OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

It's OK, your issue is with the lib error you have. And that I cant give you any help on. Pleas ask LT (Jonp or Tom)

 

usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory
/usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory

 

try to only have OpenVPN installed and remove the other an see if that helps.

 

//Peter

 

Link to comment
  • 2 weeks later...
  • 1 month later...

So my VPN kept reasserting itself with a default route to send all traffic over the VPN when I have extended routing for specific IP's only selected.  It would also clear my specific IP host routes from my routing table read from the Webbaddresses.txt file

 

I had to adjust the metric of my normal default route to take priority over the VPN default route however when this happens the route entry for specific IP's would get cleared out too.

 

I found the cause in the logs and when the default route I don't want gets inserted, Any ideas on how to make sure the extended routing of specific IP's only sticks when the VPN resets/connects?

 

I might have to create a cron job that runs like every min to read the routing table and insert the routes manually if there is no other fix to this.

 

Thanks

 

Log

 

Tue Mar  1 01:20:50 2016 [vpn] Inactivity timeout (--ping-restart), restarting

Tue Mar  1 01:20:50 2016 SIGUSR1[soft,ping-restart] received, process restarting

Tue Mar  1 01:20:50 2016 Restart pause, 2 second(s)

Tue Mar  1 01:20:52 2016 Socket Buffers: R=[212992->425984] S=[212992->212992]

Tue Mar  1 01:20:52 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]209.197.20.207:1194

Tue Mar  1 01:20:52 2016 UDPv4 link local: [undef]

Tue Mar  1 01:20:52 2016 UDPv4 link remote: [AF_INET]209.197.20.207:1194

Tue Mar  1 01:21:07 2016 TLS: Initial packet from [AF_INET]209.197.20.207:1194, sid=883df6eb a9137f82

Tue Mar  1 01:21:07 2016 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN

Tue Mar  1 01:21:07 2016 Validating certificate key usage

Tue Mar  1 01:21:07 2016 ++ Certificate has key usage  00a0, expects 00a0

Tue Mar  1 01:21:07 2016 VERIFY KU OK

Tue Mar  1 01:21:07 2016 Validating certificate extended key usage

Tue Mar  1 01:21:07 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Tue Mar  1 01:21:07 2016 VERIFY EKU OK

Tue Mar  1 01:21:07 2016 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN

Tue Mar  1 01:21:07 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Tue Mar  1 01:21:07 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Tue Mar  1 01:21:07 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Tue Mar  1 01:21:07 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication

Tue Mar  1 01:21:07 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Tue Mar  1 01:21:07 2016 [vpn] Peer Connection Initiated with [AF_INET]209.197.20.207:1194

Tue Mar  1 01:21:09 2016 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)

Tue Mar  1 01:21:09 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 262144,explicit-exit-notify 5,route-gateway 172.21.80.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.80.5 255.255.254.0'

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: timers and/or timeouts modified

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: explicit notify parm(s) modified

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

Tue Mar  1 01:21:09 2016 Socket Buffers: R=[425984->425984] S=[212992->212992]

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: --ifconfig/up options modified

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: route options modified

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: route-related options modified

Tue Mar  1 01:21:09 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Tue Mar  1 01:21:09 2016 Preserving previous TUN/TAP instance: tun5

Tue Mar  1 01:21:09 2016 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.

Tue Mar  1 01:21:09 2016 /usr/sbin/ip route del 209.197.20.207/32

Tue Mar  1 01:21:09 2016 /usr/sbin/ip route del 0.0.0.0/1

RTNETLINK answers: No such process

Tue Mar  1 01:21:09 2016 ERROR: Linux route delete command failed: external program exited with error status: 2

Tue Mar  1 01:21:09 2016 /usr/sbin/ip route del 128.0.0.0/1

RTNETLINK answers: No such process

Tue Mar  1 01:21:09 2016 ERROR: Linux route delete command failed: external program exited with error status: 2

Tue Mar  1 01:21:09 2016 Closing TUN/TAP interface

Tue Mar  1 01:21:09 2016 /usr/sbin/ip addr del dev tun5 172.20.20.18/22

Tue Mar  1 01:21:10 2016 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:70:79:ac

Tue Mar  1 01:21:10 2016 TUN/TAP device tun5 opened

Tue Mar  1 01:21:10 2016 TUN/TAP TX queue length set to 100

Tue Mar  1 01:21:10 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Tue Mar  1 01:21:10 2016 /usr/sbin/ip link set dev tun5 up mtu 1500

Tue Mar  1 01:21:10 2016 /usr/sbin/ip addr add dev tun5 172.21.80.5/23 broadcast 172.21.81.255

Tue Mar  1 01:21:10 2016 /usr/sbin/ip route add 209.197.20.207/32 via 192.168.2.1

Tue Mar  1 01:21:10 2016 /usr/sbin/ip route add 0.0.0.0/1 via 172.21.80.1

Tue Mar  1 01:21:10 2016 /usr/sbin/ip route add 128.0.0.0/1 via 172.21.80.1

Link to comment

d.bech,

 

What's not as clear as it could be in other docs is essentially this.

 

Create a openvpn folder on your flash.

 

Drop your .ovpn config file in this directory.  The plugin does not create this folder or a sample file to work with even though it probably should.

 

In the GUI, select the .ovpn file you created that has the majority of your vpn settings in it.  These settings are not in the web interface but edited in this config file.  Download a sample file to get you started on what the file looks like and what it does.  Once the file is in the right folder and named correctly, the web GUI can select it as your "VPN" profile per say.  If you are using CA certs or client authentication certificates you must create on your own, they also should be dropped in this folder and referenced in your config file.

 

Also if you want to use extended routing, you have to create a webaddress.txt file in the openvpn folder.  it will read this file and create routing table entries for when the VPN starts.  No where in the GUI will it create this file for you or edit it.  Must be done manually.

 

Link to comment

I love this Plugin, especially since it keeps running when I stop my array! Docker frustrated me in my remoting efforts.

 

I have gladly set the server up to run on port 80, which it shares with my nginx server (that uses 480 internally).

 

It does so through the config line

 

"port-share 127.0.0.1 480"

 

This way I can access the server even on locked down hotspots that only allow http(s), so long as they dont inspect packets :P

 

Also a port scanner wont identify my server as running openvpn as easily.

 

Would be lovely if you enabled this in the Plugin settings page, so it would not reset when saving ..

 

Otherwise a really great and secure way to access my server on the go!

 

 

Link to comment

Just a small request, really.

 

If you set

 

"port-share IP PORT"

 

in the openvpnserver.ovpn file

your openvpn server passes through http requests on its port. You can therefore let it run on port 443 (or 80) and pass through http requests to your webserver (running on PORT).

 

This way you can server http content on the same port as the vpn, which is helpful if you want to circumvent firewall restrictions typically found on hotspots, but also want to keep your webserver running.

 

If you add the option to set port-share in the web menu the setting would not be lost on saving.

Else any time a setting is changed on the Plugin config site, I have to re-add the port share line to my config.  :D

Link to comment

tried to install the plugin.  the mirror url is incorrect and fails for the openvpn server module

 

plugin: installing: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg

plugin: downloading https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg

plugin: downloading: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg ... done

plugin: downloading: http://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.4-x86_64-2.txz ... failed (Invalid URL / Server error response)

plugin: wget: http://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.4-x86_64-2.txz download failure (Invalid URL / Server error response)

 

Link to comment

Do this

1: Change and save settings in Cert and Misc Settings first.

2: Install Easy-rsa.

3:Generate server certificate ... This take several minutes .....

4: Set and save Server config even if you use default settings you need to save.

5:Generate clients.

6: start server .

 

//Peter

 

Link to comment

unzip missing???

 

root@Server:/boot/rclone/scripts# /etc/rc.d/rc.openvpnserver download_easy-rsa

--2016-03-05 12:41:06--  https://github.com/OpenVPN/easy-rsa/archive/master.zip

Resolving github.com (github.com)... 192.30.252.131

Connecting to github.com (github.com)|192.30.252.131|:443... connected.

HTTP request sent, awaiting response... 302 Found

Location: https://codeload.github.com/OpenVPN/easy-rsa/zip/master [following]

--2016-03-05 12:41:06--  https://codeload.github.com/OpenVPN/easy-rsa/zip/master

Resolving codeload.github.com (codeload.github.com)... 192.30.252.161

Connecting to codeload.github.com (codeload.github.com)|192.30.252.161|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 55508 (54K) [application/zip]

Saving to: ‘master.zip’

 

master.zip                                100%[=======================================================================================>]  54.21K  --.-KB/s  in 0.1s

 

2016-03-05 12:41:06 (384 KB/s) - ‘master.zip’ saved [55508/55508]

 

/etc/rc.d/rc.openvpnserver: line 286: /usr/bin/unzip: cannot execute binary file

sending incremental file list

rsync: change_dir "/mnt/cache/myVPNserver//easy-rsa-master" failed: No such file or directory (2)

 

sent 20 bytes  received 12 bytes  64.00 bytes/sec

total size is 0  speedup is 0.00

rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1165) [sender=3.1.0]

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.