OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

On 7/2/2020 at 4:44 PM, jppanchaud said:

Hello all,

 

Apologies, I am completely stuck and fear I am asking a simple question...

 

1. Plugin installed

2. Cert & misc settings tab - valid appdata folder, click update list of easyRSA, select the latest version. It downloads to my PC.

3. Main OpenVPN server tab - "Easyrsa is not downloaded". Click on "install rsa key management package". 

4. Screen reloads but nothing changes. It still says "Easyrsa is not downloaded".

 

I've looked everywhere but can't find what I have done wrong. Any help greatly appreciated!

Hello, I am having the same issue, but when I scroll down in this thread I'm not sure I understand the solution.

 

I also have the exact same 4 points from the quote above.

 

Has anyone else run in to this and been able to fix it?

 

Thank you,

Link to comment
22 hours ago, ppompili said:

 

Has anyone else run in to this and been able to fix it?

 

Thank you,

 

i honestly gave up on this plugin because latest issues with it and just moved over to using wireguard. it  does not suit everyone's needs i know that and i had never even heard of it until someone mentioned it in this thread. but it was easy to setup and its fast as hell from all the testing i have done with it.

Edited by fujitsubo
Link to comment

It is super confusing, took me an hour to figure this out.  Partly because the download/install of easy-rsa isn't working.  To by pass that step,.. do the following;

- Downloaded the easy-rsa v.3.0.5. 

- Unzip it and placed in the /mnt/user/appdata/openvpn-server/ directory. (or wherever your openvpn directory is)

- name the downloaded folder easy-rsa (i.e. /mnt/user/appdata/openvpn-server/easy-rsa)

- Don't press Install RSA Key buttom,.. the above step essentially installed the RSA.  pressing again will delete the existing folder and download a index.html page broken link...  (don't ask how many times I pressed that button... :()

- ssh in and run chmod +x /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa to make it executable.

- Press Generate the server certificates and keys.

wait for a while.. eventually you will see green text on screen when it generates certs.

 

hope this helps

  • Thanks 1
Link to comment
On 12/9/2020 at 7:43 PM, LeoRX said:

- ssh in and run chmod +x /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa to make it executable.

 

Thank you for this. This looks like the key to fixing my issue. My easyrsa was in a different directory, but after chmod, it allowed me to pass through. I did indeed need to wait 2-3 minutes for the certs to be generated. Thanks again for the reply!

 

Link to comment

Well, I found a quick fix for the broken easy-rsa download if anyone wants to use it. It worked for my system but I don't know if it will work for yours (although it should).

 

1) Go to your the scripts directory in your plugin installation directory it should be located in:

 /usr/local/emhttp/plugins/openvpnserver/scripts

 

2) Use nano (or your favorite text editor) to edit the rc.openvpnserver script.

 

3) Using your text editor scroll down until you hit a function called "openvpnserver_get_easy", in this function you will want to make the following changes:

delete or comment out:

wget $EASYRSA_DL_VERSION line, this command is causing problems since an earlier curl does not work properly.

replace this line with this command:

wget "https://github.com/OpenVPN/easy-rsa/archive/master.zip"

And, that's it!.

 

After you save the script you can run the following command to download easy rsa, or you could click on the GUI's button. Your choice: 

./rc.openvpnserver download_easy-rsa

 

 

It is worthy to note that this is a more or less patchwork solution, while it works now I do not know how long it will remain that way. If you have any suggestions or questions, leave a response.

 

Good luck!.

 

Edited by Imperioous
  • Like 1
Link to comment
  • 2 weeks later...

Hi,

 

I just want to point out two options which I believe are incorrectly set in the server configuration (2 errors are generated in the client log when connecting to the server):

 

push "resolv-retry infinite" : resolve -retry is used on the client side before connecting to the vpn server, so it cannot be pushed to the client

push "remote-gateway <IP>" : no such option seems to exist (see https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/). I believe the already existing "push "redirect-gateway def1"" option is what was meant.

 

I commented out these 2 lines with a "#" and the errors no longer show up in the client log.

 

Besides that, the plugin works fine on my side as of today (01/01/2021 on Unraid 6.8.3), so thank you very much to the author ;-).

 

Besides, if I may suggest a new feature: it would be nice if one could more easily bypass the easy-rsa and certificate creation process. I already have my CA certificate and use another system to manage my servers/users certificates and keys and it was a bit difficult to make the plugin understand that they already existed.

 

If one is interested : the trick is to not only put all your certs and key in the /mnt/user/appdata/openvpn-server (or whichever other folder you selected) but also to put a ca.cert and dh.pem file in /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa3/pki in order to trick the plugin into thinking that the rsa key creation completed successfully on the machine.

 

Best,

OP

Edited by Opawesome
Link to comment

@peter_sm Sorry for the dumb question but how do I uninstall it?

I installed it via Community Apps. It shows from the install logs that it is installing as a plugin. I see it listed under Settings as 

"OpenVPN Server TUN mode"

When I look under the Installed Plugins page, I don't see it. I only see the OpenVPN Client that I installed a while ago by the same author.

 

 

image.png.cbf1515ef26517cd270a707428e1001b.png

 

 

image.thumb.png.849f5acd8777d07c6e96279d6038346a.png

Link to comment
On 12/19/2020 at 8:13 PM, Imperioous said:

Well, I found a quick fix for the broken easy-rsa download if anyone wants to use it. It worked for my system but I don't know if it will work for yours (although it should).

 

1) Go to your the scripts directory in your plugin installation directory it should be located in:

 /usr/local/emhttp/plugins/openvpnserver/scripts

 

2) Use nano (or your favorite text editor) to edit the rc.openvpnserver script.

 

3) Using your text editor scroll down until you hit a function called "openvpnserver_get_easy", in this function you will want to make the following changes:

delete or comment out:

wget $EASYRSA_DL_VERSION line, this command is causing problems since an earlier curl does not work properly.

replace this line with this command:

wget "https://github.com/OpenVPN/easy-rsa/archive/master.zip"

And, that's it!.

 

After you save the script you can run the following command to download easy rsa, or you could click on the GUI's button. Your choice: 

./rc.openvpnserver download_easy-rsa

 

 

It is worthy to note that this is a more or less patchwork solution, while it works now I do not know how long it will remain that way. If you have any suggestions or questions, leave a response.

 

Good luck!.

 

This worked great for me. It looks like the sed to get the file name no longer works in the script,

 

curl  --fail --silent https://github.com/OpenVPN/easy-rsa/ | grep zip | grep archive |  cut -d\" -f16 | cut -d\" -f1 | sed 's#^#https://github.com#g' | grep -v "sig"

 

Is this plugin still being maintained?

 

 

Link to comment

Hi,

 

How to create client with password ?

 

on the gui, the password field is disabled=disabled, already try with firebug to delete this part and submit form, but after, the log say: create user with nopass

 

OR

 

How to add password on client already created ?

 

++

Link to comment
  • 2 weeks later...
On 12/19/2020 at 9:13 PM, Imperioous said:

Well, I found a quick fix for the broken easy-rsa download if anyone wants to use it. It worked for my system but I don't know if it will work for yours (although it should).

[...]

Good luck!.

 

You're a freaking hero... Someone should really fork this project with that fix, it's been a hot second

 

Though now I fail to generate the server certificate. It tells me it's going to take a long time, prints a bunch of "-" and "+" signs tells me that a file called dh.pem was created, then stops. After that it still doesn't show the checkmark next to "generate the server certificates and keys", so I can't start the server

Edited by ChalkyChalkson
Link to comment

As an FYI, it *appears* that @peter_sm's user no longer exists in GitHub, with the net result that installations etc of these plugins can no longer happen. This will result in FCP issuing errors about unknown plugins installed.

 

Peter, get in touch with me with replacement URLs etc if you've simply renamed your user.

 

Thanks.

Link to comment
  • 1 month later...
On 3/29/2021 at 5:25 AM, truckerCLOCK said:

I know this is pretty much an unsupported plug in but I was wondering if anyone still uses it and if you've upgraded to 6.9.1 without any issues?

Still works for me.   The key is download easy-rsa v3.0.5 manually.

 

 

Link to comment
  • 4 weeks later...

Hello everybody,

Some time ago I forked the petersm1 Project on Github, modified the Code to be able to use a bridged tap instead of tun.  (layer 2).

 

This works good, but everyone has to be aware that Layer 2 has a bit more overheat, I modified it to be able to use Lan Games which use a broadcast. Also, Layer 2 (tap device) does not work under Android, but there is a paid APP that emulates the tap device. You can find my Fork here:

https://github.com/DeBaschdi/openvpnserver 

Edited by DeBaschdi
Link to comment
7 hours ago, cbr600ds2 said:

App was working fine until today.  now it seems like when you try to get to settings nothing happens.. Just returns blank page.  Anyone having that issue?  

 

I guess I should go to wireguard...

works fine for me.  my page takes a few seconds to load the pages.

Link to comment
  • 2 weeks later...
  • 2 weeks later...
On 5/13/2021 at 9:46 AM, remati said:

I know you have to download easy-rsa v.3.0.5 for the server plugin to make this plugin work on unraid 6.9+ but what about the client plugin? Does it work out the box or do we need extra steps?

client plugins?  works with standard openvpn client.  I use openvpn for android.

just load the .openvpn file it should just work.  (make sure router port forwarding is setup..etc)

Link to comment
On 5/25/2021 at 2:56 AM, LeoRX said:

client plugins?  works with standard openvpn client.  I use openvpn for android.

just load the .openvpn file it should just work.  (make sure router port forwarding is setup..etc)

 

On 9/26/2014 at 8:37 AM, peter_sm said:

Client



https://raw.githubusercontent.com/petersm1/openvpn_client_x64/master/openvpn_client_x64.plg

 

 

There is a client plugin where your unraid server becomes an openvpn client. Although the above githubusercontent link no longer works because petersm is no longer on github. I've had it installed on my unraid for a few years now and have it paired with unassigned devices to access SMB shares at a remote location. Eventually I think I might need to offload this task to the router.

Edited by remati
Link to comment
  • 3 weeks later...
On 6/14/2021 at 1:37 AM, metabubble said:

Since this one is basically dead, is there any OpenVPN server for unraid that will work on a stopped array? I use encryption and I would love to be able to recover in case my battery power ran out and the server had to be shut down.

Not quite the question you asked but is there any reason to not use the WireGuard VPN that is built into recent UnRaid releases.    That can be used regardless of whether the array is started or not.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.