have any tips? One clue might be the fact that I have a modem and a router connected to that (I have port forwarded from the modem to my router). Thank you! Quote Link to comment
turingking Posted October 30, 2020 Share Posted October 30, 2020 Fri Oct 30 17:58:31 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019 Fri Oct 30 17:58:31 2020 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10 Fri Oct 30 17:58:31 2020 Diffie-Hellman initialized with 4096 bit key Fri Oct 30 17:58:31 2020 Failed to extract curve from certificate (UNDEF), using secp384r1 instead. Fri Oct 30 17:58:31 2020 ECDH curve secp384r1 added Fri Oct 30 17:58:31 2020 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Fri Oct 30 17:58:31 2020 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Fri Oct 30 17:58:31 2020 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Fri Oct 30 17:58:31 2020 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Fri Oct 30 17:58:31 2020 ROUTE_GATEWAY 192.168.3.1/255.255.255.0 IFACE=br0 HWADDR=00:1b:21:54:c1:c0 Fri Oct 30 17:58:31 2020 TUN/TAP device tun0 opened Fri Oct 30 17:58:31 2020 TUN/TAP TX queue length set to 100 Fri Oct 30 17:58:31 2020 /usr/sbin/ip link set dev tun0 up mtu 1500 Fri Oct 30 17:58:31 2020 /usr/sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2 Fri Oct 30 17:58:31 2020 /usr/sbin/ip route add 10.8.0.0/24 via 10.8.0.2 Fri Oct 30 17:58:31 2020 Could not determine IPv4/IPv6 protocol. Using AF_INET Fri Oct 30 17:58:31 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Fri Oct 30 17:58:31 2020 TCP/UDP: Socket bind failed on local address [AF_INET]192.168.3.20:1194: Cannot assign requested address (errno=99) Fri Oct 30 17:58:31 2020 Exiting due to fatal error Fri Oct 30 17:58:31 2020 /usr/sbin/ip route del 10.8.0.0/24 Fri Oct 30 17:58:31 2020 Closing TUN/TAP interface Fri Oct 30 17:58:31 2020 /usr/sbin/ip addr del dev tun0 local 10.8.0.1 peer 10.8.0.2 Failed to bind port Quote Link to comment
baldfox Posted November 12, 2020 Share Posted November 12, 2020 (edited) Hi guys, just wanted to say thanks to the developer of this plugin, it's been working flawlessly for me for the last year or so, but recently (maybe 2-3 weeks ago), something seems to have changed and now I can't get it to work. I have been able to generate several ovpn's without issue and connected remotely via ios, android and laptop, so I had a decent handle on setting up connections. Since i've installed and connected wireguard though, the openvpn server is running, but none of the devices can connect. the log on the client just seems to freeze. I've refreshed certs and created a fresh ovpn but to no avail. I was wondering if anyone was aware of wireguard installation/activation knocking something out on the openvpn side? I liked having openvpn running as a backup to wireguard (am in another country to my server). Any thoughts? The error appears to be TLS handshake related, but that's gone straight over my head... Thu Nov 12 16:51:02 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1194 Thu Nov 12 16:51:02 2020 Socket Buffers: R=[65536->65536] S=[65536->65536] Thu Nov 12 16:51:02 2020 UDP link local: (not bound) Thu Nov 12 16:51:02 2020 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1194 Thu Nov 12 16:51:02 2020 MANAGEMENT: >STATE:1605178262,WAIT,,,,,, Thu Nov 12 16:52:03 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Nov 12 16:52:03 2020 TLS Error: TLS handshake failed thx *** EDIT: i restarted the server again but now am getting the blank install rsa key management package issue as a few posts above. I managed to manually install easyrsa, but am stuck with generating server certs... it just loops without actually generating as far as I can tell *** Edited November 12, 2020 by baldfox update Quote Link to comment
baldfox Posted November 12, 2020 Share Posted November 12, 2020 On 10/6/2020 at 1:10 AM, glockmane said: This fixed it! But now I got the same problem when clicking "GENERATE THE SERVER CERTIFICATES AND KEYS" did you manage to fix that? I too have now got this issue. Quote Link to comment
jiggad369 Posted November 13, 2020 Share Posted November 13, 2020 Hey guys, Is it possible to use WG Server and this OVPN Client simultaneously? I have both working but if I have the client side on, I can’t get any sites to load. Soon as I turn it off, I can access the websites. Quote Link to comment
sergio barzasi Posted November 16, 2020 Share Posted November 16, 2020 Hi, I just installed the openvpn CLIENT plugin which connects to the openvpn.net server on their cloud. My unraid server has two network cards: eth0 - br0 192.168.2.0/24 with gateway 192.168.2.1 (adsl line with slow upload) eth1 - br1. 192.168.1.0/24 with gateway 192.168.1.1 (LTE line with fast upload) is it possible to make a way that the plugin uses the eth1 network interface for the activation of the tunnel to the server and at the same time redirects the traffic to the eth0 interface? This is to be able to take advantage of the VPN on the fast LTE line. I have not installed the VPN server directly on unraid because the LTE line has no public IP address but is under NAT thanks Quote Link to comment
Turnspit Posted November 17, 2020 Share Posted November 17, 2020 Hi! Trying to get the Client Plugin to work, I always get the following error: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache. Being new to UnRAID, I have no idea what this means. Connecting to my OpenVPN server from Windows or Android works without problems. Thanks in advance! 🙂 Quote Link to comment
MrLinford Posted November 18, 2020 Share Posted November 18, 2020 Wed Nov 18 18:34:10 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019 Wed Nov 18 18:34:10 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 Wed Nov 18 18:34:10 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.52.1:1198 Wed Nov 18 18:34:10 2020 UDP link local: (not bound) Wed Nov 18 18:34:10 2020 UDP link remote: [AF_INET]212.102.52.1:1198 I have found that the VPN is giving the above, and i see others have the same issue. How can I resolve this? Quote Link to comment
Turnspit Posted November 26, 2020 Share Posted November 26, 2020 On 11/17/2020 at 4:09 PM, Turnspit said: Hi! Trying to get the Client Plugin to work, I always get the following error: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache. Being new to UnRAID, I have no idea what this means. Connecting to my OpenVPN server from Windows or Android works without problems. Thanks in advance! 🙂 I found a solution to my problem! I've added the following line to my .ovpn-file: askpass /boot/openvpn/auth.pass Then I created the auth.pass file besides the .ovpn-file and just added a single line with my OVPN-client password to it. In the plugin, I deactivated the login option, startet the connection and - voila - I successfully connected my unRAID client to my OVPN-Server. 🙂 Quote Link to comment
MrLinford Posted November 30, 2020 Share Posted November 30, 2020 On 11/18/2020 at 6:39 PM, MrLinford said: Wed Nov 18 18:34:10 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019 Wed Nov 18 18:34:10 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 Wed Nov 18 18:34:10 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.52.1:1198 Wed Nov 18 18:34:10 2020 UDP link local: (not bound) Wed Nov 18 18:34:10 2020 UDP link remote: [AF_INET]212.102.52.1:1198 I have found that the VPN is giving the above, and i see others have the same issue. How can I resolve this? I finally got some time to look at this, ended up having to download new OpenVPN setting from my VPN provider Quote Link to comment
fujitsubo Posted December 1, 2020 Share Posted December 1, 2020 On 11/12/2020 at 8:53 PM, baldfox said: *** EDIT: i restarted the server again but now am getting the blank install rsa key management package issue as a few posts above. I managed to manually install easyrsa, but am stuck with generating server certs... it just loops without actually generating as far as I can tell *** same issue for me. i got a feeling this plugin will soon be unmaintained due to WG Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.