When I turn on OpenVPN on my asus router my network speeds slow down to a crawl...
So I thought I would try to enable it on my server instead.
All the guides I have found to set it up are for older plugins or via command line. from what I gather I need to enable, Oopen port 1194 on my router, do I was UDP or TCP? What do I want for my VPN address? DHCP options? Public address would be my ddns right?
Setting up openvpn
-
- OMV 2.x
- GTvert90
-
-
If it is the openediavault-openvpn plugin you just need to open udp 1194. Is there not a default address range in the settings for your virtual private network??? Yes on your ddns address. I used the VPN AS plugin more. Let me look on my RPi 2.
-
What's the difference between the plug-ins? I haven't set it up yet so it's not a big deal to switch if one is better
-
I like the openvpn as because I can always set it up on any computer easy. I log into the UI and download/install the client software. It auotmatically installs the certs for my user. If you have used OpenVPN at all you should realize how nice this is. The big difference is the AS version is the pay version and they only let you use 2 free concurrent clients at a time. On my servers this is no big deal because I am only one accessing, same with my LAN in general. The community version lets you add as many clients as your like.
VPN Network: 10.8.0.0 (I think that is the default)
mask: 255.255.255.0
put check mark in default gatewayOn DHCP options:
DNS Server: ip of your router ( you do not need entry to domain search)Public address: is your ddns service address
-
Here is link for the Windows clients for the community version:
https://openvpn.net/index.php/open-source/downloads.html
If you are on a Windows machine you likely need the 64 bit version for Windows Vista or later.
From the plugin page you download the certs for your client and they have to be unzipped copy/pasted into this location:
c:/Program Files/OpenVPN/config
-
At the top in plugin settings I have these after enable too:
port 1194
protocol udp
use compression checked
PAM authentication checkedPS- Normally if you make any changes to the server settings you should download the client certs again. Delete the old certs from the client and insert the new ones.
-
It looks like I have to use OMV users as the openvpn users? I can't create just VPN user
-
You can create a special user. But you must do it in the Users section of OMV web gui. The server/client is using PAM authentication and that is why we are using the normal users. As long as there is no vpn user you can create one with that name. I don't think that name is used. To check just do this in command line:
id vpn
-
Thanks. I'll work on it this morning.
-
Good Luck, OpenVPN is very nice once you get the hang of it. You will have to open a lot less ports which is good, e.g. ssh.
-
I look to be up and running. Like VPN services this would encrypt the data between the server and client right? So if I'm sharing stuff with a buddy's computer it should be unreadable to isp?
If it is the openediavault-openvpn plugin you just need to open udp 1194. Is there not a default address range in the settings for your virtual private network??? Yes on your ddns address. I used the VPN AS plugin more. Let me look on my RPi 2.
What did you mean by this?
-
Yes, it is encrypted so anything you send through the tunnel is protected. It is good to have client software on your mobile devices too. When you are at a wifi hot spot that is open (i.e. not encrypted) you can connect to your home vpn server. Then you can browse safely through your internet connection at your home via the encrypted tunnel.
I was just wondering what the default was for the VPN network and netmask. I saw it a bit later when I got on my RPi 2.
PS- The OpenVPN mobile app is called OpenVPN Connect (in the Google Play Store). You have to get the zipped cert file on your phone, unzip it and then import it. The is a drop down to import in that app. You can guide it to where you have those files.
-
gotcha. I appreciate the help.
-
This should be a Guide. Has everything for the OpenVPN plugin.
You cannot have both (openvpn & openvpn as) plugins installed at the same time!!!!
One more piece of info. on the mobile app. You can import multiple client certs for different servers in the OpenVPN Connect. Mine is setup for 3 servers currently, 2 openvpn as and 1 openvpn.
And have a nice day!!!
-
So on my network info widget I now have tun0 which i'm assuming thats normal because of the vpn. its speed is 10 Mbits/sec tho.. is there a way to open it up to 1000 ?
-
-
I appreciate it. i ended up finding it on my own.
I have another much more advanced question. Not sure if I should make a another thread. I have another NIC port on my mobo. How would I set it up so bttransmission always goes though an off site VPN that I pay for? Is there a way to shut it down if the vpn drops?
-
I don't torrent much. I did some testing here lately on some torrent clients but I'm not best person to ask on this. There are some posts on the forum though concerning getting your vpn to always go through a vpn service provider, which you know is different than using the OpenVPN server on your machine.
Yeah, make another topic.
PS- It is not complicated for me. There are just legal reasons I don't get into this.
-
I have three questions related to setting up OpenVPN:
1. For the DNS server section, is that used to assign the vpn client an internal IP address? I have a pi-hole DNS server running on the network at 192.168.1.185. Could I put that as the DNS server?
2. I got this warning in the OpenVPN logs. Is there any way to take this problem into account without messing with the IP addresses of my LAN?
NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
3. My friend told me that security best practices are setting up a firewall to autoblock IP addresses after 3 failed login attempts. Can I accomplish that from within the webgui, or do I use the CLI for that?
Thanks!
-
1. Yes.
2. You can use this in the VPN network Address for your clients: 10.8.0.0
3. Use Fail2Ban plugin.
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!