Jump to content
peter_sm

OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)

898 posts in this topic Last Reply

Recommended Posts

Hey

 

After reading 35 page and eyes going a bit funny now i'm still lost as to what OpenVPN Client even does. Installed fine, took the ExpressVPN OVPN configs fine and started the VPN creating a TUN5 with a 10.x.x.x IP. Id say 90% of the posts in this thread are about the server plugin not the client plugin. what i wanted to do was replace the VPN connection my router has to ExpressVPN and set certain devices in my network (through DHCP) to point to the Unraid OpenVPN Client as the gateway to pipe their traffic through the VPN.

 

So please correct me if i'm incorrect.

OpenVPN Client Plugin for Unraid can not be used as a gateway for LAN traffic. I'm guessing it can only be used for Docker traffic and maybe Unraid traffic?

 

Share this post


Link to post
On 8/4/2019 at 7:17 PM, tekmobile said:

Im using OpenVPN client and every so often my modem reboots and my dockers etc lose internet activity because the OpenVPN client disconnected and shows no WAN IP Address and I have to manually stop/start the plugin to reconnect and regain access.

Is it possible to periodically check the connection status and restart/reconnect if disconnected 

 

Is this plugin supported any longer or is there another client like it that people have moved to.  I love using this for it protects my dockers that are running by putting all internet traffic over the OpenVPN server of my provider.  However when the internet goes down, and then comes back up, it will just outright stop working and I need to stop and start my array again. (Can't even get into the GUI of this plugin when it happens.)  I usually only notice the issue has happen when I know a show should have come down and I go and look in Sonnar and sure enough there are a lot things in the waiting queue as it has no internet access.

 

So, one of two things 1) This needs to be able to check for a good connection every X amount of time and if it does not have one, restart the connection to get it back. (Which would be preferred)  Or 2) Does anyone know of a plug-in or something I can set that will just auto restart this every X minutes so at least it auto restarts and thus reconnects if it was down once a day (or whatever) so at least it will connect back and things can work again.  

 

I came here looking as it was down for 4 days!!!  

 

Thanks

Share this post


Link to post
 
Is this plugin supported any longer or is there another client like it that people have moved to.  I love using this for it protects my dockers that are running by putting all internet traffic over the OpenVPN server of my provider.  However when the internet goes down, and then comes back up, it will just outright stop working and I need to stop and start my array again. (Can't even get into the GUI of this plugin when it happens.)  I usually only notice the issue has happen when I know a show should have come down and I go and look in Sonnar and sure enough there are a lot things in the waiting queue as it has no internet access.
 
So, one of two things 1) This needs to be able to check for a good connection every X amount of time and if it does not have one, restart the connection to get it back. (Which would be preferred)  Or 2) Does anyone know of a plug-in or something I can set that will just auto restart this every X minutes so at least it auto restarts and thus reconnects if it was down once a day (or whatever) so at least it will connect back and things can work again.  
 
I came here looking as it was down for 4 days!!!  
 
Thanks
Mine seems to be working...d1f0b5c661d278b976d187d7ed4aec03.jpg

Sent from my LM-V405 using Tapatalk

Share this post


Link to post

You misunderstood the post.  I did not say it was not working, I was saying, as another has point out, that it can STOP working if your internet service goes down and then comes back up.  If the internet goes down, this plugin seems to just stop and does not reconnect after the internet is restored.

Share this post


Link to post
You misunderstood the post.  I did not say it was not working, I was saying, as another has point out, that it can STOP working if your internet service goes down and then comes back up.  If the internet goes down, this plugin seems to just stop and does not reconnect after the internet is restored.
Ohhhh my bad. I was looking for a killswitch app that would kill all dockers running if the vpn client went down as well. Is that what you're thinking too?

Sent from my LM-V405 using Tapatalk

Share this post


Link to post
3 minutes ago, cbr600ds2 said:

Ohhhh my bad. I was looking for a killswitch app that would kill all dockers running if the vpn client went down as well. Is that what you're thinking too?

Sent from my LM-V405 using Tapatalk
 

Nope...I am looking for this VPN Plugin to either check the connection and restart itself if there is no connection in hopes it then reconnects, if not, rinse and repeat.  OR I am looking for something that I can use that would stop this VPN plugin and restart it ever X number of minutes as a "just in case" thing. 

 

When this VPN Plugin fails...it fails. No more traffic. POOF! Dead!  Nadda!  Nothing running on the UnRIAD server then can use the Internet until you restart or turn off the VPN. (Which sometimes you can't get into via the GUI.)  

Share this post


Link to post
Nope...I am looking for this VPN Plugin to either check the connection and restart itself if there is no connection in hopes it then reconnects, if not, rinse and repeat.  OR I am looking for something that I can use that would stop this VPN plugin and restart it ever X number of minutes as a "just in case" thing. 
 
When this VPN Plugin fails...it fails. No more traffic. POOF! Dead!  Nadda!  Nothing running on the UnRIAD server then can use the Internet until you restart or turn off the VPN. (Which sometimes you can't get into via the GUI.)  
The GUI of the vpn client or unraid?

Sent from my LM-V405 using Tapatalk

Share this post


Link to post

The VPN Client Plug-in GUI under SETTINGS/Network

90% of the time when it has this issue you can't get into it to stop and restart it.  You need to stop the array and then start it again. (Assuming you have the setting to stop the VPN when the ARRAY is stopped.)

Edited by David Bott

Share this post


Link to post
The VPN Client Plug-in GUI under SETTINGS/Network
90% of the time when it has this issue you can't get into it to stop and restart it.  You need to stop the array and then start it again. (Assuming you have the setting to stop the VPN when the ARRAY is stopped.)
I've never experienced it but I'll keep an eye out. I've only had this client running for a few weeks but am nervous about what would happen if it goes out and i don't know. How do you know it goes out? Is there a setting to notify you that I missed?

Sent from my LM-V405 using Tapatalk

Share this post


Link to post

As I mentioned, I only KNOW when I happen to notice a TV show I expected to come down has not.  "hummm....Where is X show? It was on 3 nights ago."  So I go and look at Sonnar and see that it was missed along with everything else from X point in time.  At that point you realize nothing running on the UnRAID server can reach the internet as the Plug-in has crashed. 

 

You can make it happen.  Just go unplug your router for about 15 mins. (Not sure on how much time it needs to fail though.)  Then plug it back in.  Your phones and computers have Internet just fine...But check the UnRAID server and see if you can reach the Internet even for plugin update or docker update checks.  Nope.  Nothing.

 

Try then going into the SETTINGS/NETWORK/OPEN VPN and see if you can get to it.  Usually when it happens I can't.  However the default setting is to close it out if you stop the array...So if you do that, and then restart the array, it will all then just work again. (until the next time you loose internet for some reason.)

Share this post


Link to post

Kind of surprised that there has been no reply.  So I am guessing this plugin is not really supported any longer which is a shame it was was imple to setup and it just worked. (Unless, as I mentioned, you loose internet then it all goes down. )  

 

I am surprised that not one has mentioned this or has not suggested a fix or work around.  

 

Is there something else that people are using to send the Docket traffic through a VPN provider?

 

Thanks

Share this post


Link to post
1 hour ago, David Bott said:

Is there something else that people are using to send the Docket traffic through a VPN provider?

Yes, @binhex has a full lineup of VPN enabled containers.

Share this post


Link to post

Thank you, I will need to see if @binhex has anything that does a OpenVPN client for server.  All I need is what this one did...Just let the dockers go though the VPN I have told the server to go through.  (Client mode needed more or less.)  

 

Update...Does not look like it. But he does have things that have VPN built in.  This one does it for all of the server.

Edited by David Bott

Share this post


Link to post
22 hours ago, David Bott said:

Thank you, I will need to see if @binhex has anything that does a OpenVPN client for server.  All I need is what this one did...Just let the dockers go though the VPN I have told the server to go through.  (Client mode needed more or less.)  

 

Update...Does not look like it. But he does have things that have VPN built in.  This one does it for all of the server.

Can this be something try for the killswitch ?

 

Share this post


Link to post

I had issues getting this to work also, so I moved away from it and found dockers with VPN built in. There is also another option I was running for a bit and that was a VM just for vpn and pointed the dockers to that connection. Search for "Spaceinvader One" on youtube he has a lot of good videos. 

 

Here is the one on a vpn vm: 

 

 

But here is another option from him I just seen that might help also (Have not tried it). 

 

 

 

 

Share this post


Link to post

@peter_sm - Not really looking for a KILL SWITCH.  Looking for something that sees the network is down and restarts it. Right now if this OPENVPN Client looses internet, everything stops.  POOF.  No way to know it unless you look as to why things you expect to happen are not.

 

@almulder - Thanks...But I can't run a VM on my box and the second one reads SERVER.  This is is CLINET connection. 

Share this post


Link to post

@peter_sm

How can I remove this? I attempted to install via the Community Applications, however it failed with

Warning: file_put_contents(): Only 0 of 1 bytes written, possibly out of free disk space in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 299
plugin: unable to create file: /var/log/plugins/openvpnserver

But it's still partially installed (I have "OpenVPN Server TUN mode" in my Settings page now, which is non-functional) and does not show up under Plugins, so I can't remove it!

Edited by kronflux
Help!

Share this post


Link to post

@peter_sm Someone asked me via chat about this...

 

Hey David - Have you seen this?  I haven't been able to try it out -

https://forums.openvpn.net/viewtopic.php?t=8062

 

It is in regards to OpenVPN and reconnecting using "keepalive" and "ping-restart" options etc...From the above post...

 

"...if the connection is already established and the tunnel goes down then openvpn will try to reconnect as long as things like 'keepalive' or 'ping-restart' are set, as well as 'persist-key' and authentication caching." 

 

So...There is a openvpnclient.cfg file located on the flash drive under /config/plugins/openvpnclinet as you know, however there are no such settings other than what is in the main setup of the plugin GUI...

 

USER="whatever"
PASS="whatever"
START_ON_MOUNT="yes"
PLG_EXT="no"
PLG_PASSWORD="yes"
OVPNCHOOSE="/boot/openvpn/dal-a04.ovpn"
DISCONNECT_ON_UMOUNT="yes" 

 

So not sure how we could use "keepalive" and "ping-restart"  etc as we have no setting for it to pass such options.

 

Can you maybe look into such options as it may be all that is missing.  As mention, this plugin works great...until you loose internet for X amount of time then the server no longer has internet.  So we just need a way for it to check itself and this may be just the ticket.  Can you be of help?

 

Thanks

Edited by David Bott

Share this post


Link to post

keepalive what I know is a server function. But try to add these to the ovpn file saved on /boot/openvpn and see if it helps

Share this post


Link to post
6 hours ago, peter_sm said:

keepalive what I know is a server function. But try to add these to the ovpn file saved on /boot/openvpn and see if it helps

@peter_sm Thanks for the thought of modifying the actual openvpn server file you want to use.  Before I tried that I took a closer look at the connection log, via your plug-in, and did see this line...

 

Sat Oct 26 07:36:18 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,comp-lzo no,route-gateway 172.21.92.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.92.25 255.255.254.0,peer-id 0,cipher AES-256-GCM'

 

...so it seems that ping and ping-restart are part of it yet does not seem to solve the issue. BTW... I did also try adding the lines to the file to different settings, but after stopping and starting the OPENVPN client again, the same values showed up in the log.  So it does not seems to be part of that file. So not sure where these settings are being set from as it dies not seem to be the server.ovpn files. 

 

I did happen to notice also that it reads... 

 

Sat Oct 26 07:36:17 2019 OpenVPN 2.4.6 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  7 2018
Sat Oct 26 07:36:17 2019 library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.10

 

...wondering if i does not need to be updated? (It may be current for all I know.)

 

Otherwise the plug-in does just perfect for what I wanted.  Something that puts my UnRAID internet traffic through a VPN and it does that.  Even updates for docker files or plugins all use the VPN.  But the issue is, once you loose internet for X amount of time, it will not redo the tunnel and your entire server does not have access to the Internet. (You can still reach it from inside the network of course.)  The GUI also stops working.   (Side note....At least on mine, when I choose to STOP the OpenVPN service the says Stopping but then the screen becomes empty from the UnRaid Menu bar down. You need to click on SETTINGS and the OPENVPN Client option again to go back in and see if it stopped.  No biggie...but just a heads up.)

 

But the big thing is it not coming back up.  Sometimes I may not notice for days and have things stacked up to come down.

 

If you may care to look into this, I am happy to test.  If not, I understand as it has not been touched in some time but is really the open option I have found that does the server as a client in one easy to setup, understand, and use plug-in.     

 

You also mentioned "keepalive what I know is a server function" ... Just don't seem to see a setting for that anywhere.

 

Thank you again.

Share this post


Link to post
On 10/9/2019 at 7:04 AM, vampyre_masquerade said:

So please correct me if i'm incorrect.

OpenVPN Client Plugin for Unraid can not be used as a gateway for LAN traffic. I'm guessing it can only be used for Docker traffic and maybe Unraid traffic?

 

 

As far as i see when enabled it will route *all* the unraid traffic trough the VPN.

As you i've been looking around like a maniac for a container actiong as a VPN Gateway but without any luck (also in hub.docker.com there's none). 

My solution has been to make up a VM with ubuntu server and configure it as a VPN Gateway. Wasted resources but i really don't have the time to study how to build a container to do the same job.

C.

Share this post


Link to post
Hi, Thx for the great Plugin, maybe you can add an Option to switch between Tun and Tap mode.
I create a fork on Github with ethernet bridging istead tun.
 
https://raw.githubusercontent.com/DeBaschdi/openvpnserver/master/openvpn_server_x64.plg
 
ofcourse, it was an speed mod, lot of thinks can be done better...
 
Lg

We might make the plugin support both ? I have no way to verify TAP. And my time is limit for time being. Good work !


Skickat från min iPhone med Tapatalk

Share this post


Link to post

I'm using the Server plugin (Great work btw! Love it :D)

 

I'm trying to connect multiple devices with one profile, which needs the "--duplicate-cn" option. However I can't figure out how to enable this feature, neighter command line nor web-interface.

Share this post


Link to post

Sorry guys, but i can't find the boot folder for the ovpn File as described in the first post. On my unraid Server the only boot folder is on flash/EFI-/boot

 

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.