Jump to content
peter_sm

OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)

843 posts in this topic Last Reply

Recommended Posts

If I use the official OpenVPN Connect on my Mac and use the profile without compression I get "TRANSPORT_ERROR".

Share this post


Link to post
3 hours ago, Taddeusz said:

I just installed on my server. I'm trying to get a good client configuration. If I configure with Adaptive compression my Mac complains that LZO compression is deprecated but works fine on both Mac and my iOS devices. If I select LZ4 compression it works fine on my Mac but my iOS devices connect but can't seem to communicate. If I select no compression iOS works fine but my Mac Tunnelblick complains that the ovpn file has unrecognized options or missing parameters. What to do?

 

I'm actually switching from linuxserver.io's Docker. In that configuration I have compression disabled but it works fine.

Adaptive works on my iOS-12 devices.

LZ4 not on iOS-12 devices, was OK previously iOS 

 

Something have been broken in iOS-12 ??

 

Google it and there is a lot of discussion... Check OpenVPN forum for solutions

Share this post


Link to post

I'm trying to assign static IP addresses to VPN clients, how to add client-config-dir do server configuration?

or is there some other way to accomplish this?

Share this post


Link to post

hi  I new to this stuff so I been posting wrong area...

I run  "OpenVPN --config  pfsense.ovpn"   or  "OpenVPN pfsense.ovpn"   

it trys to connect it stops and locks me out of unraid…   Unraid becomes totally useless  locks me out  and locks me out of shares.. till I physically power it down and back up

 

openvpn unraid fault 1a.png

openvpn unraid fault 2a.png

Share this post


Link to post

im also thinking your OpenVPN Unraid version is not compatible to connect to a OpenVPN PFsense Router software.. and then it locks me out of unraid

Share this post


Link to post
On 2/18/2019 at 10:33 AM, blurp76 said:

I'm trying to assign static IP addresses to VPN clients, how to add client-config-dir do server configuration?

or is there some other way to accomplish this?

Ok I found that I can just add:

client-config-dir /mnt/user/appdata/openvpnserver/ccd

to /mnt/user/appdata/openvpnserver/openvpnserver.ovpn

It works fine after creating the ccd folder with various clients configuration

 

The only problem is that any modification on the server config from the gui will overwrite the configuration and remove the client-config-dir.

 

Would it be possible to add some field for custom options in the server configuration gui?

 

Thanks

Share this post


Link to post

Having an issue, just installed, (I can connect on my phone with the client i previously had on it from linuxservers container)

 

On my windows Machines i cant connect it gives an error on the server logs:

Sun Mar  3 16:17:24 2019 us=933773 tls-crypt unwrap error: packet too short
Sun Mar  3 16:17:24 2019 us=933801 TLS Error: tls-crypt unwrapping failed from [AF_INET]166.170.xx.xxx:61646

 

my windows client version is OpenVPN Connect 2.6.0.100, i am kinda figuring it is the client causing it? but i cant find 2.4.6, to my knowledge this plugin does not have a webgui to download the client am i correct?

 

any help is appreciated.

Share this post


Link to post
Having an issue, just installed, (I can connect on my phone with the client i previously had on it from linuxservers container)
 
On my windows Machines i cant connect it gives an error on the server logs:
Sun Mar  3 16:17:24 2019 us=933773 tls-crypt unwrap error: packet too short
Sun Mar  3 16:17:24 2019 us=933801 TLS Error: tls-crypt unwrapping failed from [AF_INET]166.170.xx.xxx:61646
 
my windows client version is OpenVPN Connect 2.6.0.100, i am kinda figuring it is the client causing it? but i cant find 2.4.6, to my knowledge this plugin does not have a webgui to download the client am i correct?
 
any help is appreciated.
Don't use open vpn connect. That is meant for the OpenVPN access server. Use the regular

Sent from my Pixel 2 XL using Tapatalk

Share this post


Link to post

I am fairly new to this so sorry if this is obvious. I finally got everything setup, but am unable to generate the certificates. Any help is appreciated. I had issues with Easy RSA and finally got it installed manually.  The log is showing this: 

 

Quote

spawn ./easyrsa build-ca
spawn ./easyrsa build-server-full server nopass
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 769: ./easyrsa: Permission denied

Let me know if I can provide more information.

Thanks!
 

Share this post


Link to post

I've got everything working perfectly. However i'm not able to figure out how to apply the tunnel to interface eth1 instead of eth0?

Share this post


Link to post

@peter_sm your program doesnt work with Unraid 6.6.7    ive been trying to reinstall it to try to get it to work

but you can save a server cert... but you cant generate certs you cant do the RSA   cant create a Users   and i tried to delete users  but no option had to manually delete it .. but doesnt seem to setup at all under 6.6.7

Share this post


Link to post

@peter_sm I can confirm the plug-in has broken for 6.7.0-rc5. If you could please push an update. :)

Share this post


Link to post

This will have very low priority in my life since I do it on my limited free time.

Share this post


Link to post
On 3/12/2019 at 8:10 PM, comet424 said:

@peter_sm your program doesnt work with Unraid 6.6.7    ive been trying to reinstall it to try to get it to work

but you can save a server cert... but you cant generate certs you cant do the RSA   cant create a Users   and i tried to delete users  but no option had to manually delete it .. but doesnt seem to setup at all under 6.6.7

 

On 3/12/2019 at 11:43 PM, RCFilm said:

@peter_sm I can confirm the plug-in has broken for 6.7.0-rc5. If you could please push an update. :)

I am running 6.6.7, not sure about 6.7.0-rc5, but I have his app set up and running on mine.

 

I am only having 1 issue. OpenVPN app starts with the array on boot up, shows successfully, but I am not able to get a client to connect. It is like the server doesn't respond. I have to manually restart the application and then everything works just fine. But, if unRAID reboots openVPN comes back up but connections don't work again until I manually restart the app. 

Has anyone run into this before? This is my first time encountering this problem.

Share this post


Link to post

@ElBurrito  it worked in 6.6.7 if you had it installed under 6.6.6  and upgraded to 6.6.7    if you uninstall  server  and reinstall it under 6.6.7 you wont be able to set up the client certs etc..

least thats what happened for me...  

Share this post


Link to post
2 minutes ago, comet424 said:

@ElBurrito  it worked in 6.6.7 if you had it installed under 6.6.6  and upgraded to 6.6.7    if you uninstall  server  and reinstall it under 6.6.7 you wont be able to set up the client certs etc..

least thats what happened for me...  

I did have it installed prior to upgrading but I accidentally deleted the config files for it and had issues trying to get it to regenerate certs and client profiles. I ended up removing the app entirely and doing fresh reinstall saved in a new location.

Share this post


Link to post

ah ok ... ya im unable to get certs or RSA to generate when you hit the generate button  in 6.6.7  just server config is only thing that will work  

Share this post


Link to post
2 minutes ago, comet424 said:

ah ok ... ya im unable to get certs or RSA to generate when you hit the generate button  in 6.6.7  just server config is only thing that will work  

Yeah, I did have that problem. I think it was an issue with recognizing that I had extracted the Easy-RSA files in the folder, I believe it was installed in appdata on my cache drives. I reinstalled the app, pointed the folder location for the certs to "/boot/openvpn/", downloaded on of the easy-rsa files, sftp-ed it to my server, unzipped it in "boot/openvpn/" and then renamed the resulting folder "easy-rsa-3.x.x" to "easy-rsa". Once I did that, the "Install RSA Key" button worked and then the generate button worked again.

As far as my other problem I just did a user script to restart the app after booting. At least as a work around for now.

Share this post


Link to post

Hi,

 

Plugin is updated to manage the updates that was on github pages for easyrsa 🙂

 

Share this post


Link to post

Dear All,

is there a way that i can run this plugin in tap mode?

 

Regards

Bengele

Share this post


Link to post

so im having issues  I got the server to run on a remote side unraid.. and on the unraid at home

I run the command prompt   OpenVPN --config mike.ovpn  it partially connects but doesn't finish I don't get the command prompt    and when I press ctrl C then it shows more  

 

root@backupserver:/boot/openvpn# openvpn --config mike.ovpn
Wed Mar 20 23:00:04 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  7 2018
Wed Mar 20 23:00:04 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10
Wed Mar 20 23:00:04 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Mar 20 23:00:04 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 20 23:00:04 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Mar 20 23:00:04 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Mar 20 23:00:04 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]76.75.123.76:1200
Wed Mar 20 23:00:04 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Mar 20 23:00:04 2019 UDP link local: (not bound)
Wed Mar 20 23:00:04 2019 UDP link remote: [AF_INET]76.75.123.76:1200
Wed Mar 20 23:00:04 2019 TLS: Initial packet from [AF_INET]76.75.123.76:1200, sid=41fc641e 67fc7399
Wed Mar 20 23:00:05 2019 VERIFY OK: depth=1, CN=server
Wed Mar 20 23:00:05 2019 VERIFY KU OK
Wed Mar 20 23:00:05 2019 Validating certificate extended key usage
Wed Mar 20 23:00:05 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Mar 20 23:00:05 2019 VERIFY EKU OK
Wed Mar 20 23:00:05 2019 VERIFY OK: depth=0, CN=server
Wed Mar 20 23:00:05 2019 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Wed Mar 20 23:00:05 2019 [server] Peer Connection Initiated with [AF_INET]76.75.123.76:1200
Wed Mar 20 23:00:06 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 20 23:00:06 2019 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.1.1,redirect-gatewaydef1,remote-gateway 192.168.1.8,resolv-retry infinite,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Wed Mar 20 23:00:06 2019 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:3:remote-gateway (2.4.6)
Wed Mar 20 23:00:06 2019 Options error: option 'resolv-retry' cannot be used in this context ([PUSH-OPTIONS])
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: route options modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: peer-id set
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Mar 20 23:00:06 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Mar 20 23:00:06 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Mar 20 23:00:06 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 20 23:00:06 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 20 23:00:06 2019 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=br0 HWADDR=00:0a:e4:8b:e1:e4
Wed Mar 20 23:00:06 2019 TUN/TAP device tun1 opened
Wed Mar 20 23:00:06 2019 TUN/TAP TX queue length set to 100
Wed Mar 20 23:00:06 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Mar 20 23:00:06 2019 /usr/sbin/ip link set dev tun1 up mtu 1500
Wed Mar 20 23:00:06 2019 /usr/sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 76.75.123.76/32 via 192.168.0.1
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.5
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.5
Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Mar 20 23:00:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache optionto prevent this
Wed Mar 20 23:00:09 2019 Initialization Sequence Completed

and see here when I press Ctrl C to exit.. so whats all wrong  

and why doesn't OpenVPN server side ask for a password when I make a user 

Wed Mar 20 23:00:09 2019 /usr/sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Wed Mar 20 23:00:09 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache optionto prevent this
Wed Mar 20 23:00:09 2019 Initialization Sequence Completed
^CWed Mar 20 23:03:34 2019 event_wait : Interrupted system call (code=4)
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 10.8.0.1/32
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 76.75.123.76/32
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 0.0.0.0/1
Wed Mar 20 23:03:34 2019 /usr/sbin/ip route del 128.0.0.0/1
Wed Mar 20 23:03:34 2019 Closing TUN/TAP interface
Wed Mar 20 23:03:34 2019 /usr/sbin/ip addr del dev tun1 local 10.8.0.6 peer 10.8.0.5
Wed Mar 20 23:03:34 2019 SIGINT[hard,] received, process exiting
root@backupserver:/boot/openvpn#

 

Share this post


Link to post

what im trying to do is 

OPENVPN from Unraid to and UNraid 

and then run RYSNC for data transfer 

then disconnect OPENVPN

 

so I having issues

Share this post


Link to post

Hi,

Installed this plugin on 6.6.7, and after changing the settings to what I require, am unable to get a client to connect - I will continue fault finding, but in the meantime, if you set LZO compression to No in the Server Config page, whenever you create files, line 17 is simply a 0.

 

should it be

"comp-LZO No"

or

"comp-LZO 0"?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.