[DONE] Let's make the OpenVPN plugin update for OMV 5 happen

Yes.... Give me exact package it installs. We may be able to modify the plugin.

I am thinking it installed it from debian repo.

Yeah, here is package I used.

The 64 bit for Debian 7

http://openvpn.net/index.php/a…/113.html?osfamily=Debian

It would take some work but this package is way better. You get 2 licenses with it. So you only have to pay for more licenses if more then 2 ppl need to connect at once. The licenses are not expensive anyways.

PS- I don't think the openvpn package in the debian repo even has a web interface.

the service that is running the openvpn for it is called openvpnas.

Dude, it is ez. Just work. I've used OpenVPN a lot but never the Access Server. It is far better. You are right on the plex comparison. I have the weird issues figured out already. Note my post on ssl v2.

After messing with this I'm stoked. I gotta get something to eat. I ttyl.

Before I go...
yes you can configure server settings.
the admin user is: openvpn
you need to set password before you try to login web interface
passwd openvpn (then create pass)

login to web interface https://ipofyouromv:943/admin

in "server network setting" under protocol choose udp and use port 1194
in "server network settings" you need to disable ssl v2 at the bottom.

again the daemon runs as openvpnas.

openvpnAS not openvpnNAS IIRC.

Greetings
David

server certs location:
/usr/local/openvpn_as/etc/web-ssl

config location:
/usr/local/openvpn_as/etc/as.conf

There are certs for the server on install but I would not trust them. Should create new ones for your server. The client cert automatically created when the client has successfully authenticated against the pam server.

Also, for the iframe you should use this:

var link = 'https://' + location.hostname + ':943/admin';


me.html = "<iframe src='" + link + "' width='100%' height='100%' />";
        me.callParent(arguments);

The webmanagement page automantically binds to ipofyouromv. So it is similar to plex but https

That ssl v2 issue makes me think that shellinabox by default is allowing ssl v2. Maybe it can be disabled in the config.

Zitat von "tekkbebe"

My first impressions of this script are not good. Can someone that has installed it give me output of this:

iptables -L

The output for iptables -L is:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         


Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Another test: I have also a OpenVPN server installed like a OpenVZ container into mi PROXMOX VE 3.1 and i havent any problems with licences. I don´t understand the upper posts.

One OpenVZ containers repository (turnkeys) for OpenVPN is http://www.turnkeylinux.org/search/luceneapi_node/openvpn.

If we could implement into OMV OpenVZ -KVM- technology, we will have a great expansion tool.

We have a new Plugin Developer which probably will enable/enhance the docker support for OpenMediaVault. The Docker implementation allows it to easily manage Linux Containers. Those Containers can hold one service/process each in an encapsulated environment, where this environment can have independet libs (from the Host system) for this services.

Greetings
David

Forgot to mention:

In the "Server Network Settings" you need to put in your wan ip of your OpenVPN Access server for the hostname. If you are using a dyndns server because of dynamic ip put the dyndns hostname here:

Shows users connected, similar to status page on old plugin:

Also ports 1194 and 943 need to be forwarded from your router to your omv.

It's best Sub....

PS- If you downloaded the client software (which includes the profile and certs) with the user's web-ui @ https://wanipofyouromv:943 before all settings are correct you will have to uninstall the client on your client machine. The wan ip to which the client connects is contained in a profile file that is downloaded with the client software. This client file has some sort of security on it now and you cannot edit it even with admin privileges on say wordpad. So any setting needed to be edited in the client profile can no longer be edited by the client users on the client machine. Must be added security feature.

PPS- if you forget to turn off the multi daemon mode on the protocol section of the Server Network Settings above it will take out your https for the OMV web-gui as it is port 443 by default too. Also, almost all of us do not need the multi-daemon mode. This is for heavy vpn use by many users.

The iptables was just to see the forwarding rules. There are a lot of reasons the Access Server is better.

You can specify certain users to allow in seconds
You can deny users if they are not in the list
You can allow by group(s)
Some people may need to change ports on certain items. Much faster in the admin interface
You can change between routed and bridged vpn in 2 clicks
You can revoke certs
You can changer authentication methods
etc., etc., etc......

All this would be a pain in the ass with the script setup.

I looked at the repo a day ago....

I make it clear. You used the wrong package. The Access Server with the web interface is superior. That is the part that is wrong. A lot of code in the plugin can be elimated by this package.

Zitat von "ryecoaaron"

Try the plugin (plugin is beta). The groups and bridged vpn is the only things I think you can't do with the plugin. Maybe auth method too. Adding and removing users is very fast.

I do the procedure install and.....

Reading package lists...
Building dependency tree...

forever....................

Webgui hanged. System up & running. If reboot plugin is´nt into plugin list.

Thanks for everybody