OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)

peter_sm

By peter_sm
in Plugin Support

Recommended Posts

Guest

Guest

Posted
Posted (edited)
On 2017. 10. 8. at 8:40 PM, peter_sm said:

 

New release available , now with an new tab for download of client config files!

 

//Peter

 

This is sweet, thank you so much!

 

One problem though. I tried regenerating the server keys. But when I click on the button, it just drops me back into the settings of OpenVPN with no changes. I can still see my clients, etc.

 

I think there might be a permissions issue, so I'm going to try and delete the appdata folder that contains openvpn, but do you have any insight as to what might be going wrong?

 

EDIT1: So after deleting the folder and recreating it, this happened when I tried to start the server:

  

Options error: --dh fails with '/mnt/user/appdata/openvpn-server/dh.pem': No such file or directory (errno=2)
Options error: --ca fails with '/mnt/user/appdata/openvpn-server/ca.crt': No such file or directory (errno=2)
Options error: --cert fails with '/mnt/user/appdata/openvpn-server/server.crt': No such file or directory (errno=2)
Fri Oct 13 18:39:26 2017 WARNING: cannot stat file '/mnt/user/appdata/openvpn-server/server.key': No such file or directory (errno=2)
Options error: --key fails with '/mnt/user/appdata/openvpn-server/server.key': No such file or directory (errno=2)
Fri Oct 13 18:39:26 2017 WARNING: cannot stat file '/mnt/user/appdata/openvpn-server/ta.key': No such file or directory (errno=2)
Options error: --tls-auth fails with '/mnt/user/appdata/openvpn-server/ta.key': No such file or directory (errno=2)
Options error: Please correct these errors.
Use --help for more information.

Hmm? I'm on 6.4.0-rc9f if that helps any.

 

EDIT: When I click on the server generate button, I see a openssl process launched. It keeps using 100% of CPU, but the WebGUI shows that the certificate has been successfully created in a matter of a minute.

 

What I am guessing here is that the WebGUI does not lock as long as it should. Therefore, while openssl is busy generating the configuration and the keys, the WebGUI just barrels on and lets you generate client keys. Now the client keys are meaningless because the server keys aren't done yet, but the GUI doesn't catch that. But when I try to start the server it does.

 

I suppose I could wait for the process to finish, and then start the remaining steps, but this will be pretty confusing for any newcomers. I suggest the WebGUI should be locked while the certificates are being generated.

Edited by Guest
Link to comment
  • Replies 967
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

peter_sm
peter_sm

I have updated the OpenVPN Server & Client plugins for the V6.2+ plugin manager. Post all issue you have in this thread !! To install. Install the plugins, go to the 'Extensions' pa

armandkd
armandkd

Had the same issue, you need to edit that line and replace "-f16" with "-f14". Install works great after this edit. Github probably modified its HTML.

Serenity_Duck
Serenity_Duck

Hi,   I changed from OpenVPN AS from Linuxservers to yours. At first, good job Everything is working fine for me at the moment.   But I have one question, maybe I oversee som

Posted Images

peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
4 hours ago, ideaman924 said:

This is sweet, thank you so much!

I suggest the WebGUI should be locked while the certificates are being generated.

Wonder howe that could be done?  a check to see if the process is running and disable the buttons while is running ?

 

Anyone have a clue how that could be done ?

 

//Peter

Link to comment
  • 2 weeks later...
Guest

Guest

Posted
Posted
On 2017. 10. 14. at 10:37 PM, peter_sm said:

New Version!

 

Now the web page is disabled when generate server certificates!!

 

 

Please test and see how it works for you!

 

//Peter

Thanks! I'll make sure to test the next time I regenerate server configurations!

 

Thank you so much @peter_sm! You're always so helpful!

Link to comment
  • 3 weeks later...
Melo Noob

Melo

Posted
Posted (edited)

Hi Peter,

 

Could you help me with this?

I want to connect to Perfect Privacy VPN with the Open VPN Client Plugin, but it fails.

Everything in the logs looks normal up to here:

 

Wed Nov  8 03:43:04 2017 us=721892 GDG6: NLMSG_ERROR: error Operation not supported

Wed Nov  8 03:43:04 2017 us=721908 ROUTE6: default_gateway=UNDEF
Wed Nov  8 03:43:04 2017 us=726331 TUN/TAP device tun5 opened
Wed Nov  8 03:43:04 2017 us=726388 TUN/TAP TX queue length set to 100
Wed Nov  8 03:43:04 2017 us=726425 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Wed Nov  8 03:43:04 2017 us=726491 /usr/sbin/ip link set dev tun5 up mtu 1500
Wed Nov  8 03:43:04 2017 us=728318 /usr/sbin/ip addr add dev tun5 10.2.19.245/24 broadcast 10.2.19.255
Wed Nov  8 03:43:04 2017 us=730138 /usr/sbin/ip -6 addr add fdbf:1d37:bbe0:0:33:3:0:1245/112 dev tun5
RTNETLINK answers: Operation not supported
Wed Nov  8 03:43:04 2017 us=731940 Linux ip -6 addr add failed: external program exited with error status: 2
Wed Nov  8 03:43:04 2017 us=731981 Exiting due to fatal error

 

Thanks in advance!

Edited by Melo
Link to comment
  • 4 weeks later...
peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
11 minutes ago, Risha said:

could someone help me to understand what or if i have done something wrong.

i have setup the plugin and installed everything on my remote computer.

i can get remote access to the unraid webui but i cant get access to my network shares.

 

 

Please add more info how you configured the server, or you maybe using all default settings?

 

Link to comment
  • 2 weeks later...
peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
On 2017-12-15 at 11:15 AM, docbrown said:

As I am fairly new to everything Unraid and this plugin (installed today), I'm having the same earlier issue with easy-rsa not generating the files. I know to use an earlier version but I'm confused on how to install it in the environment. 

 

Any help will be appreciated.

Did a fresh installation and all works fine! please check all your settings. 

Link to comment
peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
On 2017-12-16 at 12:39 PM, peter_sm said:

Did a fresh installation and all works fine! please check all your settings. 

Loos like they broken the easyrsa3 ... I see this in my log :-(

 

Quote

Using configuration from ./openssl-easyrsa.cnf
Enter pass phrase for /mnt/cache/appdata/myVPN/easy-rsa/easyrsa3/pki/private/ca.key:
ERROR: on line 16 of config file '/mnt/cache/appdata/myVPN/easy-rsa/easyrsa3/pki/extensions.temp'
23133060112000:error:02001002:system library:fopen:No such file or directory:bss_file.c:175:fopen('/mnt/cache/appdata/myVPN/easy-rsa/easyrsa3/pki/index.txt.attr','rb')
23133060112000:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:182:
23133060112000:error:0E078072:configuration file routines:DEF_LOAD:no such file:conf_def.c:201:
23133060112000:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:conf_def.c:351:line 16

Easy-RSA error:

signing failed (openssl output above may have more detail)

.

Link to comment
peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
30 minutes ago, digiblur said:

Nice work! Had to do the easyrsa downgrade but all is well. Nice to see the cipher already set to a strong one. Only thing I will be adding is the TLS auth option. Would be a great feature to build into the GUI.

https://community.openvpn.net/openvpn/wiki/Hardening

Hi,

 

TLS auto is default :-)

 

Quote

tls-auth /mnt/cache/appdata/myVPN/ta.key
 

 

Link to comment
digiblur Apprentice

digiblur

Posted
Posted

Using a 192.168.1.3 IP for my unRaid box.  192.168.1.1 is my gateway, along with 192.168.1.2 is my DNS.  When I connect, I can hit and use my unRaid box fine, but I can't access anything else on the LAN or go out via the WAN.  Pinging from the Android device to any working address on 192.168.1.x does not work.  

 

I tried changing the OpenVPN server IP to 192.168.3.0 just to make sure it wasn't conflicting with the two other 10.0.0.x subnets I have on my router but that didn't change anything.  I'm thinking it is something I'm overlooking in the routing. 

 

Redirect-gateway is set to - redirect-gateway def1

Push LAN subnet to clients is set to Yes

 

Link to comment
peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
Using a 192.168.1.3 IP for my unRaid box.  192.168.1.1 is my gateway, along with 192.168.1.2 is my DNS.  When I connect, I can hit and use my unRaid box fine, but I can't access anything else on the LAN or go out via the WAN.  Pinging from the Android device to any working address on 192.168.1.x does not work.  
 
I tried changing the OpenVPN server IP to 192.168.3.0 just to make sure it wasn't conflicting with the two other 10.0.0.x subnets I have on my router but that didn't change anything.  I'm thinking it is something I'm overlooking in the routing. 
 
Redirect-gateway is set to - redirect-gateway def1
Push LAN subnet to clients is set to Yes
 

Is the 2 setting above defaults? Or you changed these ? If so go for defaults. What is your default route interface ? eth0, br0 ? Verify this by the last iptables row(in red) on the log page. You should see your LAN with all settings set to defaults. I have an update to verify this much better in next release!


Skickat från min iPhone med Tapatalk
Link to comment
digiblur Apprentice

digiblur

Posted
Posted (edited)
11 minutes ago, peter_sm said:


Is the 2 setting above defaults? Or you changed these ? If so go for defaults. What is your default route interface ? eth0, br0 ? Verify this by the last iptables row(in red) on the log page. You should see your LAN with all settings set to defaults. I have an update to verify this much better in next release!


Skickat från min iPhone med Tapatalk

 

The redirect-gateway isn't since I wanted all traffic to pass through the VPN.  Will put it back to default and give it a shot.  

 

EDIT:  I don't see any row in red on the logs.

 

Side note:  I noticed the tls-crypt default is no, but the description says the default is yes.

Edited by digiblur
Link to comment
nickm Noob

nickm

Posted
Posted

Super easy setup so far. I too am getting the "Options error: --cert fails with '/mnt/user/appdata/myVPNserver/server.crt': No such file or directory (errno=2)". I believe that's the EasyRSA...but I can't figure out how to downgrade the EasyRSA version. Can you point me in the right direction? 

  • Like 1
Link to comment
peter_sm Rising Star

peter_sm

Posted
  • Author
Posted
Super easy setup so far. I too am getting the "Options error: --cert fails with '/mnt/user/appdata/myVPNserver/server.crt': No such file or directory (errno=2)". I believe that's the EasyRSA...but I can't figure out how to downgrade the EasyRSA version. Can you point me in the right direction? 

You can try to modify easyrsa with comments above.


Skickat från min iPhone med Tapatalk
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing