OpenVPN Server & Client for unRAID 6.2+ (6.1 are still supported)


peter_sm

Recommended Posts

I had been using this plugin quite well for a couple of months, but recently I screwed up my drive with the appdata, so I had to reconfigure some plugins.

 

I configure the plugin as usual but it appears that the "server.crt" file is not being generated, the rest of the files like dh.pem, server.key, ta.key and ca.crt are being generated.

This does not let me to start the server.

 

Any ideas what happened?

 

This is the log:

 

Options error: --cert fails with '/mnt/cache/appdata/myVPNserver/server.crt': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

 

 

When I try to add a user I get this: 

Adding client:  test
spawn ./easyrsa build-client-full test nopass
Generating a 4096 bit RSA private key
................................++
..................++
writing new private key to '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/test.key.XXXX2yVBjF'
-----
Using configuration from ./openssl-1.0.cnf
Enter pass phrase for /mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'test'
ERROR: adding extensions in section default
47792154144280:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125:
47792154144280:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=copy_extensions, value=copy

Easy-RSA error:

signing failed (openssl output above may have more detail)
cp: cannot stat '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/issued/test.crt': No such file or directory
you got only one client script, instead of script plus 4 keys and certs
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./test.crt: No such file or directory
cp: cannot stat 'test.crt': No such file or directory
rm: cannot remove 'test.crt': No such file or directory
Done Inline file !

Edited by Naminator
Link to comment
I had been using this plugin quite well for a couple of months, but recently I screwed up my drive with the appdata, so I had to reconfigure some plugins.
 
I configure the plugin as usual but it appears that the "server.crt" file is not being generated, the rest of the files like dh.pem, server.key, ta.key and ca.crt are being generated.
This does not let me to start the server.
 
Any ideas what happened?
 
This is the log:
 
Options error: --cert fails with '/mnt/cache/appdata/myVPNserver/server.crt': No such file or directory
Options error: Please correct these errors.
Use --help for more information.

 
 
When I try to add a user I get this: 
Adding client:  test
spawn ./easyrsa build-client-full test nopass
Generating a 4096 bit RSA private key
................................++
..................++
writing new private key to '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/test.key.XXXX2yVBjF'
-----
Using configuration from ./openssl-1.0.cnf
Enter pass phrase for /mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/private/ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'test'
ERROR: adding extensions in section default
47792154144280:error:22097082:X509 V3 routines:DO_EXT_NCONF:unknown extension name:v3_conf.c:125:
47792154144280:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=copy_extensions, value=copy

Easy-RSA error:
signing failed (openssl output above may have more detail)
cp: cannot stat '/mnt/cache/appdata/myVPNserver/easy-rsa/easyrsa3/pki/issued/test.crt': No such file or directory
you got only one client script, instead of script plus 4 keys and certs
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./test.crt: No such file or directory
cp: cannot stat 'test.crt': No such file or directory
rm: cannot remove 'test.crt': No such file or directory
Done Inline file !


Easyrsa is broken , se my info some post I post earlier


Skickat från min iPhone med Tapatalk
Link to comment

On the client, is there a way to have it auto login if it is disconnected? Like a "retry in 4 minutes if disconnected from server."

 

I'm trying to setup a quasi site to site setup on a remote backup and wanted to bypass adding in another pfsense setup to manage a site to site connection.

Link to comment

Hi Peter,

 

Recently my ISP has appeared to block port 1194 so I have switched to 443 and subsequently re-configured the server and raised new clients for iOS and windows.

 

on connection from iOS I am getting a transport paused message which then leads to a NETWORK_EOF_ERROR / TRANSPORT_ERROR, all configurations server and client are identical to my previous setup.

 

Have you come across this before?

 

iOS connection log

Quote

2017-09-07 12:55:36 Client terminated, reconnecting in 1...

2017-09-07 12:55:37 EVENT: RECONNECTING

2017-09-07 12:55:37 EVENT: RESOLVE

2017-09-07 12:55:37 Contacting xx.xx.xx.xx:443 via TCP

2017-09-07 12:55:37 EVENT: WAIT

2017-09-07 12:55:37 SetTunnelSocket returned 1

2017-09-07 12:55:37 Connecting to [xxxxx.duckdns.org]:443 (xx.xx.xx.xx) via TCPv4

2017-09-07 12:55:37 TCP recv EOF

2017-09-07 12:55:37 Transport Error: Transport error on 'xxxxxxx.duckdns.org: NETWORK_EOF_ERROR

2017-09-07 12:55:37 EVENT: TRANSPORT_ERROR Transport error on 'xxxxxxx.duckdns.org: NETWORK_EOF_ERROR [ERR]

2017-09-07 12:55:37 Client terminated, restarting in 5000 ms...

2017-09-07 12:55:40 RECONNECT TEST: Internet:ReachableViaWWAN/WR t------

2017-09-07 12:55:40 Client terminated, reconnecting in 1...

2017-09-07 12:55:41 EVENT: RECONNECTING

2017-09-07 12:55:41 EVENT: RESOLVE

2017-09-07 12:55:41 Contacting xx.xx.xx.xx:443 via TCP

2017-09-07 12:55:41 EVENT: WAIT

2017-09-07 12:55:41 SetTunnelSocket returned 1

2017-09-07 12:55:41 Connecting to [xxxxx.duckdns.org]:443 (xx.xx.xx.xx) via TCPv4

2017-09-07 12:55:41 TCP recv EOF

2017-09-07 12:55:41 Transport Error: Transport error on 'xxxxx.duckdns.org: NETWORK_EOF_ERROR

2017-09-07 12:55:41 EVENT: TRANSPORT_ERROR Transport error on 'xxxxx.duckdns.org: NETWORK_EOF_ERROR [ERR]

2017-09-07 12:55:41 Client terminated, restarting in 5000 ms...

2017-09-07 12:55:43 EVENT: CONNECTION_TIMEOUT [ERR]

2017-09-07 12:55:43 EVENT: DISCONNECTED

2017-09-07 12:55:43 Raw stats on disconnect:

  BYTES_OUT : 240

  PACKETS_OUT : 15

  NETWORK_EOF_ERROR : 15

  TRANSPORT_ERROR : 15

  CONNECTION_TIMEOUT : 1

  N_RECONNECT : 14

2017-09-07 12:55:43 Performance stats on disconnect:

  CPU usage (microseconds): 80659

  Network bytes per CPU second: 2975

  Tunnel bytes per CPU second: 0

2017-09-07 12:55:43 EVENT: DISCONNECT_PENDING

2017-09-07 12:55:43 ----- OpenVPN Stop -----

 

W10 Connection Log

 

Quote

Thu Sep 07 13:12:07 2017 MANAGEMENT: >STATE:1504775527,WAIT,,,,,,
Thu Sep 07 13:12:07 2017 Connection reset, restarting [0]
Thu Sep 07 13:12:07 2017 SIGUSR1[soft,connection-reset] received, process restarting
Thu Sep 07 13:12:07 2017 MANAGEMENT: >STATE:1504775527,RECONNECTING,connection-reset,,,,,
Thu Sep 07 13:12:07 2017 Restart pause, 5 second(s)
Thu Sep 07 13:12:12 2017 MANAGEMENT: >STATE:1504775532,RESOLVE,,,,,,
Thu Sep 07 13:12:12 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443
Thu Sep 07 13:12:12 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Sep 07 13:12:12 2017 Attempting to establish TCP connection with [AF_INET]xx.xx.xx.xx:443 [nonblock]
Thu Sep 07 13:12:12 2017 MANAGEMENT: >STATE:1504775532,TCP_CONNECT,,,,,,
Thu Sep 07 13:12:13 2017 TCP connection established with [AF_INET]xx.xx.xx.xx:443
Thu Sep 07 13:12:13 2017 TCP_CLIENT link local: (not bound)
Thu Sep 07 13:12:13 2017 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:443
Thu Sep 07 13:12:13 2017 MANAGEMENT: >STATE:1504775533,WAIT,,,,,,
Thu Sep 07 13:12:13 2017 Connection reset, restarting [0]
Thu Sep 07 13:12:13 2017 SIGUSR1[soft,connection-reset] received, process restarting
Thu Sep 07 13:12:13 2017 MANAGEMENT: >STATE:1504775533,RECONNECTING,connection-reset,,,,,
Thu Sep 07 13:12:13 2017 Restart pause, 5 second(s)

 

 

Link to comment
  • 2 weeks later...
On 8/3/2017 at 1:43 PM, crazycam425 said:

I have 2 unraid servers. I had this plugin installed for a year now on 1 of the servers. Just recently the plugin stopped working and I noticed the Start button was missing entirely so i cannot start the plugin. I tried to remove the plugin and used ca to remove all app data. Then I used Krusader to remove the file myVPNserver from the cache. Then I rebooted the server and tried to install again and the same thing happened. No start button. 

 

On my second server that has never had this plugin installed on it before, I was able to install the plugin and start it no problem and everything is fine.

 

Can someone please help me figure this out. I really need to get this plugin going again and it is by far the best openvpn plugin for what I need. Any help is much appreciated.

I have the exact same thing you describe going on, did you ever figure this out?

Link to comment
3 hours ago, mostlydave said:

I have the exact same thing you describe going on, did you ever figure this out?

When this happen , can you check if the openvpn process is running ?

ps -ef | grep openvpn

and also check if this file exist. Shall not exist if the plugin is not started

/var/run/openvpnserver/openvpnserver.pid

 

//Peter

Link to comment
10 hours ago, peter_sm said:

When this happen , can you check if the openvpn process is running ?


ps -ef | grep openvpn

and also check if this file exist. Shall not exist if the plugin is not started


/var/run/openvpnserver/openvpnserver.pid

 

//Peter

First Command:

 

root@Zelda:~# ps -ef |grep openvpn
root     23009 22337  0 11:44 pts/1    00:00:00 grep openvpn
root@Zelda:~# root     23009 22337  0 11:44 pts/1    00:00:00 grep openvpn
 

I am not seeing the .pid file in my appdata\openvpn folder

Link to comment
2 hours ago, mostlydave said:

I am not seeing the .pid file in my appdata\openvpn folder

 

What about the path and file I asked for ? 

/var/run/openvpnserver/openvpnserver.pid
/etc/rc.d/rc.openvpnserver restart
 openvpn --version 

Try above 2 command and post results.

 

//Peter

Edited by peter_sm
Link to comment

root@Zelda:~# An error occurred, server not started!. More info in /var/log/openvpnserver.log or /var/local/emhttp/plugins/openvpnserver/openvpnserver.out
-bash: !.: event not found
root@Zelda:~#

 

/var/run/openvpnserver is empty

 

I'm thinking I might just remove the plugin and start over, I just remember it being a pain trying to get the cert on an iphone

Link to comment
5 hours ago, thegeneral said:

When going to the OpenVPN Client settings i see something called "choose a file" but its not clickable for me to upload my config file.

 

Where do i place my config file so it shows up in the list

 

thanks.

Hi,

 

See info on first post and a link ,I will summarize it better in first page when I have time.

 

"Unpack your provider certificate/files to /boot/openvpn (create that folder if it's not exist) , can now be several ovpn files"

Link to comment
On 8/31/2017 at 0:45 AM, peter_sm said:

sudo: openvpn: command not found

 

This indicates that you don't have the openvpn packages installed, pleas check your flash drive for defects. And add the syslog.

 

 

I was able to fix the issue.. If others are having this problem, this is what I did.

 

Remove the plugin

Restart the server

Reinstall it

 

Worked!

 

Thanks for responding

Link to comment

Hi @peter_sm, I'm getting a weird issue when I try to generate client certificates.

 

So I changed some settings that warranted a regeneration of client certificates. But the GUI won't let me regenerate the certificates, thinking that I already had them. So I went into the appdata folder and deleted anything that was related to the username of the client I was trying to generate. (I left the important files like server.crt and stuff like that alone, just anything with the username on it was deleted)

 

The GUI still didn't let me regenerate, so I realized it was hashing the client name. Found where it was stored and deleted the line and GUI finally let me regenerate.

 

And this is what I got

 

spawn ./easyrsa build-client-full ideaman924 nopass
couldn't execute "./easyrsa": permission denied
    while executing
"spawn ./easyrsa build-client-full ideaman924 nopass"
cp: cannot stat '/mnt/user/appdata/openvpn-server/easy-rsa/easyrsa3/pki/issued/ideaman924.crt': No such file or directory
cp: cannot stat '/mnt/user/appdata/openvpn-server/easy-rsa/easyrsa3/pki/private/ideaman924.key': No such file or directory
you got only one client script, instead of script plus 4 keys and certs
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 494: ./ideaman924.crt: No such file or directory
/usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver: line 498: ./ideaman924.key: No such file or directory
cp: cannot stat 'ideaman924.crt': No such file or directory
cp: cannot stat 'ideaman924.key': No such file or directory
rm: cannot remove 'ideaman924.crt': No such file or directory
rm: cannot remove 'ideaman924.key': No such file or directory
Done Inline file !

Uhh permission denied? What is wrong here?

 

Also can you *please, please please* make regeneration of client files easy through the GUI? I hate going to the console...

 

Also it might be good if the "Generate Certificate" button initiated a download straight from the browser instead of us hunting through the appdata folder...

Link to comment
14 hours ago, ideaman924 said:

Hi @peter_sm, I'm getting a weird issue when I try to generate client certificates.

 

So I changed some settings that warranted a regeneration of client certificates. But the GUI won't let me regenerate the certificates, thinking that I already had them.

Also it might be good if the "Generate Certificate" button initiated a download straight from the browser instead of us hunting through the appdata folder...

When changing settings for the server that needs new client certificate I recommend to "Regenerate the server certificates keys" this will give you a fresh server with all old clients deleted. Will this meet your requirements ?

 

I can look at the download of client file what I can do.

 

Link to comment
1 hour ago, peter_sm said:

When changing settings for the server that needs new client certificate I recommend to "Regenerate the server certificates keys" this will give you a fresh server with all old clients deleted. Will this meet your requirements ?

 

I can look at the download of client file what I can do.

 

That is OK too but doesn't it take quite some time to regenerate?

 

Also the download thing would be pretty sweet if it gets implemented, thanks in advance!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.