Jump to content
peter_sm

OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)

819 posts in this topic Last Reply

Recommended Posts

Generating some 4096 RSA certs - should more than one thread be getting allocated?

 

Cheers

 

Duggie

Share this post


Link to post
On 6/30/2018 at 2:13 PM, Ashe said:

Hi Peter

Just a heads up that iOS seems to prefer a *.ovpn12 file now rather than the *.p12 file. No problem with renaming the generated *.p12 file and it then imports fine


Sent from my iPhone using Tapatalk

Thank you for this! I was getting completely stuck following the instructions in the readme that's generated with the cert.

Share this post


Link to post

Is there any way to push a user-specified DNS server?

 

I have a Pi-Hole running on my LAN and I'd like my connected devices to use it's DNS IP address instead.

 

This allows me to block ads on my connected iOS devices and for local name resolution - really useful.

Share this post


Link to post
21 hours ago, ThatDude said:

Is there any way to push a user-specified DNS server?

 

I have a Pi-Hole running on my LAN and I'd like my connected devices to use it's DNS IP address instead.

 

This allows me to block ads on my connected iOS devices and for local name resolution - really useful.

I figured out a workaround to set the DNS from the client side, open the ovpn file and add the following directives.

#ipv4
pull-filter ignore "dhcp-option DNS"
#ipv6
pull-filter ignore "dhcp-option DNS6"

# put prefered dns name here
dhcp-option DNS 192.168.0.200

 

 

Share this post


Link to post

Is it possible to separate configuration form, to be able to set different port and address for the server to operate on, and different port to be input into user configs? I have my OpenVpn server running on power 1194 internally, but it is visible outside on port 443 using a dynamic dns name. With current config it is impossible to automatically generate working configs for the clients.

Share this post


Link to post

I am now getting this error"

 

openvpn: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory
 

Share this post


Link to post
8 hours ago, bhman79 said:

openvpn: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

What version Unraid and what version plugin?

Share this post


Link to post
2 hours ago, trurl said:

What version Unraid and what version plugin?

Unraid 6.4.1

Plugin 

2019.02.09

Update of OpenVPN packages to 2.4.6-2

Share this post


Link to post
3 hours ago, trurl said:

What version Unraid and what version plugin?

I upgraded to the newest Unraid and it fixed the problem.  Thanks!

Share this post


Link to post
Posted (edited)

Hi @all,

 

how can i root a specific ip with a nordVPN ovp file?

I got set my jDownloader Docker to a specific IP but how can i edit my ovpn file to route only this ip?

or what a file must i edit?

Edited by Snickers

Share this post


Link to post

Hey all!

 

Is there an updated link for the client configuration guide?

 

I'm trying to get this setup so that all traffic from only 1 interface (I have two setup NOT bonded) will pass be routed through the vpn tunnel.

 

I'm now stuck on the first step of getting the plugin to connect.  I tried to go to the link on the first post for client config guide, but it doesn't take me anywhere.  Is there a new one?

 

Thanks!

Share this post


Link to post

Hi @all,

 

i use the openvpn Client with NordVPN. This works fine but how can i route to the internal IP from outside? Or how can i use the client for a specific Ip/Docker?

Share this post


Link to post

Every time I restart my Unraid server, the OpenVPN is unconnectable, I have to restart it manually. These are the logs before the restart:

Sat May 11 21:48:26 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  7 2018
Sat May 11 21:48:26 2019 library versions: OpenSSL 1.1.1b  26 Feb 2019, LZO 2.10
Sat May 11 21:48:26 2019 Diffie-Hellman initialized with 2048 bit key
Sat May 11 21:48:26 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat May 11 21:48:26 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat May 11 21:48:26 2019 TUN/TAP device tun0 opened
Sat May 11 21:48:26 2019 TUN/TAP TX queue length set to 100
Sat May 11 21:48:26 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat May 11 21:48:26 2019 /usr/sbin/ip link set dev tun0 up mtu 1500
Sat May 11 21:48:26 2019 /usr/sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Sat May 11 21:48:26 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat May 11 21:48:26 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat May 11 21:48:26 2019 TCP/UDP: Socket bind failed on local address [AF_INET]172.16.0.10:1194: Cannot assign requested address (errno=99)
Sat May 11 21:48:26 2019 Exiting due to fatal error
Sat May 11 21:48:26 2019 Closing TUN/TAP interface
Sat May 11 21:48:26 2019 /usr/sbin/ip addr del dev tun0 10.8.0.1/24

Any idea what this might be about?

 

Also, a request, can you make it possible to renew the CRL certificate? It expires after a year and it's not that easy to renew manually when you don't know what you're doing. I managed somehow but other people may not.

Share this post


Link to post
1 minute ago, Krzaku said:

I have to restart it manually.

Just for kicks, set OpenVPN to have a delay of 30 seconds before starting.  Does it make a difference?

Share this post


Link to post
4 minutes ago, Squid said:

Just for kicks, set OpenVPN to have a delay of 30 seconds before starting.  Does it make a difference?

There is no option for that in the plugin, I can only enable or disable autostart.

Share this post


Link to post
5 hours ago, Krzaku said:

There is no option for that in the plugin, I can only enable or disable autostart.

Ah.  Thought you were running the docker app.

Share this post


Link to post

I haven't a clue what you are talking about Extensions' page? where is that? How do you get their? Theirs no such page on the client! This really suks!

Share this post


Link to post
6 hours ago, megna22 said:

I haven't a clue what you are talking about Extensions' page? where is that? How do you get their? Theirs no such page on the client! This really suks!

If you're talking about this from the OP:

On 9/26/2014 at 11:37 AM, peter_sm said:

To install.

Install the plugins, go to the 'Extensions' page

 

Then that means the plugins tab.  (Or, simply go to the Apps tab instead -> even easier)

Share this post


Link to post
On 1/12/2017 at 3:56 PM, jonathanm said:

Yeah, I understand what you want, it's just a bad idea unless you know exactly what you are doing. The VPN service does not firewall the endpoint connection, so theoretically connecting to them allows other vpn users on the same network node free access to your system totally bypassing your router, since unraid doesn't have a built in firewall.

 

I personally would never risk it. Binhex's dockers go to great lengths to ensure isolation and security, to make sure VPN traffic doesn't leak out of the docker, or vice versa.

 

Network security is hard. Too many ways for things to go wrong, and not many ways to do it right.

Hmmm, on that note: if I connect to my VPN _per docker_ that means I'm multiplying my VPN overhead, depend on binhex' release schedule (not implying anything, just saying that I'm totally new to unRAID AND Docker so just throwing out there what's crossing my mind) and then there's the issue with not every application desirable being available as binhex vpn docker.

 

I've seen that you can use a docker like that as proxy for other dockers, but my line of thought is that I'm relying on the application within a docker to apply the proxy connection leaving possible (unknown) background processes un-routed through the proxy.

 

The beauty (but also a pain point in other ways) of VPNs on a classic desktop is after all a one-setup experience. Connect once, route everything or nothing.

 

Major application missing an obvious VPN path to me right now is jDownloader.

 

Theoretically I could just set up a VM, install my VPN's application in there, add the applications I want to the mix and have them all download to a share. Waaaaaaaaay less elegant, but at least a catch-all approach. The VM itself would obviously be configured with a firewall. Is that a lot of overhead? Sure is. Is that a great concern? Well.... 16 physical cores and 48GB of RAM say: we can do it. Despite all of that, I'd still favor the leanest approach for obvious reasons. Surely there's something I'm missing or something I misunderstood?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.