OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

I hoping I'm doing something stupid.  My server configuration is attached.  I use Viscosity in my mac for VPN.  But I can't seem to connect to my unraid server :(  It fails on TLS handshake.

 

I've opened port 1194 in my router. 

 

Here is what I see on client side:

Jan 08 14:32:22: Viscosity Mac 1.5.11 (1314)
Jan 08 14:32:22: Viscosity OpenVPN Engine Started
Jan 08 14:32:22: Running on Mac OS X 10.7.5
Jan 08 14:32:22: ---------
Jan 08 14:32:22: Checking reachability status of connection...
Jan 08 14:32:22: Connection is reachable. Starting connection attempt.
Jan 08 14:32:22: OpenVPN 2.3.8 x86_64-apple-darwin [sSL (OpenSSL)] [LZO] [PKCS11] [MH] [iPv6] built on Sep 23 2015
Jan 08 14:32:22: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09
Jan 08 14:32:23: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.puyVrx/ta.key' as a OpenVPN static key file
Jan 08 14:32:23: UDPv4 link local: [undef]
Jan 08 14:32:23: UDPv4 link remote: [AF_INET]99.XXX.XXX.XXX:1194
Jan 08 14:33:23: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 08 14:33:23: TLS Error: TLS handshake failed
Jan 08 14:33:23: SIGUSR1[soft,tls-error] received, process restarting

 

Do I need to open more ports?  Or is there something else with the configuration that's incorrect?

 

Thanks for your help!

Screen_Shot_2016-01-08_at_2_30.13_PM.png.52caec233bbec45c723420cc162de1a1.png

Link to comment

I'm having some issues configuring this as well.  I have the plugin installed. But it I can't figure out what ip I need to forward to on my router.  Do I open the ports for my IP to the unRaid server?  I did a port scan on my unRaid and 1194 didn't come back as being open. Is that normal?

Link to comment

Im having issues connecting as well....I setup the server several days ago..following all the instructions (after my one idiotic oversight) and then proceeded to create a user.  I created a user for iOS, and therefore went to my Cert folder and opened the ZIP file to install the profile file first, then loaded the opvn file.

 

Ive tried 2 different ports for the server, and I get the same issue....it finds the server, but hangs in the "connecting" phase.

 

Here it the logs from the OPENVPN app.....any thoughts on why it wont connect?

 

Appreciate the help!!!!!

 

2016-01-09 18:33:58 Connecting to 24.xxxxxxxxxxxxxx:XXxX (24.xxxxxxxxxxxxxx) via UDPv4
2016-01-09 18:33:58 EVENT: CONNECTING
2016-01-09 18:33:58 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
2016-01-09 18:33:58 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2016-01-09 18:33:59 VERIFY OK: depth=1
cert. version    : 3
serial number    : EC:2E:8A:D0:3D:58:52:CE
issuer name      : CN=Easy-RSA CA
subject name      : CN=Easy-RSA CA
issued  on        : 2015-12-31 03:23:12
expires on        : 2025-12-28 03:23:12
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=true
key usage        : Key Cert Sign, CRL Sign

2016-01-09 18:33:59 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : CN=Easy-RSA CA
subject name      : CN=server
issued  on        : 2015-12-31 03:23:13
expires on        : 2025-12-28 03:23:13
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2016-01-09 18:34:07 EVENT: DISCONNECTED
2016-01-09 18:34:07 Raw stats on disconnect:
  BYTES_IN : 5672
  BYTES_OUT : 10824
  PACKETS_IN : 10
  PACKETS_OUT : 35
  KEEPALIVE_TIMEOUT : 1
  N_RECONNECT : 1
2016-01-09 18:34:07 Performance stats on disconnect:
  CPU usage (microseconds): 426654
  Network bytes per CPU second: 38663
  Tunnel bytes per CPU second: 0
2016-01-09 18:34:07 ----- OpenVPN Stop -----


Link to comment

Thanks Peter!!!!

 

I made the changes to the Server settings and then created/used the inline option.

 

Assume that leaving this port open is "OK" as nothing can connect to OpenVPN w/o the Cert details correct?

 

And I should be able to edit the inline file to replace the WAN IP to a Dynamic Hose such as DuckDNS correct (vs. the static IP it inserted into the file?)

 

Appreciate your help.  Love your work and dedication!!

Link to comment

I'm probably missing something basic here but I've tried a couple times and cannot get it to work.

 

Can anyone tell me what I'm doing wrong?

 

Running Unraid v 6.1.7

 

1. Installed the Server plugin

2. Defined the path to store config files

3. Installed Easy-RSA

4. Click on the Generate keys and certificates -- after this point the Dynamix GUI hangs for a few seconds, reloads and the red X remains. Log shows nothing happens after this point.

 

Jan 18 19:17:51 Aegir emhttp: cmd: /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin install https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg

Jan 18 19:17:52 Aegir logger: plugin: skipping: /boot/packages/tcl-8.6.2-x86_64-2.txz already exists

Jan 18 19:17:52 Aegir logger: plugin: running: /boot/packages/tcl-8.6.2-x86_64-2.txz

Jan 18 19:17:52 Aegir logger: plugin: skipping: /boot/packages/expect-5.44.1.15-x86_64-2.txz already exists

Jan 18 19:17:52 Aegir logger: plugin: running: /boot/packages/expect-5.44.1.15-x86_64-2.txz

Jan 18 19:17:52 Aegir logger: plugin: creating: /boot/packages/openvpn-2.3.9-x86_64-1.txz - downloading from URL http://mirrors.slackware.com/slackware/slackware64-current/slackware64/n/openvpn-2.3.9-x86_64-1.txz

Jan 18 19:17:53 Aegir logger: plugin: checking: /boot/packages/openvpn-2.3.9-x86_64-1.txz - MD5

Jan 18 19:17:53 Aegir logger: plugin: running: /boot/packages/openvpn-2.3.9-x86_64-1.txz

Jan 18 19:17:53 Aegir logger: plugin: creating: /boot/config/plugins/openvpnserver/openvpnserver-2015.12.23.tar.gz - downloading from URL https://github.com/petersm1/openvpnserver/archive/2015.12.23.tar.gz

Jan 18 19:17:55 Aegir logger: plugin: running: anonymous

Jan 18 19:17:55 Aegir logger: plugin: creating: /var/local/emhttp/plugins/openvpnserver/check-my-ip.sh - from INLINE content

Jan 18 19:17:55 Aegir logger: plugin: setting: /var/local/emhttp/plugins/openvpnserver/check-my-ip.sh - mode to 0770

Jan 18 19:17:55 Aegir logger: plugin: creating: /var/log/plugins/openvpnserver - from INLINE content

Jan 18 19:18:39 Aegir rc.openvpnserver[21632]: Plugin configuration for certs written

Jan 18 19:18:44 Aegir php: /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver 'download_easy-rsa'

Jan 18 19:18:50 Aegir php: /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver 'create_server_cert'

 

 

Thanks in advance!

Link to comment

I tried again, using disk1 instead of user but getting the same results unfortunately.

 

init-pki complete; you may now create a CA or requests.

Your newly created PKI dir is: /mnt/disk1/appdata/myVPNserver/easy-rsa/easyrsa3/pki

 

/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

 

Checking in the Easyrsa folder there is indeed no folder called PKI.

Link to comment

You see that the directory doesn't exist ? Try move away from user share and use disk instead , maybe you didn't save settings?

 

Something is wrong on your system, you have a missing libs!

 

/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

 

 

What more plugins do you have installed ?

 

Please post syslog

//Peter

Link to comment

You see that the directory doesn't exist ? Try move away from user share and use disk instead , maybe you didn't save settings?

 

Something is wrong on your system, you have a missing libs!

 

/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

 

 

What more plugins do you have installed ?

 

Please post syslog

//Peter

 

Syslog attached

 

Plugins installed;

 

Powerdown package 2.18

OpenVPN Server TUN mode

Community Applications

Dynamic webGui

unRAID Server OS

 

 

syslog.pdf

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.