Setup OMV as a VPN Client

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Setup OMV as a VPN Client

      From what I can tell the OpenVPN plugin is used to make a secure connection INTO OMV but what I want to do is connect my OMV install to utilize my VPN provider.

      On the arch desktop this was easy as I just clicked on network>vpn>add connection.

      On OMV I am not confident in what I am supposed to do nor are my searches pulling up anything other than OpenVPN setups.

      Thanks!
    • Your VPN provider should have instructions available to configure your machine as a client to connect to their network. So long as OMV has a suitable client program, this should be no problem, but you will probably have to configure it by hand.
      --
      Google is your friend and Bob's your uncle!

      OMV 4.x - ASRock Rack C2550D4I - 16GB ECC - Silverstone DS380
    • So what I did was:

      1. ssh into the box
      2. wget the openvpn file
      3. openvpn --config 'openvpnconfig.opvn'

      Connected and asked for my username and password.

      This is OK but not ideal as every time it restarts id have to do this and I believe I have to keep the terminal/ssh connection open.

      Still digging but progress is being made.
    • Do you intend to use your NAS as a gateway?
      If so, you have also to deal with routing to pass the internet traffic from and to you local network.
      I'm using my NAS as a gateway because my TP-Link routers are just too slow to deal with 256-Bit AES encryption.

      However, you have to create a client.conf which could look like this:

      Source Code

      1. client
      2. dev tun
      3. proto udp
      4. remote
      5. cipher AES-256-CBC
      6. auth SHA256
      7. resolv-retry infinite
      8. nobind
      9. persist-key
      10. persist-tun
      11. mute-replay-warnings
      12. verb 3
      13. auth-user-pass /etc/openvpn/.usr
      14. reneg-sec 0
      15. remote-cert-tls server
      16. tls-version-min 1.2
      17. key-direction 0
      Display All
      The path after auth-user-pass defines a file where you username and password is stored.

      The post was edited 1 time, last by thor17 ().

    • The NAS is the only device to be 100% on the VPN at all times.

      The client.conf is neat but I don't see where/how I would set this command [openvpn --config 'openvpnconfig.opvn'] to be run all times and when it asks for the username/password where I would point it to the client.conf.

      Thanks everyone for the help!
    • subzero79 wrote:

      If this is omv3 the place openvpnconfig.ovpn file in /etc/openvpn/ folder

      And rename it to openvpnconfig.conf

      Run

      systemctl enable openvpn@openvpnconfig.service

      Reboot see if it running now at start

      My server @hetzner runs a pfSense and my local lan connects to it via Fritzbox IPsec VPN. But 7490 FB are slow stuff. Dual core with no core spanning the vpn makes a max of 8mbyte/s, it would be oky on a 16/2 DSL but my DSL offers 100/40 so I would like to have the 100 due to the backups I suck from machines in the @hetzner lan. Currently I backup 1 machine a night, and it runs most of the night.

      So I want to move my VPN bridge from FritzBox to my OMV Server (a HP ProLiant Micro Gen 8 pimped to the max) where the VPN Service does have a much thicker power bucket to draw from. And the machine @hetzner is almost in idle 23,5h/day.... IMHO it makes sense to move that bridge endpoint from the FB to OMV.

      I did:

      on my pfSense @hetzner I registerd a oVPN Server with certs and created a user for the OMV. (following the pfSense2android guide on got-tty.org,as i was doing it for my android in the first place) Android device works fine pings go through from @hetzner local lan to vpn device and I have my extension from my Freepbx working proberly on my android now.

      created an .ovpn file in pfSense

      safe it to /etc/openvpn (not in the tempting sub dir named "client"! it needs to be in /etc/openvpn)

      renamend it to: "OMV2host.conf"

      executed: "systemclt enable openvpn@OMV2host.service && systemcl start openvpn@OMV2host.service && systemctl status openvpn@OMV2host.service"

      got some minor red flags for not supported DNS settings.

      So now I have static routes on the OMV to my vpn site (pushed by the server)

      from the cli of OMV I sucessfully pinged the pfSense (vpn server) and also the machines in the lan the pfSens runs locally. (both ways back and forth between the @hetzner local lan and the OMV sucessfully)

      But I cant access the pfSense from a Virtualbox Machine on OMV...?
      I cant load the web page of the pfSense from anything attached to the OMV.

      Traceroute brings up asterisks (*) after the pfSense what ever I trace.

      I added routes in my local fritzbox for the vpn network pointing to the OMV

      I cant ping thos networks from any local client.


      Sitting in bed beiing sick and changing simple stuff is no good idea, help me please, what am I missing?

      Thanks
    • i found this guid

      s55ma.radioamater.si/2018/10/2…tworks-behind-vpn-client/

      this did the trick....

      Shell-Script

      1. sysctl -w net.ipv4.ip_forward=1
      2. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
      3. iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

      edit:

      just remember if you use eth0 or bond0, it stalled me, until i searched for tun2bond and rememberd i did copy paste eth instead of bond....

      so actually its this.

      Source Code

      1. sysctl -w net.ipv4.ip_forward=1
      2. iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE
      3. iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
      Question is: how do i make it sticky.

      The post was edited 2 times, last by mannebk ().