OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

On 6/15/2021 at 8:41 PM, itimpi said:

Not quite the question you asked but is there any reason to not use the WireGuard VPN that is built into recent UnRaid releases.    That can be used regardless of whether the array is started or not.

I have a homogenous OpenVPN everywhere setup. I have not yet looked into wireguard configuration, nor do I know if I can use it on a couple slightly restricted machines. I will look into it though.

Link to comment
  • 4 weeks later...
  • 2 weeks later...
On 6/14/2021 at 2:37 AM, metabubble said:

Since this one is basically dead, is there any OpenVPN server for unraid that will work on a stopped array? I use encryption and I would love to be able to recover in case my battery power ran out and the server had to be shut down.

 

Oh my. This is some really bad news as far as I am concerned. I heavily rely on the possibility to have en OpenVPN server running on Unraid (not the OpenVPN-server-AS docker container).

 

Is there any way I can backup the plugin from my machine where it is already installed so that I can reinstall it in case I need to ?

Link to comment
  • 4 weeks later...
  • 5 weeks later...
On 12/9/2020 at 3:43 PM, LeoRX said:

- ssh in and run chmod +x /mnt/user/appdata/openvpn-server/easy-rsa/easyrsa to make it executable.

 

I've had OpenVPN installed and running for a couple of years. Somehow I had lost the x attribute and wasn't able to add new clients. Your post hinted me to check it and it fixed my issue.

  • Like 1
Link to comment
  • 1 month later...

Hi there,

I would like to point out again that I forked the petersm1 project on GitHub a long time ago.

I modified the plugin, It now uses Layer 2 (tab device) by default, i.e. a network bridge to the existing br0 in Unraid.

 

If you prefer layer 3, i.e. a routed network, you should switch to Wireguard or something similar.

 

Layer 2 has the advantage that it is seen like a "real" LAN cable, broadcast etc. comes through,

I personally use it to connect with my friends online and to be able to play classic "LAN" Games together.

 

However, if you want to access with Android, you need the app "openvpn pro", because android can only emulate tap without being routed, which is also the only app that I know of.

Windows, Linux and Mac have no problems whatsoever.

 

openvpn 2.4.9 is used,

The easyrsa installation has also been fixed.

 

who wants to start openvpn automatically after a system restart (without a started array because it is encrypted) can add that to /boot/config/go :

 

##OPENVPN-SERVER
source /boot/config/plugins/openvpnserver/openvpnserver_cert.cfg
logger "Starting OpenVPN Server"
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver start | logger

 

https://github.com/DeBaschdi/openvpnserver

 

Plugin :

https://raw.githubusercontent.com/DeBaschdi/openvpnserver/master/openvpn_server_x64.plg

 

Edited by DeBaschdi
Link to comment
  • 1 month later...
On 11/3/2021 at 10:12 AM, DeBaschdi said:

Hi there,

I would like to point out again that I forked the petersm1 project on GitHub a long time ago.

I modified the plugin, It now uses Layer 2 (tab device) by default, i.e. a network bridge to the existing br0 in Unraid.

Thank you so much for doing this! I did have quite a bit of TLS friction with this plugin without any obvious ways to fix it except disabling TLS outright (oof), but at least I finally have a server running again :D

The first TLS error I ran into was telling me that client (open vpn 2.4.9 windows client) and server had no ciphersuites in common with the suggestion to relax --tls-cipher options. Any plans to maybe expose that? I guess I can always telnet in and do that stuff in the consol, but your plugin is so user friendly otherwise ❤️ 

Link to comment
23 minutes ago, ChalkyChalkson said:

Thank you so much for doing this! I did have quite a bit of TLS friction with this plugin without any obvious ways to fix it except disabling TLS outright (oof), but at least I finally have a server running again :D

The first TLS error I ran into was telling me that client (open vpn 2.4.9 windows client) and server had no ciphersuites in common with the suggestion to relax --tls-cipher options. Any plans to maybe expose that? I guess I can always telnet in and do that stuff in the consol, but your plugin is so user friendly otherwise ❤️ 

 

Hi, i can´t confirm an tls Problem with Linux and / or Windows Client´s, check my Settings :

My Win 10 OVPN Client :

https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.9-I601-Win10.exe

 

Unbenannt.thumb.png.fb21ea61efac699d534ce79a512a2055.png

 

 

Link to comment
  • 3 months later...
  • 1 month later...

I had to change my Unraid USB drive and I lost my OpenVPN setup. I managed to grab and install the forked (TAP) server plugin linked a few post above. It's been running fine for a month or so. Yesterday I rebooted the Unraid server and now OpenVPN won't start. The logs showed no error, but I copied the startup command shown in the log

/usr/sbin/openvpn --writepid /var/run/openvpnserver/openvpnserver.pid --config 
/mnt/user/appdata/openVPNserver/openvpnserver.ovpn --script-security 2 --daemon

and ran it in shell. It gave an error: 

/usr/sbin/openvpn: error while loading shared libraries: libcrypto.so.1: cannot
open shared object file: No such file or directory

 

I created a symbolic link for the file in '/usr/lib64'. It then complained about another file:

/usr/sbin/openvpn: error while loading shared libraries: libssl.so.1: cannot open 
shared object file: No such file or directory

 

Again I created a symbolic link for it. Then it gave an error:

/usr/sbin/openvpn: symbol lookup error: /usr/sbin/openvpn: undefined symbol: 
SSL_library_init

 

This I don't know how to fix. I'm guessing it's some kind of library mismatch.

 

I don't remember updating anything related to either Unraid or OpenVPN. So I don't understand what broke or why.

Link to comment
  • 3 weeks later...
  • 3 months later...
  • 11 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.