December 9, 20169 yr Here's the situation, I have two unRAID servers and my friend has two unRAID servers. We both have gigabit internet and want to be able to access each others servers, securely. I have no clue how to do this though. I've looked into the openVPN plugins but it's a foreign language to me. I can't figure any of it out.
December 9, 20169 yr OpenVPN would probably be the best method for access from WAN. You might check out OpenVPN-AS Docker. It's mostly pre-configured and may be a little simpler to setup. The basic unRAID install is very insecure and should not be exposed to WAN. If you don't have at least a basic understanding of what you are doing it may be best not to attempt this. You could be opening your network to attack. If you do a little research though, it probably won't seem quite so foreign.
December 9, 20169 yr Author Well I mean I have these plugins setup (http://lime-technology.com/forum/index.php?topic=35435), but whenever the client tries to connect it just hangs at connecting, forever, and requires a full restart of the client server. Can't even telnet into it, have to hit the power button on the client server. I am just doing a test run (connecting from one of my servers to another one of my servers) on the same IP. I think there's some routing problem?
December 9, 20169 yr I think the thread you linked would be the place to work out any issues. Another option would be to try the docker. several people have remarked that setup is easier.
December 9, 20169 yr Author I think the thread you linked would be the place to work out any issues. Another option would be to try the docker. several people have remarked that setup is easier. I've never used a docker and have no clue what it is.. I looked at that thread and I don't even understand how to even install it... Everything assumes you know stuff... i've used my unRAID servers as a simple storage device and know very little outside of that.
December 9, 20169 yr Easiest way to install would be via Community Applications. Might want to read this too- https://lime-technology.com/docker-guide/
December 9, 20169 yr Author Installed it, when I click WebUI I get nothing. The docker plugin seems to store everything as root:root permissions on my cache drive, so the entire openvpn-as folder can't be accessed from my windows machine. Extremely frustrating why isn't this easier to figure out.... Log: Initializing OpenVPN... Adding new user login... useradd -s /sbin/nologin "admin" Writing as configuration file... Perform sa init... Wiping any previous userdb... Creating default profile... Modifying default profile... Adding new user to userdb... Modifying new user as superuser in userdb... Getting hostname... Hostname: UNRAID1 Preparing web certificates... Getting web user account... Adding web group account... Adding web group... Adjusting license directory ownership... Initializing confdb... Generating init scripts... Generating PAM config... Generating init scripts auto command... Starting openvpnas... Error: Could not execute server start. /var/run/s6/etc/cont-init.d/40-openvpn-init: line 15: /etc/init.d/openvpnas: No such file or directory [cont-init.d] 40-openvpn-init: exited 0. [cont-init.d] 50-interface: executing... MOD Default {u'admin_ui.https.ip_address': u'all'} {u'admin_ui.https.ip_address': 'eth0'} MOD Default {u'cs.https.ip_address': u'all'} {u'cs.https.ip_address': 'eth0'} MOD Default {u'vpn.daemon.0.listen.ip_address': u'all'} {u'vpn.daemon.0.listen.ip_address': 'eth0'} MOD Default {u'vpn.daemon.0.server.ip_address': u'all'} {u'vpn.daemon.0.server.ip_address': 'eth0'} [cont-init.d] 50-interface: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done.
December 9, 20169 yr There is a video guide that might help- https://lime-technology.com/forum/index.php?topic=43317.msg519853#msg519853
December 9, 20169 yr Author Hmm setting it to "bridge" allowed me to see the login page. Not sure on the differences between host and bridge. I will watch the video.
December 9, 20169 yr Author I followed the video exactly and when attempting to connect with openvpn connect on a windows computer, it just says waiting for VPN server. EDIT: Fixed it.. will keep working on it.
December 9, 20169 yr Author OK, well it's FINALLY working I think but I have another problem... He can see my local network (i'm hosting VPN), but I can't see his. How do I fix this? Not really sure how to connect the the VPN tunnel, if I connect using my IP it kills my internet until I disconnect.
December 9, 20169 yr Author Have you set up openVPN on his end? So he needs to also host openVPN on his unraid box? It's not a two way connection?
December 9, 20169 yr Have you set up openVPN on his end? So he needs to also host openVPN on his unraid box? It's not a two way connection? With your server installation you can serve his client, or anyone else's as you choose. For him to serve you, he must also install the server package and you would need to install whichever client package for the system you're running.
December 10, 20169 yr I'm not sure how it would work under unRaid, but you could try the following info http://www.smallnetbuilder.com/other/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn https://community.openvpn.net/openvpn/wiki/RoutedLans What I would do is get two Raspberry Pi (or similar low power linux device, or if your routers support this), setup OpenVPN on them, and make OpenVPN connect with Tap devices, and configure each to talk to the other. Each side will assign a static IP to the tap device for the remote network. The tap devices are then bridged to the network, thus making the remote side seem local. Then assign static routes with your router to use the remote Pi OpenVPN IP as the gateway for that. A snippet for my connection, where the server has the subnet 192.168.1.0/24, and an ip of 192.168.2.81 while the client has the subnet of 192.168.2.0/24 server side openvpn.conf: tls-server ca certs/cacert.pem cert certs/jpn.pem key private/jpn.key dh certs/dh2048.pem port 9009 comp-lzo persist-tun keepalive 10 120 dev tap0 server startup script /openvpn-startup #!/bin/sh /sbin/ip link l dev tap0 2>&1 > /dev/null || openvpn --mktun --dev tap0 ip addr a 192.168.2.81/24 dev tap0 ip link set dev tap0 up 192.168.2.81 is the assigned ip for the server when the vpn is connected client openvpn.conf: remote server.public.ip-name 9009 remote-cert-tls server tls-client dev tap0 nobind ca certs/cacert.pem cert certs/vpn.pem key private/vpn.key keepalive 5 60 comp-lzo client startup script #!/bin/sh openvpn --mktun --dev tap0 brctl addif br0 tap0 ip link set dev tap0 up ip link set dev tap0 promisc on Now on the server side, we set a static route for 192.168.2.0/24 to use gateway 192.168.1.81 Now on the client side router, we set a static route for 192.168.1.0/24 to use gateway 192.168.2.81 once connected you can ping the server subnet with just a simple ping 192.168.1.1 and vice versa I can guess there are ways to optimize this, but this works for me.
December 10, 20169 yr Author Alright I set the host up on both machines, and it's all working... but it's slow. We both have gigabit (1000/500) internet, so we're capable of about 50-60MB/s upload. We're seeing a peak of about 2MB/s.
Archived
This topic is now archived and is closed to further replies.