OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

OpenVPN Server: Is there any interest to have Elliptic Curve Cryptography (ECC) support added to this plugin?

 

Elliptic Curve cryptography offers both better performance and higher security than the first generation widely used RSA.

 

 

btn_donate_LG.gif

Edited by peter_sm
Link to comment

That would be useful.

On a side note, when I turn on tls-crypt openvpn defaults to the latest version of OpenSSL 2.4.3 and it Tunnelblick on my Mac I can change the OpenVPN version manually to whatever I need. However, the OpenVPN app I use on my iPhone only allows OpenVPN versions of 2.3.17 or lower. So if I have tls-crypt turned on I can only use Open VPN on my Mac and not my iPhone. So if you added Elliptic Curve to the app would it cause a similar issue? Because I would like to use tls-crpyt and Elliptic curve but I have to have Open VPN working on my iPhone as well so I can't right now.

Link to comment

@peter_sm I greatly appreciate the work you've done on this plugin. I've used it for a year and it's been simple and always working. Thank you.

In light of what I'm about to say, having not expressed that to you previously, I feel to blame for the changes you most recently added to the plug-in.

 

In the most recent version of the plugin, the release notes say 'support form link' to here, but this thread. And the is now also a donate button. Screenshot attached.

 

- No issues with the support link, others place it where you did as well. Be aware there is a whole description field though on the plugins page that's not being used. See other screenshot attached. Maybe you want to add something there, also with a link, or move the link there.

 

- The donate button. I'll gladly by you some beers. I love the work you put into this plug-in. But please, put it here in the forum in your first post, not in the plug-in itself. I don't run ad-blocker with UnRaid. I don't want to have to do that for your plugin or the 15 others that follow your lead and do this too.

 

I have auto-update of plug-ins and docker containers disabled out of fear the code might not be fully tested. I don't want to have to add donation solicitations or advertisement to the list of fears.

 

Peter I politely ask you to please consider and roll back your changes.

OpenVPN_Donate.JPG

OpenVPN_Plugin.JPG

Link to comment
1 hour ago, Lev said:

- The donate button. I'll gladly by you some beers. I love the work you put into this plug-in. But please, put it here in the forum in your first post, not in the plug-in itself. I don't run ad-blocker with UnRaid. I don't want to have to do that for your plugin or the 15 others that follow your lead and do this too.

Then you must be really annoyed with the apps tab.  Probably 60-70% of the apps in the description have a donate link underneath them.  Not to mention that there's places within CA itself that offers a donate for CA itself.

 

Link to comment

I'm currently unable to install this plugin:

 

plugin: installing: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg
plugin: downloading https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg
plugin: downloading: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg ... done
plugin: downloading: https://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.6-x86_64-1.txz ... failed (Invalid URL / Server error response)
plugin: wget: https://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.6-x86_64-1.txz download failure (Invalid URL / Server error response)

 

I'm guessing this needs to be changed to https://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.7-x86_64-1.txz as 8.6.6 is no longer available.

 

Thank you for the awesome plug in!

Link to comment
5 hours ago, swyn said:

I'm currently unable to install this plugin:

 

plugin: installing: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg
plugin: downloading https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg
plugin: downloading: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg ... done
plugin: downloading: https://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.6-x86_64-1.txz ... failed (Invalid URL / Server error response)
plugin: wget: https://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.6-x86_64-1.txz download failure (Invalid URL / Server error response)

 

I'm guessing this needs to be changed to https://mirrors.slackware.com/slackware/slackware64-current/slackware64/tcl/tcl-8.6.7-x86_64-1.txz as 8.6.6 is no longer available.

 

Thank you for the awesome plug in!

Plugin updated with new tcl packages.

Link to comment
  • 2 weeks later...

Hello, peter_sm. I've used your openvpn plugin for a long time now with great success. I've recently completely wiped and re-created my unraid server so I just started a fresh install of this plugin. After generating the server certs and keys my console says this:

 

cp: cannot stat '/mnt/user/addonfiles/plugins/openvpn//easy-rsa/easyrsa3/pki/issued/server.crt' :no such file or directory.

I think the "//easy-rsa" is the issue here. If I attempt to create a client, the log outputs this, although, when I go to /easyrsa3/pki/issued and ls it, there's nothing in there.

 

Adding client:  test
spawn ./easyrsa build-client-full test nopass
Generating a 2048 bit RSA private key
........................................+++
...................................+++
writing new private key to '/mnt/user/addonfiles/plugins/openvpn/easy-rsa/easyrsa3/pki/private/test.key.XXXXe88HYH'
-----
Using configuration from ./openssl-1.0.cnf
Enter pass phrase for /mnt/user/addonfiles/plugins/openvpn/easy-rsa/easyrsa3/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'test'
ERROR: adding extensions in section default
47021822819864:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125:
47021822819864:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=copy_extensions, value=copy

Easy-RSA error:

signing failed (openssl output above may have more detail)
cp: cannot stat '/mnt/user/addonfiles/plugins/openvpn//easy-rsa/easyrsa3/pki/issued/test.crt': No such file or directory
you got only one client script, instead of script plus 4 keys and certs
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./test.crt: No such file or directory
cp: cannot stat 'test.crt': No such file or directory
rm: cannot remove 'test.crt': No such file or directory
Done Inline file !

and no cert is created.

 

Any help would be greatly appreciated.

Edited by naturalcarr
Link to comment
38 minutes ago, naturalcarr said:

Hello, peter_sm. I've used your openvpn plugin for a long time now with great success. I've recently completely wiped and re-created my unraid server so I just started a fresh install of this plugin. After generating the server certs and keys my console says this:

 


cp: cannot stat '/mnt/user/addonfiles/plugins/openvpn//easy-rsa/easyrsa3/pki/issued/server.crt' :no such file or directory.

I think the "//easy-rsa" is the issue here. If I attempt to create a client, the log outputs this, although, when I go to /easyrsa3/pki/issued and ls it, there's nothing in there.

 


Adding client:  test
spawn ./easyrsa build-client-full test nopass
Generating a 2048 bit RSA private key
........................................+++
...................................+++
writing new private key to '/mnt/user/addonfiles/plugins/openvpn/easy-rsa/easyrsa3/pki/private/test.key.XXXXe88HYH'
-----
Using configuration from ./openssl-1.0.cnf
Enter pass phrase for /mnt/user/addonfiles/plugins/openvpn/easy-rsa/easyrsa3/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'test'
ERROR: adding extensions in section default
47021822819864:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125:
47021822819864:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=copy_extensions, value=copy

Easy-RSA error:

signing failed (openssl output above may have more detail)
cp: cannot stat '/mnt/user/addonfiles/plugins/openvpn//easy-rsa/easyrsa3/pki/issued/test.crt': No such file or directory
you got only one client script, instead of script plus 4 keys and certs
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./test.crt: No such file or directory
cp: cannot stat 'test.crt': No such file or directory
rm: cannot remove 'test.crt': No such file or directory
Done Inline file !

and no cert is created.

 

Any help would be greatly appreciated.

Hi,

 

It's an easyrsa issue!  Some updates have been made, it works on a old easyrsa release, and crash on the latest.

 

I will take a look in the evening what the problem is!

 

BR

Peter

Link to comment
On 12/08/2017 at 4:48 PM, Lev said:

- The donate button. I'll gladly by you some beers. I love the work you put into this plug-in. But please, put it here in the forum in your first post, not in the plug-in itself. I don't run ad-blocker with UnRaid. I don't want to have to do that for your plugin or the 15 others that follow your lead and do this too.

 

I have auto-update of plug-ins and docker containers disabled out of fear the code might not be fully tested. I don't want to have to add donation solicitations or advertisement to the list of fears.

 

 

Could abandon free open source software and just pay for proprietary software that doesn't have donation buttons or require you to review the code before you feel you can safely use it.  @peter_sm has produced this plugin and maintained for a good long time, and you're complaining about him putting a donation button in the plugin?

 

I also produce a plugin, as does @Squid which has a donation button in it, we do so as we need to solicit donations to cover costs in linuxserver's case.  Unfortunately without making the donation button rather obvious people don't tend to donate at all.

 

The only way to alleviate all your fears would be to compile the kernel yourself, after ensuring all proprietary blobs in the firmware of your PC are removed and truly libre.  Then every program you run, use only free open source stuff and review ALL the code before building it all from source locally. Not trying to take the mick here, but any illusion you have of being careful, is just that, an illusion.  Not to mention Unraid itself, whilst mostly open source, has proprietary non-open source code in it, so probably doesn't even fit the bill right off.

 

In reality, very few, if any of us, have the knowledge to do that, I certainly don't, very far from it.

 

Out of interest, when do you deem it safe to update?  A week later and if nobody else has had problems?  Which is labour intensive and would work, but has the downside that you will be behind on any security fixes pushed downstream and vulnerable to them for a week longer.  Upsides and downsides, and I guess it depends on what you view of the risks and benefits of each of those courses of actions.

Edited by CHBMB
  • Upvote 1
Link to comment
4 minutes ago, CHBMB said:

Unfortunately without making the donation button rather obvious people don't tend to donate at all.

 

You are bringing up some ideas?

 

None of my plugins have a donation button, but I do give the oppertunity to donate in the OP of the Dynamix plugins topic on this forum. If the number of donations is any indication of how many people are using my plugins, I must conclude they are not very popular, less than ten people are using them :o

Link to comment
1 minute ago, bonienl said:

 

You are bringing up some ideas?

 

None of my plugins have a donation button, but I do give the oppertunity to donate in the OP of the Dynamix plugins topic on this forum. If the number of donations is any indication of how many people are using my plugins, I must conclude they are not very popular, less than ten people are using them :o

 

And I'm one of them ten! lol

 

Link to comment
11 hours ago, bonienl said:

 

You are bringing up some ideas?

 

None of my plugins have a donation button, but I do give the oppertunity to donate in the OP of the Dynamix plugins topic on this forum. If the number of donations is any indication of how many people are using my plugins, I must conclude they are not very popular, less than ten people are using them :o

I'm not that far ahead of you either.

 

Personally I feel that any author has the right to put a donate button wherever they choose.   My own choices is that it's there on every plugin but usually hidden within the help text so as to not annoy everyone with it constantly in the users face.

Link to comment

The plugin has been working great for a long while.  But about 2 or 3 updates ago, I'm now getting this error:

 

sudo: openvpn: command not found

 

status windown on the bottom:

update_ovpn_interface
Updating the ovpn file...
auth-user-pass /boot/config/plugins/openvpnclient/password.txt
The ovpn file already has the option --> /boot/config/plugins/openvpnclient/password.txt
status /tmp/openvpn/openvpn-status.log
The ovpn file already has the option --> status /tmp/openvpn/openvpn-status.log
Changing to the folder where the openvpn config files belong
/boot/openvpn
Starting Openvpn Tunnel: Please Wait...
Not connected! tun5 not established!!!

 

I'm still able to use my same VPN creds elsewhere, it's only with this plugin.

 

And it was working great before, so I haven't moved anything around.

 

Any thoughts?

 

Thanks

 

 

Edited by iamtheoneyouknowbest
spelling
Link to comment
56 minutes ago, iamtheoneyouknowbest said:

The plugin has been working great for a long while.  But about 2 or 3 updates ago, I'm now getting this error:

 

sudo: openvpn: command not found

 

status windown on the bottom:

update_ovpn_interface
Updating the ovpn file...
auth-user-pass /boot/config/plugins/openvpnclient/password.txt
The ovpn file already has the option --> /boot/config/plugins/openvpnclient/password.txt
status /tmp/openvpn/openvpn-status.log
The ovpn file already has the option --> status /tmp/openvpn/openvpn-status.log
Changing to the folder where the openvpn config files belong
/boot/openvpn
Starting Openvpn Tunnel: Please Wait...
Not connected! tun5 not established!!!

 

I'm still able to use my same VPN creds elsewhere, it's only with this plugin.

 

And it was working great before, so I haven't moved anything around.

 

Any thoughts?

 

Thanks

 

 

sudo: openvpn: command not found

 

This indicates that you don't have the openvpn packages installed, pleas check your flash drive for defects. And add the syslog.

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.