OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

Hello,

 

Ive installed OpenVPN server set it up by guide...

changed the port to 7778 (which is forwarded on my router), then ive created client key -> copied to my Android phone -> installed OpenVPN Connect and tried to open the Profile then is trying to connect but without any success :(

 

What else i could check? thanks

 

Wed Apr  5 01:13:38 2017 OpenVPN 2.4.0 x86_64-slackware-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 29 2016
Wed Apr  5 01:13:38 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Wed Apr  5 01:13:38 2017 Diffie-Hellman initialized with 2048 bit key
Wed Apr  5 01:13:38 2017 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Apr  5 01:13:38 2017 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Apr  5 01:13:38 2017 ROUTE_GATEWAY 192.168.10.1/255.255.255.0 IFACE=br0 HWADDR=70:85:c2:33:cf:7e
Wed Apr  5 01:13:38 2017 TUN/TAP device tun0 opened
Wed Apr  5 01:13:38 2017 TUN/TAP TX queue length set to 100
Wed Apr  5 01:13:38 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr  5 01:13:38 2017 /usr/sbin/ip link set dev tun0 up mtu 1500
Wed Apr  5 01:13:38 2017 /usr/sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Wed Apr  5 01:13:38 2017 /usr/sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Wed Apr  5 01:13:38 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Apr  5 01:13:38 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Apr  5 01:13:38 2017 UDPv4 link local (bound): [AF_INET]192.168.10.101:7778
Wed Apr  5 01:13:38 2017 UDPv4 link remote: [AF_UNSPEC]
Wed Apr  5 01:13:38 2017 GID set to users
Wed Apr  5 01:13:38 2017 UID set to nobody
Wed Apr  5 01:13:38 2017 MULTI: multi_init called, r=256 v=256
Wed Apr  5 01:13:38 2017 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Wed Apr  5 01:13:38 2017 IFCONFIG POOL LIST
Wed Apr  5 01:13:38 2017 Initialization Sequence Completed

 

Link to comment

hmm i can post screenshots from mobile onyl - but seems like the issue can be that the *.ovnp file has IP address defined but all those free ports which are used - i need to put them in form like "port.provider.eu:8888" the IP adress which im getting in OpenVPN server app doesnt even work on the other app ports which im already using for other services.

 

for example:

port.provider.eu:8889 work and in IP form XXX.XXX.XXX.XXX:8889 it doesnt

 

Is there any way that i can put that domain name instead of IP address?

Or can i change the IP address which im getting from OpenVPN server file? Ive find out that the IP address which im getting is not the same which i can use for port forwarding

 

example:

when i check my IP online it shows XXX.XXX.XXX.250 but port.provider.eu is actually XXX.XXX.XXX.254

 

Im not having public IP and im in local network with some ports forwarded via port.provider.eu domain / XXX.XXX.XXX.254 IP

 

Hope i explain it right.

thanks :)

Edited by killeriq
added ip
Link to comment

Hello,

 

Ive got it working :) 

Had to type the URL into " Dynamic DNS " field in Server settings.

 

I also found the " OpenVPN Port-Share " setting - this means if i have for example  "port.provider.eu:8888" used for other webservice (transmission or home automation) i could share it with OpenVPN to save 1 port? (i have only 4 ports open)

 

Ive thied to set:

Port for the server 8888

Tunnel Protocol TCP

OpenVPN Port-Share192.168.1.100 8888

 

But is not working. Did i get it right? Thanks

Link to comment
15 hours ago, killeriq said:

TCP

 

15 hours ago, killeriq said:

Hello,

 

Ive got it working :) 

Had to type the URL into " Dynamic DNS " field in Server settings.

 

I also found the " OpenVPN Port-Share " setting - this means if i have for example  "port.provider.eu:8888" used for other webservice (transmission or home automation) i could share it with OpenVPN to save 1 port? (i have only 4 ports open)

 

Ive thied to set:

Port for the server 8888

Tunnel Protocol TCP

OpenVPN Port-Share192.168.1.100 8888

 

But is not working. Did i get it right? Thanks

Did you get the client to connect?

Link to comment

I have additional question:

 

Ive tried ipredator VPN - installed OpenVPN client (on unRAID) been able to connect - still connected

Then started my Open VPN server - been able to Start service , but not able to connect via client (on android)

 

Is there some special setting to get both working?

 

Thanks

Link to comment

I installed successfully, but the docker control interface could not find it. I can not open it now and can not uninstall it。

Apr 20 23:03:01 Tower root: Installing user plugins
Apr 20 23:03:01 Tower root: plugin: installing: /boot/config/plugins/ca.backup.plg
Apr 20 23:03:01 Tower root: plugin: running: anonymous
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: plugin: running: anonymous
Apr 20 23:03:01 Tower root: plugin: skipping: /boot/config/plugins/ca.backup/ca.backup-2017.04.01-x86_64-1.txz already exists
Apr 20 23:03:01 Tower root: plugin: running: /boot/config/plugins/ca.backup/ca.backup-2017.04.01-x86_64-1.txz
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: +==============================================================================
Apr 20 23:03:01 Tower root: | Installing new package /boot/config/plugins/ca.backup/ca.backup-2017.04.01-x86_64-1.txz
Apr 20 23:03:01 Tower root: +==============================================================================
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: Verifying package ca.backup-2017.04.01-x86_64-1.txz.
Apr 20 23:03:01 Tower root: Installing package ca.backup-2017.04.01-x86_64-1.txz:
Apr 20 23:03:01 Tower root: PACKAGE DESCRIPTION:
Apr 20 23:03:01 Tower root: Package ca.backup-2017.04.01-x86_64-1.txz installed.
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: 
Apr 20 23:03:01 Tower root: plugin: running: anonymous
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: ----------------------------------------------------
Apr 20 23:03:02 Tower root:  ca.backup has been installed.
Apr 20 23:03:02 Tower root:  Copyright 2015-2016, Andrew Zawadzki
Apr 20 23:03:02 Tower root:  Version: 2017.04.01
Apr 20 23:03:02 Tower root: ----------------------------------------------------
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: plugin: installed
Apr 20 23:03:02 Tower root: plugin: installing: /boot/config/plugins/ca.cleanup.appdata.plg
Apr 20 23:03:02 Tower root: plugin: running: anonymous
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: plugin: running: anonymous
Apr 20 23:03:02 Tower root: plugin: skipping: /boot/config/plugins/ca.cleanup.appdata/ca.cleanup.appdata-2017.01.28-x86_64-1.txz already exists
Apr 20 23:03:02 Tower root: plugin: running: /boot/config/plugins/ca.cleanup.appdata/ca.cleanup.appdata-2017.01.28-x86_64-1.txz
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: +==============================================================================
Apr 20 23:03:02 Tower root: | Installing new package /boot/config/plugins/ca.cleanup.appdata/ca.cleanup.appdata-2017.01.28-x86_64-1.txz
Apr 20 23:03:02 Tower root: +==============================================================================
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: Verifying package ca.cleanup.appdata-2017.01.28-x86_64-1.txz.
Apr 20 23:03:02 Tower root: Installing package ca.cleanup.appdata-2017.01.28-x86_64-1.txz:
Apr 20 23:03:02 Tower root: PACKAGE DESCRIPTION:
Apr 20 23:03:02 Tower root: Package ca.cleanup.appdata-2017.01.28-x86_64-1.txz installed.
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: plugin: running: anonymous
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: ----------------------------------------------------
Apr 20 23:03:02 Tower root:  ca.cleanup.appdata has been installed.
Apr 20 23:03:02 Tower root:  Copyright 2015-2016, Andrew Zawadzki
Apr 20 23:03:02 Tower root:  Version: 2017.01.28
Apr 20 23:03:02 Tower root: ----------------------------------------------------
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: plugin: installed
Apr 20 23:03:02 Tower root: plugin: installing: /boot/config/plugins/ca.update.applications.plg
Apr 20 23:03:02 Tower root: plugin: running: anonymous
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: plugin: running: anonymous
Apr 20 23:03:02 Tower root: plugin: skipping: /boot/config/plugins/ca.update.applications/ca.update.applications-2017.03.18-x86_64-1.txz already exists
Apr 20 23:03:02 Tower root: plugin: running: /boot/config/plugins/ca.update.applications/ca.update.applications-2017.03.18-x86_64-1.txz
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:02 Tower root: +==============================================================================
Apr 20 23:03:02 Tower root: | Installing new package /boot/config/plugins/ca.update.applications/ca.update.applications-2017.03.18-x86_64-1.txz
Apr 20 23:03:02 Tower root: +==============================================================================
Apr 20 23:03:02 Tower root: 
Apr 20 23:03:03 Tower root: Verifying package ca.update.applications-2017.03.18-x86_64-1.txz.
Apr 20 23:03:03 Tower root: Installing package ca.update.applications-2017.03.18-x86_64-1.txz:
Apr 20 23:03:03 Tower root: PACKAGE DESCRIPTION:
Apr 20 23:03:03 Tower root: Package ca.update.applications-2017.03.18-x86_64-1.txz installed.
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: plugin: running: anonymous
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: ----------------------------------------------------
Apr 20 23:03:03 Tower root:  ca.update.applications has been installed.
Apr 20 23:03:03 Tower root:  Copyright 2015-2016, Andrew Zawadzki
Apr 20 23:03:03 Tower root:  Version: 2017.03.18
Apr 20 23:03:03 Tower root: ----------------------------------------------------
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: plugin: installed
Apr 20 23:03:03 Tower root: plugin: installing: /boot/config/plugins/community.applications.plg
Apr 20 23:03:03 Tower root: plugin: running: anonymous
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: Cleaning Up Old Versions
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: plugin: running: anonymous
Apr 20 23:03:03 Tower root: plugin: skipping: /boot/config/plugins/community.applications/community.applications-2017.04.09.txz already exists
Apr 20 23:03:03 Tower root: plugin: running: /boot/config/plugins/community.applications/community.applications-2017.04.09.txz
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: +==============================================================================
Apr 20 23:03:03 Tower root: | Installing new package /boot/config/plugins/community.applications/community.applications-2017.04.09.txz
Apr 20 23:03:03 Tower root: +==============================================================================
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: Verifying package community.applications-2017.04.09.txz.
Apr 20 23:03:03 Tower root: Installing package community.applications-2017.04.09.txz:
Apr 20 23:03:03 Tower root: PACKAGE DESCRIPTION:
Apr 20 23:03:03 Tower root: Package community.applications-2017.04.09.txz installed.
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:03 Tower root: 
Apr 20 23:03:04 Tower root: plugin: running: anonymous
Apr 20 23:03:04 Tower root: Creating Directories
Apr 20 23:03:04 Tower root: 
Apr 20 23:03:04 Tower root: ----------------------------------------------------
Apr 20 23:03:04 Tower root:  community.applications has been installed.
Apr 20 23:03:04 Tower root:  Copyright 2015-2016, Andrew Zawadzki
Apr 20 23:03:04 Tower root:  Version: 2017.04.09
Apr 20 23:03:04 Tower root: ----------------------------------------------------
Apr 20 23:03:04 Tower root: 
Apr 20 23:03:04 Tower root: plugin: running: anonymous
Apr 20 23:03:04 Tower root: 
Apr 20 23:03:04 Tower root: 
Apr 20 23:03:04 Tower root: 
Apr 20 23:03:04 Tower root: 
Apr 20 23:03:04 Tower root: plugin: installed
Apr 20 23:03:04 Tower root: Starting go script

 

QQ图片20170425231156.png

QQ图片20170425231250.png

Link to comment

Trying to enable this function (its set in OVPN file by provider) https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/

Update resolv-conf script (https://wiki.archlinux.org/index.php/OpenVPN#DNS)

---

How do i enable it? i did copy  /etc/openvpn/update-resolv-conf.sh and set chmod +x , but still not working...

reading: Note: If manually placing the script on the filesystem, be sure to have openresolv installed.

How do i install it into the OpenVPN client or unraid server?

 

Thanks

 

 

Link to comment
  • 2 weeks later...
On 2/26/2017 at 5:12 AM, fc0712 said:

I fixed it :) By changing from tun to tun5 in .ovpn file :) 

 

 

This should be posted on page one large bold rainbow colored letters as "the thing you need to know to make the openvpn client work in unRaid.

Link to comment
  • 3 weeks later...

I read somewhere that running vpn client on server is not recommended due to security concerns, correct? Any recommended IP-TABLES rules to apply??

 

Anyway here is how i deployed this plugin, works great!

 

For those who use OVPN.se

 

mkdir /boot/openvpn && cd /boot/openvpn

 

wget https://files.ovpn.com/linux/ovpn-se.zip && unzip ovpn-se.zip && mv config/* /boot/openvpn && rm -rf config && rm ovpn-se.zip
 

WORKING CONFIG FROM OVPN.SE (taken from ubuntu example)

 

client
dev tun

proto udp

remote pool.prd.se.ovpn.com 1194 # resolves to multiple VPN servers in location
remote pool.prd.se.ovpn.com 1195 # resolves to multiple VPN servers in location
remote-random

mute-replay-warnings
replay-window 256

remote-cert-tls server
cipher aes-256-cbc
pull

nobind
reneg-sec 432000
resolv-retry infinite

comp-lzo
verb 1

persist-key
persist-tun
auth-user-pass
ca ovpn-ca.crt
tls-auth ovpn-tls.key 1
 

Configure client in settings admin page, save and start

 

then check ur external ip in CLI:

curl ipinfo.io/ip

 

 

Edited by deterministik
Link to comment
  • 2 weeks later...

Is there a set up possible that allows for "Bridged" Network w/ my VM's running that will also allow me to be able to see the full network when connected to the VPN. Currently if I have Bridge mode turned on I can only see the machine I am connected to..... no access to the rest of my network!

Edited by clowrym
Link to comment
Is there a set up possible that allows for "Bridged" Network w/ my VM's running that will also allow me to be able to see the full network when connected to the VPN. Currently if I have Bridge mode turned on I can only see the machine I am connected to..... no access to the rest of my network!

Best to post your config as the plugin shows all of my network machines by default
Link to comment
1 hour ago, Ashe said:


Best to post your config as the plugin shows all of my network machines by default

interesting, On the 3 servers I have set up the VPN on, if Bridging is enabled in unraids network settings to allow for the VM's i loose access to the rest of my network!!

 

 

Configuration:

# openvpnserver plugin configuration file
NETWORK=10.8.0.0
NETMASK=255.255.255.0
SERVER_PORT=1194
CANONICAL=XX.XX.XX.XX
PROTOCOL=tcp
CIPHER="cipher AES-256-CBC"
CLIENT="Enable"
HASH_ALGO=""
GATEWAY="Disable"
SUBNET="Disable"
LAN_SUBNET="Enable"
COMP_LZO="0"
IPP="ipp.txt"
DHCP_1="dhcp-option DNS"
TELNET_CONSOLE="No"
VERB="verb 3"
IP_PORT_SHARE=""
TLSENCRYPT="tls-auth"

I have My unraid network set to Bridge (br0) and am running one Windows VM

 

Current routing table:

 

ROUTING TABLE
Protocol Route Gateway Metric Delete
IPv4 default 192.168.1.254 100  
IPv4 10.8.0.0/24 10.8.0.2 1  
IPv4 10.8.0.2 tun0 1  
IPv4 172.17.0.0/16 docker0 1  
IPv4 192.168.1.0/24 br0 1  
IPv4 192.168.122.0/24 virbr0 1  
 
IPv6 2001:56a:74dc:9100::/64 br0 256  
IPv6 default fe80::1278:5bff:fed1:a290 1024  
 
Link to comment

Not much difference in the configuration files, also have bridging enabled on my unraid server

 

Quote

# openvpnserver plugin configuration file
NETWORK=10.8.0.0
NETMASK=255.255.255.0
SERVER_PORT=1194
CANONICAL= ******
PROTOCOL=udp
CIPHER="cipher aes-256-cbc"
CLIENT="Enable"
HASH_ALGO="auth sha512"
GATEWAY="Disable"
SUBNET="Disable"
LAN_SUBNET="Enable"
COMP_LZO="comp-lzo adaptive"
IPP="ipp.txt"
DHCP_1="dhcp-option DNS 8.8.8.8"
TELNET_CONSOLE="No"
VERB="verb 3"
IP_PORT_SHARE=""

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.