Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

OpenVPN - secure access to your unRAID from anywhere

Featured Replies

Attached is a first quick draft of how to set up OpenVPN with DD-WRT so that you can access your unRAID server from anywhere with an Internet Connection in a secure fashion.

 

I've tried to keep this simple and include every single step-by-step instruction.

 

Please revise or add to the wiki to be edited if this document is well received

 

Note: I have reposted this here in the software section as requested

Assumptions.zip

klipsch, you've really done an amazing job compiling both key generation and dd-wrt installation parts.

 

Here I have a script to automate certs and keys generation in unRAID:

 

#!/bin/bash

#OpenVPN common vars
PORT=5238
KEY_SIZE=1024
CA_EXPIRE=3650
KEY_EXPIRE=3650
KEY_COUNTRY="US"
KEY_PROVINCE="DC"
KEY_CITY="Washington"
KEY_ORG="unRAID"
KEY_EMAIL="[email protected]"


#Clients config
CLIENTS=10
CLI_PREFIX="cli-"

#Server config
IP="192.168.0.100"
MASK="255.255.255.0"
INTERVAL="192.168.0.80 192.168.0.90"

CONF_DIR="$(dirname "$(readlink -f ${BASH_SOURCE[0]})")"
KEY_DIR="$CONF_DIR/keys"
CLI_DIR="$CONF_DIR/clients"
LOG_DIR="/var/log/openvpn"

installpkg $CONF_DIR/packages/openssl-0.9.8n-i486-1.txz

if [ -e $KEY_DIR ]; then
rm -rf $KEY_DIR
mkdir $KEY_DIR
else
mkdir $KEY_DIR
fi

if [ -e $CLI_DIR ]; then
rm -rf $CLI_DIR
mkdir $CLI_DIR
else
mkdir $CLI_DIR
fi

sleep 1

cd /usr/doc/openvpn-2.1.1/easy-rsa/2.0

echo "export KEY_DIR=\"$KEY_DIR\" " >> vars
echo "export KEY_SIZE=$KEY_SIZE " >> vars
echo "export CA_EXPIRE=$CA_EXPIRE " >> vars
echo "export KEY_EXPIRE=$KEY_EXPIRE " >> vars
echo "export KEY_COUNTRY=\"$KEY_COUNTRY\" " >> vars
echo "export KEY_PROVINCE=\"$KEY_PROVINCE\" " >> vars
echo "export KEY_CITY=\"$KEY_CITY\" " >> vars
echo "export KEY_ORG=\"$KEY_ORG\" " >> vars
echo "export KEY_EMAIL=\"$KEY_EMAIL\" " >> vars

source vars
clean-all
pkitool --initca 
pkitool --server server
build-dh

count=0
while [[ $count -lt $CLIENTS ]]; do
PREF=$CLI_PREFIX$count
pkitool $PREF
CLI="remote $REMOTE_ADDR\nclient\ndev tap\nproto tcp\nport $PORT\nresolv-retry infinite\n"
CLI+="nobind\npersist-key\npersist-tun\nca ca.crt\ndh dh1024.pem\ncert $PREF.crt\n"
CLI+="key $PREF.key\ncomp-lzo\nverb 4\nmute 20" 
echo -e $CLI > $KEY_DIR/$CLI_PREFIX$count$(echo -tcp.ovpn)
CLI="remote $REMOTE_ADDR\nclient\ndev tap\nproto udp\nport $PORT\nresolv-retry infinite\n"
CLI+="nobind\npersist-key\npersist-tun\nca ca.crt\ndh dh1024.pem\ncert $PREF.crt\n"
CLI+="key $PREF.key\ncomp-lzo\nverb 4\nmute 20" 
echo -e $CLI > $KEY_DIR/$CLI_PREFIX$count$(echo -udp.ovpn)
LIST="$KEY_DIR/$CLI_PREFIX$count$(echo -udp.ovpn)\n$KEY_DIR/$CLI_PREFIX$count$(echo -tcp.ovpn)\n$KEY_DIR/dh1024.pem\n"
LIST+="$KEY_DIR/$CLI_PREFIX$count$(echo .key)\n$KEY_DIR/$CLI_PREFIX$count$(echo .crt)\n$KEY_DIR/ca.crt"
echo -e $LIST | zip -@ -j $CLI_DIR/$CLI_PREFIX$count$(echo .zip)
count=$((count + 1))
done

TCP="tls-server\nca $KEY_DIR/ca.crt\ncert $KEY_DIR/server.crt\nkey $KEY_DIR/server.key\n"
TCP+="dh $KEY_DIR/dh1024.pem\nclient-to-client\nkeepalive 10 120\ncomp-lzo\npersist-key\n"
TCP+="persist-tun\nstatus $LOG_DIR/openvpn-status\nlog $LOG_DIR/openvpn.log\n"
TCP+="log-append $LOG_DIR/openvpn.log\nverb 4-9\nmute 20\ntls-timeout 20\ndaemon\n"
TCP+="port $PORT\nproto tcp\ndev tap0\nserver-bridge $IP $MASK $INTERVAL\n"
TCP+="push \"route-gateway 192.168.0.254\" "

UDP="tls-server\nca $KEY_DIR/ca.crt\ncert $KEY_DIR/server.crt\nkey $KEY_DIR/server.key\n"
UDP+="dh $KEY_DIR/dh1024.pem\nclient-to-client\nkeepalive 10 120\ncomp-lzo\npersist-key\n"
UDP+="persist-tun\nstatus $LOG_DIR/openvpn-status\nlog $LOG_DIR/openvpn.log\n"
UDP+="log-append $LOG_DIR/openvpn.log\nverb 4-9\nmute 20\ntls-timeout 20\ndaemon\n"
UDP+="port $PORT\nproto udp\ndev tap1\nserver-bridge $IP $MASK $INTERVAL\n"
UDP+="push \"route-gateway 192.168.0.254\" "

echo -e $TCP > $CONF_DIR/server-tcp.ovpn
echo -e $UDP > $CONF_DIR/server-udp.ovpn

 

You can adapt it to use in dd-drt, as it can make life easier.

  • Author

awesome!

10 clients should be more than enough for both

 

maybe we can get this added to the wiki and make it a "living" doc for various revisions and script additions and further details for anything missed or added

It would be possible to implement OpenVPN on unRAID itself if Tom compile the kernel with "tun/tap" driver and "802.d bridge" module. I included it in my bzimage, and both occupies only 30k.

 

 

  • 3 months later...

It would be possible to implement OpenVPN on unRAID itself if Tom compile the kernel with "tun/tap" driver and "802.d bridge" module. I included it in my bzimage, and both occupies only 30k.

 

 

 

We can hope...

 

Do you have any docs on how you did the above?

first should do it - thanks

  • 1 year later...

Can somebody compile a kernel with TUN/TAP?  I would like to use OpenVPN server on my unRAID box.

 

Is there a request thread where I can post this request?

  • 2 weeks later...

I haver just compiled  kernel  3.2.1 on B14 and enabled Tun/Tap  "tun: Universal TUN/TAP device driver, 1.6!"

Going to try this :-)

 

//Peter

 

 

 

Nice!  Let me know because I am now running a WatchGuard Firebox X500 with 4 diferent VPN's IPSec, L2TP, PPTP and OpenVPN, but I am always open to testings..

  • 2 months later...

Hi ,

I have followed klipsch  guid, but i run the script that gfjardim created for all  files.

 

Now it looks like this in my folder /boot/openvpn-server

clients/  createcert.sh*  keys/  server-tcp.ovpn*  server-udp.ovpn*

 

There are lots of files in clients and keys folder that not cover in the guide?

 

I have manage to get my router works

 

Installed everything in my windows 7 PC, (ca.crt , cli-1.crt , cli-1.key , cli-1.ovpn) but there is more files in the zip files in the clients folder. ??

 

 

But what shall I do on my unraid server ? I think I should start something ??

 

EDIT

 

Looked on my router, now it looks like this, is this right ? this is after a router reboot and windows 7 recognition a new network, before reboot it was according the guide.

ps | grep open

 openvpn --config /tmp/openvpn/openvpn.conf --route-up /tmp/openvpn/route-up.sh --down /tmp/openvpn/route-down.sh --daemon

 

 

//Peter

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.