OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

956 posts in this topic Last Reply

Recommended Posts

On 11/18/2020 at 6:39 PM, MrLinford said:

Wed Nov 18 18:34:10 2020 OpenVPN 2.4.8 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 30 2019
Wed Nov 18 18:34:10 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
Wed Nov 18 18:34:10 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.52.1:1198
Wed Nov 18 18:34:10 2020 UDP link local: (not bound)
Wed Nov 18 18:34:10 2020 UDP link remote: [AF_INET]212.102.52.1:1198

I have found that the VPN is giving the above, and i see others have the same issue.

How can I resolve this?

I finally got some time to look at this, ended up having to download new OpenVPN setting from my VPN provider

Link to post
  • Replies 955
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I have updated the OpenVPN Server & Client plugins for the V6.2+ plugin manager. Post all issue you have in this thread !! To install. Install the plugins, go to the 'Extensions' pa

Had the same issue, you need to edit that line and replace "-f16" with "-f14". Install works great after this edit. Github probably modified its HTML.

Hi,   I changed from OpenVPN AS from Linuxservers to yours. At first, good job Everything is working fine for me at the moment.   But I have one question, maybe I oversee som

Posted Images

On 11/12/2020 at 8:53 PM, baldfox said:

 

*** EDIT: i restarted the server again but now am getting the blank install rsa key management package issue as a few posts above. I managed to manually install easyrsa, but am stuck with generating server certs... it just loops without actually generating as far as I can tell ***

 

 

 

same issue for me. i got a feeling this plugin will soon be unmaintained due to WG

Link to post
On 7/2/2020 at 4:44 PM, jppanchaud said:

Hello all,

 

Apologies, I am completely stuck and fear I am asking a simple question...

 

1. Plugin installed

2. Cert & misc settings tab - valid appdata folder, click update list of easyRSA, select the latest version. It downloads to my PC.

3. Main OpenVPN server tab - "Easyrsa is not downloaded". Click on "install rsa key management package". 

4. Screen reloads but nothing changes. It still says "Easyrsa is not downloaded".

 

I've looked everywhere but can't find what I have done wrong. Any help greatly appreciated!

Hello, I am having the same issue, but when I scroll down in this thread I'm not sure I understand the solution.

 

I also have the exact same 4 points from the quote above.

 

Has anyone else run in to this and been able to fix it?

 

Thank you,

Link to post
22 hours ago, ppompili said:

 

Has anyone else run in to this and been able to fix it?

 

Thank you,

 

i honestly gave up on this plugin because latest issues with it and just moved over to using wireguard. it  does not suit everyone's needs i know that and i had never even heard of it until someone mentioned it in this thread. but it was easy to setup and its fast as hell from all the testing i have done with it.

Edited by fujitsubo
Link to post

It is super confusing, took me an hour to figure this out.  Partly because the download/install of easy-rsa isn't working.  To by pass that step,.. do the following;

- Downloaded the easy-rsa v.3.0.5. 

- Unzip it and placed in the /mnt/user/appdata/openvpn-server/ directory. (or wherever your openvpn directory is)

- name the downloaded folder easy-rsa (i.e. /mnt/user/appdata/openvpn-server/easy-rsa)

- Don't press Install RSA Key buttom,.. the above step essentially installed the RSA.  pressing again will delete the existing folder and download a index.html page broken link...  (don't ask how many times I pressed that button... :()

- ssh in and run chmod +x /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa to make it executable.

- Press Generate the server certificates and keys.

wait for a while.. eventually you will see green text on screen when it generates certs.

 

hope this helps

Link to post
On 12/9/2020 at 7:43 PM, LeoRX said:

- ssh in and run chmod +x /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa to make it executable.

 

Thank you for this. This looks like the key to fixing my issue. My easyrsa was in a different directory, but after chmod, it allowed me to pass through. I did indeed need to wait 2-3 minutes for the certs to be generated. Thanks again for the reply!

 

Link to post

Well, I found a quick fix for the broken easy-rsa download if anyone wants to use it. It worked for my system but I don't know if it will work for yours (although it should).

 

1) Go to your the scripts directory in your plugin installation directory it should be located in:

 /usr/local/emhttp/plugins/openvpnserver/scripts

 

2) Use nano (or your favorite text editor) to edit the rc.openvpnserver script.

 

3) Using your text editor scroll down until you hit a function called "openvpnserver_get_easy", in this function you will want to make the following changes:

delete or comment out:

wget $EASYRSA_DL_VERSION line, this command is causing problems since an earlier curl does not work properly.

replace this line with this command:

wget "https://github.com/OpenVPN/easy-rsa/archive/master.zip"

And, that's it!.

 

After you save the script you can run the following command to download easy rsa, or you could click on the GUI's button. Your choice: 

./rc.openvpnserver download_easy-rsa

 

 

It is worthy to note that this is a more or less patchwork solution, while it works now I do not know how long it will remain that way. If you have any suggestions or questions, leave a response.

 

Good luck!.

 

Edited by Imperioous
Link to post
  • 2 weeks later...

Hi,

 

I just want to point out two options which I believe are incorrectly set in the server configuration (2 errors are generated in the client log when connecting to the server):

 

push "resolv-retry infinite" : resolve -retry is used on the client side before connecting to the vpn server, so it cannot be pushed to the client

push "remote-gateway <IP>" : no such option seems to exist (see https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/). I believe the already existing "push "redirect-gateway def1"" option is what was meant.

 

I commented out these 2 lines with a "#" and the errors no longer show up in the client log.

 

Besides that, the plugin works fine on my side as of today (01/01/2021 on Unraid 6.8.3), so thank you very much to the author ;-).

 

Besides, if I may suggest a new feature: it would be nice if one could more easily bypass the easy-rsa and certificate creation process. I already have my CA certificate and use another system to manage my servers/users certificates and keys and it was a bit difficult to make the plugin understand that they already existed.

 

If one is interested : the trick is to not only put all your certs and key in the /mnt/user/appdata/openvpn-server (or whichever other folder you selected) but also to put a ca.cert and dh.pem file in /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa3/pki in order to trick the plugin into thinking that the rsa key creation completed successfully on the machine.

 

Best,

OP

Edited by Opawesome
Link to post

@peter_sm Sorry for the dumb question but how do I uninstall it?

I installed it via Community Apps. It shows from the install logs that it is installing as a plugin. I see it listed under Settings as 

"OpenVPN Server TUN mode"

When I look under the Installed Plugins page, I don't see it. I only see the OpenVPN Client that I installed a while ago by the same author.

 

 

image.png.cbf1515ef26517cd270a707428e1001b.png

 

 

image.thumb.png.849f5acd8777d07c6e96279d6038346a.png

Link to post
On 12/19/2020 at 8:13 PM, Imperioous said:

Well, I found a quick fix for the broken easy-rsa download if anyone wants to use it. It worked for my system but I don't know if it will work for yours (although it should).

 

1) Go to your the scripts directory in your plugin installation directory it should be located in:

 /usr/local/emhttp/plugins/openvpnserver/scripts

 

2) Use nano (or your favorite text editor) to edit the rc.openvpnserver script.

 

3) Using your text editor scroll down until you hit a function called "openvpnserver_get_easy", in this function you will want to make the following changes:

delete or comment out:

wget $EASYRSA_DL_VERSION line, this command is causing problems since an earlier curl does not work properly.

replace this line with this command:

wget "https://github.com/OpenVPN/easy-rsa/archive/master.zip"

And, that's it!.

 

After you save the script you can run the following command to download easy rsa, or you could click on the GUI's button. Your choice: 

./rc.openvpnserver download_easy-rsa

 

 

It is worthy to note that this is a more or less patchwork solution, while it works now I do not know how long it will remain that way. If you have any suggestions or questions, leave a response.

 

Good luck!.

 

This worked great for me. It looks like the sed to get the file name no longer works in the script,

 

curl  --fail --silent https://github.com/OpenVPN/easy-rsa/ | grep zip | grep archive |  cut -d\" -f16 | cut -d\" -f1 | sed 's#^#https://github.com#g' | grep -v "sig"

 

Is this plugin still being maintained?

 

 

Link to post

Hi,

 

How to create client with password ?

 

on the gui, the password field is disabled=disabled, already try with firebug to delete this part and submit form, but after, the log say: create user with nopass

 

OR

 

How to add password on client already created ?

 

++

Link to post
  • 2 weeks later...
On 12/19/2020 at 9:13 PM, Imperioous said:

Well, I found a quick fix for the broken easy-rsa download if anyone wants to use it. It worked for my system but I don't know if it will work for yours (although it should).

[...]

Good luck!.

 

You're a freaking hero... Someone should really fork this project with that fix, it's been a hot second

 

Though now I fail to generate the server certificate. It tells me it's going to take a long time, prints a bunch of "-" and "+" signs tells me that a file called dh.pem was created, then stops. After that it still doesn't show the checkmark next to "generate the server certificates and keys", so I can't start the server

Edited by ChalkyChalkson
Link to post

As an FYI, it *appears* that @peter_sm's user no longer exists in GitHub, with the net result that installations etc of these plugins can no longer happen. This will result in FCP issuing errors about unknown plugins installed.

 

Peter, get in touch with me with replacement URLs etc if you've simply renamed your user.

 

Thanks.

Link to post
  • 1 month later...
On 3/29/2021 at 5:25 AM, truckerCLOCK said:

I know this is pretty much an unsupported plug in but I was wondering if anyone still uses it and if you've upgraded to 6.9.1 without any issues?

Still works for me.   The key is download easy-rsa v3.0.5 manually.

 

 

Link to post
  • 4 weeks later...

Hello everybody,

Some time ago I forked the petersm1 Project on Github, modified the Code to be able to use a bridged tap instead of tun.  (layer 2).

 

This works good, but everyone has to be aware that Layer 2 has a bit more overheat, I modified it to be able to use Lan Games which use a broadcast. Also, Layer 2 (tap device) does not work under Android, but there is a paid APP that emulates the tap device. You can find my Fork here:

https://github.com/DeBaschdi/openvpnserver 

Edited by DeBaschdi
Link to post

App was working fine until today.  now it seems like when you try to get to settings nothing happens.. Just returns blank page.  Anyone having that issue?  

 

I guess I should go to wireguard...

Link to post
7 hours ago, cbr600ds2 said:

App was working fine until today.  now it seems like when you try to get to settings nothing happens.. Just returns blank page.  Anyone having that issue?  

 

I guess I should go to wireguard...

works fine for me.  my page takes a few seconds to load the pages.

Link to post
16 hours ago, LeoRX said:

works fine for me.  my page takes a few seconds to load the pages.

 

Works now today.  Weird.  Yeah, i could let it stay open for minutes and nothing.  thanks everything!

Link to post
  • 2 weeks later...

I know you have to download easy-rsa v.3.0.5 for the server plugin to make this plugin work on unraid 6.9+ but what about the client plugin? Does it work out the box or do we need extra steps?

Link to post
  • 2 weeks later...
On 5/13/2021 at 9:46 AM, remati said:

I know you have to download easy-rsa v.3.0.5 for the server plugin to make this plugin work on unraid 6.9+ but what about the client plugin? Does it work out the box or do we need extra steps?

client plugins?  works with standard openvpn client.  I use openvpn for android.

just load the .openvpn file it should just work.  (make sure router port forwarding is setup..etc)

Link to post
Posted (edited)
On 5/25/2021 at 2:56 AM, LeoRX said:

client plugins?  works with standard openvpn client.  I use openvpn for android.

just load the .openvpn file it should just work.  (make sure router port forwarding is setup..etc)

 

On 9/26/2014 at 8:37 AM, peter_sm said:

Client



https://raw.githubusercontent.com/petersm1/openvpn_client_x64/master/openvpn_client_x64.plg

 

 

There is a client plugin where your unraid server becomes an openvpn client. Although the above githubusercontent link no longer works because petersm is no longer on github. I've had it installed on my unraid for a few years now and have it paired with unassigned devices to access SMB shares at a remote location. Eventually I think I might need to offload this task to the router.

Edited by remati
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.