Jump to content
peter_sm

OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)

838 posts in this topic Last Reply

Recommended Posts

Hello. Thanks for the great plugin. I had a few questions.

 

1. Are you going to be moving to a Docker like many others? I currently run it as a plugin with Plex, APC etc. Its been running great so I haven't bothered changing over to Docker. Just wondering if I should start getting ready.

 

2. I know its set as a Tun server, but is there any special things I need to set to make shares visible to the client? I can log in threw my Android and view everything threw ES File Manager. But if I log in threw a Windows 7 pc with a fresh OpenVPN install with the generated certs I can't see anything under network shares. I mainly use it as a secure way to reboot unRaid or check up on it when away.

 

Thanks, Kenny.

Share this post


Link to post

1: Why, this plugin only add 3 packages + a nice GUI!, docker for this are overrated!

2: You must have some issue on your PC, do you run it with administrator rights?

 

//P

Share this post


Link to post

Does anybody know how to enable bridge mode rather than routing? Routing works fine right now, but I'd prefer to use bridge mode if possible so when I connect to OpenVPN from my phone or laptop, that I have full access to my entire network.

Share this post


Link to post

You got full access to your lan  with this plugin from iPad and iPhone.........

Share this post


Link to post

You got full access to your lan  with this plugin from iPad and iPhone.........

 

I can't access any computers connected to my network through it. I can connect my Android phone to it without any problems, but when I try to hit my Unraid IP for example I'm not able to access it.

 

Edit: Thank you for you help by the way and for the plugin. Both are very much appreciated.

Share this post


Link to post

What version of unraid/ plugin are u using?

 

I'm running the latest version of Unraid 6 and the plugin. I only have the OpenVPN server installed on unraid, not the client if that makes a difference.

Share this post


Link to post

Ok Then you shall have access to complete LAN, I have it and other as well, do you use standard settings ?

Share this post


Link to post

Ok Then you shall have access to complete LAN, I have it and other as well, do you use standard settings ?

 

I've been playing around with them to try and get it to work. I'll completely uninstall the plugin this evening, as well as the config files, and re-install tonight. Hopefully that will fix the issue.

Share this post


Link to post

Did a fresh install tonight. My phone is getting the IP 10.8.0.2. I can still connect and access the internet, I just cannot access anything connected to my lan.

Share this post


Link to post

I have setup this plugin on unRaid 6 and it works fine, i can connect to my unRaid from my iPhone, however when i try to go to my Tower IP, it takes me to my router login page, am i supposed to forward any ports? My initial assumption was i had to forward port 80, however i was told not to as it would leave my whole network vulnerable to a break-in.

 

Pls advice.

Share this post


Link to post

Try using the local ip address, I.e. 192.0.168.x

 

Thank you, that solved my problem. I have my router configured to point tower to 192.168.1.100 (so I can be lazy and just go to http://tower), but with OpenVPN it does not see those, so I need to use the IP directly.

Share this post


Link to post

Hi,

 

I've installed both plugin server and client. Individually, both runs well. I need a server configuration to handle personal VPN connection to my LAN, and I also need an openvpn client configuration to passthrough output internet connections from my unraid.

 

The problem is that it seems that I'm unable to start/stop client and server process individually, if I start the client for example, the server can't be started because (I think) a process openvpn already exists and so the start button on the server side is switch to a stop button :) (sorry for my english, far from perfect, I know.

 

Can anyone help me about this?  Is there a way to handle both configurations ?

 

Regards

Share this post


Link to post

I haven't yet implemented these plugins into my unraid box, but it sounds like I am going to attempt what you are trying to do.  Hearing that both server and client can't work at the same time isn't promising. 

 

My goal is to have my unraid system download torrents behind a PIA VPN, and at the same time allow me to VPN in via my Android phone/tablet.  For those with more experience with openvpn and unraid, is it possible to use the docker from binhex called delugeVPN, and the openvpn server plugin simultaneously?  That sounds like the ideal situation to me.

Share this post


Link to post

I cannot seem to get the client to work (not sure if I need the server plugin or not). Basically I just want to have all internet connections on my unraid box go through a VPN I have through usenetserver. I attached the ovpn file that I have selected in the settings.

 

Does anyone have any advice in how I can get this working? I've been spending many hours trying other options with docker containers in getting openvpn to work and nothing seems to work. I really think this is the cleanest option, so any help in pointing me in the right direction would be greatly appreciated!

 

I did verify I am using the right username/password set on the settings page.

 

Here are my log files:

Thu Apr  9 09:42:57 2015 OpenVPN 2.3.6 x86_64-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Dec 10 2014
Thu Apr  9 09:42:57 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.03
Thu Apr  9 09:42:57 2015 WARNING: file '/boot/config/plugins/openvpnclient/password.txt' is group or others accessible
Thu Apr  9 09:42:57 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Apr  9 09:42:57 2015 UDPv4 link local: [undef]
Thu Apr  9 09:42:57 2015 UDPv4 link remote: [AF_INET]173.245.202.3:1194
Thu Apr  9 09:42:57 2015 TLS: Initial packet from [AF_INET]173.245.202.3:1194, sid=d7e393c0 e1108365
Thu Apr  9 09:42:57 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr  9 09:42:58 2015 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN
Thu Apr  9 09:42:58 2015 Validating certificate key usage
Thu Apr  9 09:42:58 2015 ++ Certificate has key usage  00a0, expects 00a0
Thu Apr  9 09:42:58 2015 VERIFY KU OK
Thu Apr  9 09:42:58 2015 Validating certificate extended key usage
Thu Apr  9 09:42:58 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Apr  9 09:42:58 2015 VERIFY EKU OK
Thu Apr  9 09:42:58 2015 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN
Thu Apr  9 09:43:04 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr  9 09:43:04 2015 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Apr  9 09:43:04 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr  9 09:43:04 2015 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Apr  9 09:43:04 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Apr  9 09:43:04 2015 [vpn] Peer Connection Initiated with [AF_INET]173.245.202.3:1194
Thu Apr  9 09:43:06 2015 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Thu Apr  9 09:43:06 2015 AUTH: Received control message: AUTH_FAILED
Thu Apr  9 09:43:06 2015 SIGTERM[soft,auth-failure] received, process exiting

 

default via 192.168.1.1 dev eth0  metric 206 
127.0.0.0/8 dev lo  scope link 
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.42.1 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.131 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.131  metric 206 
192.168.1.131 via 127.0.0.1 dev lo  metric 206 

 

default via 192.168.1.1 dev eth0  metric 206 
127.0.0.0/8 dev lo  scope link 
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.42.1 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.131 
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.131  metric 206 
192.168.1.131 via 127.0.0.1 dev lo  metric 206 

chi-a04.txt

Share this post


Link to post
Basically I just want to have all internet connections on my unraid box go through a VPN I have through usenetserver.
I can't comment on the issue you are having, but I did want to caution you to research whether or not the VPN you are using is firewalled at the host end, because if it's not, you will be opening your server up to attack through the VPN. You will be hacked in a matter of minutes.

Share this post


Link to post

I'm pretty sure it is: https://www.usenetserver.com/vpn/

What I'm getting from reading the FAQ's is that you are assigned a private address in their network, and NATTED out the common internet address of whatever server farm you connect to. That offers some protection from the internet in general, but does nothing to prevent other machines connected to their service from hacking in to your machine. If it were me I'd ask their tech support if they recommend firewalling the connection at your end as well. It really depends on their setup.

Share this post


Link to post

Thanks for the info. I may just pay with a different vpn service. Thanks for pointing this out though! I would hate for my unraid box to get hacked.

Share this post


Link to post

trying to install the server plugin, getting the following:

plugin: installing: https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg
plugin: downloading https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg
plugin: downloading: /tmp/plugins/openvpn_server_x64.plg ... done

Warning: simplexml_load_file(): /tmp/plugins/openvpn_server_x64.plg:1: parser error : Document is empty in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 188

Warning: simplexml_load_file(): in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 188

Warning: simplexml_load_file(): ^ in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 188

Warning: simplexml_load_file(): /tmp/plugins/openvpn_server_x64.plg:1: parser error : Start tag expected, '<' not found in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 188

Warning: simplexml_load_file(): in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 188

Warning: simplexml_load_file(): ^ in /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin on line 188
plugin: xml parse error

 

EDIT:

n.m. - internet problems on my end downloaded 0 bytes file...

 

EDIT2:

OK, spoke too soon.

Plugin installed successfully, but "Install Easy-RSA" doesn't work.

Can't follow to status messages, as they disappear too quickly.

Is there a log I can check for the error ?

 

Thanks

Share this post


Link to post

I am having a most perplexing problem. I have the plugin working fine on my dad's unRAID box. I have the EXACT SAME configuration on my box, and I can't get the plugin to work.

 

Everything is configured correctly, but whenever I hit start from the web interface, I get this error in the log:

 

Options error: You must define TUN/TAP device (--dev)
Use --help for more information.

 

The problem is, I do have "dev tun" in my ovpn file, but every time I hit start, it deletes that line from the ovpn file. I tried removing write permissions from the ovpn file, but it still deletes that line every time and fails to start. I'm completely at a loss as to how to remedy this.

 

Edit:

I just tried running the start command manually

/usr/sbin/openvpn --writepid /var/run/openvpn/openvpn.pid --config /boot/openvpn/gw1.iad1.slickvpn.com.ovpn /dev/null

 

It works! So I guess the problem is with the start button on the OpenVPN Client settings page....

Share this post


Link to post

Hi Peter

 

 

Had a question, i just installed the latest server 64bit Plugin in to my Unraid 6.01 and it looks really good, i am doing testing and so far so good... only question i have is in the past you had a location to place the business name and address and other information in the plugin. the new one only has a very small line to place a bit of information. Would it be posable to tell me what file the old style was modifying or adding this functionality back in to the plugin.

 

 

Sorry for the trouble

 

 

thank you for all the help.

 

 

Thornwood

Share this post


Link to post

Don't need these information when I'm now using easyrsa3 to create the cert's.

 

//Peter

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.