OpenVPN + PIA - Complete Idiots Guide?

    • OMV 4.x
    • Resolved

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • OpenVPN + PIA - Complete Idiots Guide?

      Good evening all,

      My OMV 4.x box has been purring away quite happily for the last few months, even has it's first storage drive and is actually doing something at last!

      I would like to connect it to my Private Internet Access VPN to use it as a centralised Transmission hub, but I've no idea where to start.

      Does anyone have a complete idiots guide to doing such a thing?

      Thanks in advance.

      Sui
      OMV 4.x - D975XBX2 - Xeon X3220 - 4GB ECC Samsung DDR2 800MHz - Syba SI-PEX40064 SATA3 Card - 64GB Drevo SSD Boot Drive - Other drives...work in progress :rolleyes:
    • Seeing as no one seems to be willing to step forward with the "Complete Idiots Guide to Setting Up OpenVPN On OpenMediaVault", I've had to go ahead & write my own.

      I hope this helps anyone who, like myself, is a Linux novice and a OMV noob.

      1. Install OpenVPN on your OMV system, either directly or via SSH
        apt-get install openvpn
      2. Download the configuration files for your particular VPN (in my case PIA) using wget, they should be available from your providers website
        Please note that the following URL is for the secure PIA OpenVPN files, if you are not using PIA these will be of no use to you, but I'm leaving the URL in as an example.
        wget https://www.privateinternetaccess.com/openvpn/openvpn-strong.zip
      3. In my case, I had to install unzip to extract the contents of the .zip archive
        apt-get install unzip
        I then made a directory to extract the files to
        mkdir ~/<directory_name>
        and extracted with
        unzip <filename>.zip -d ~/<directory_name>
        Your mileage may vary here, as you might have downloaded your OpenVPN configuration files archived in a different way.
      4. Change directory to where you just extracted the files to
        cd ~/<directory_name>
      5. Copy the .crt and .pem files, as well as the .ovpn file of your choice to /etc/openvpn
        cp <filename>.crt <filename>.pem <filename>.ovpn /etc/openvpn
      6. Make a file to store your VPN login information in
        nano /etc/openvpn .secrets
        and enter your username and password into it in order
        <username>
        <password>
        save and exit nano
      7. Open the .ovpn file you copied using nano and change the line
        auth-user-pass
        to
        auth-user-pass .secrets
      8. Rename the .ovpn file to .conf
        mv <filename>.ovpn <filename>.conf
      9. You can test your OpenVPN connection at this point by running
        openvpn --config <your_config>.conf
      10. If you want your OpenVPN connection to run at startup, add the following systemd entry
        systemctl enable openvpn@<name_of_your_conf_file>.service
      11. Reload systemd
        systemctl daemon-reload
        and start OpenVPN service
        service openvpn start
      Reboot your system, and your OpenVPN connection should automatically start.

      This is my very first tutorial on anything Linux wise, so I hope the format and instructions are clear enough, and I really hope it helps someone out.

      Sui
      OMV 4.x - D975XBX2 - Xeon X3220 - 4GB ECC Samsung DDR2 800MHz - Syba SI-PEX40064 SATA3 Card - 64GB Drevo SSD Boot Drive - Other drives...work in progress :rolleyes:

      The post was edited 1 time, last by Sui_Generis ().

    • Unfortunately, i don't use openvpn so I couldn't help. But your instructions look good to me. We appreciate when people write guides like this :)
      omv 4.1.22 arrakis | 64 bit | 4.15 proxmox kernel | omvextrasorg 4.1.15
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • I did something similar, for some reason my searches didn't bring up this thread
      all outgoing traffic goes on the tunnel, everything local stays local. I've quoted the instructions I used from PIA for posterity.

      key words: private internet access, openvpn, transmission, pia

      First I followed the directions at this link privateinternetaccess.com/arch…mment/33974#Comment_33974 except I didn't run it.


      Winston wrote:

      How to install OpenVPN via command line
      ====================================
      - Open a terminal window and do the following steps to install and connect to PIA VPN via OpenVPN

      - Install OpenVPN with the following command
      sudo apt-get install openvpn

      - Change to the /etc/openvpn directory with the following command
      cd /etc/openvpn

      - Download the openvpn.zip file containing the configs and the certs with the following command
      sudo wget privateinternetaccess.com/openvpn/openvpn.zip

      - Install unzip to decompress the file with the following command
      sudo apt-get install unzip

      - Decompress the openvpn.zip file with the following command
      sudo unzip openvpn.zip

      - List the contents of the directory (see a list of the server config files) with the following command
      ls -l

      - Start a connection to the PIA VPN with openvpn and the chosen config file with the following command
      sudo openvpn "config-filename-goes-here.ovpn"

      Example:
      sudo openvpn "Sweden.ovpn"
      then I followed the instructions at this link privateinternetaccess.com/arch…e-start-at-boot-linux-vpn
      it isn't clear but the author intends the file to be in /etc/init.d/ and have it named "vpn" . Because my ovpn file had spaces in the name I copied it to be another easier to use name.

      ukd wrote:

      The explanations of how to access PIA VPN elsewhere on this forum are great, especially here (including lots more useful information in the comments). However, they don't contain quite all the pieces to run a headless server that sets up a VPN at boot, so I'm including some extra hints. This is tested on Debian.

      Install openvpn as per WinstonSmith's instructions for the command line. You can now start and stop the VPN manually, entering your PIA username and password each time.

      Next step is to connect without providing credentials interactively. To do this, edit the .ovpn file you are using to connect. Change the line

      auth-users-pass

      to

      auth-users-pass .secrets

      then create a text file in the same directory called .secrets and in it place your username and password on the first and second lines respectively. Make sure you protect this information from other users on your system with

      chmod 600 .secrets

      Now, if you run the command as before, eg

      openvpn 'US New York.ovpn'

      then it should connect without asking you anything.

      Lastly, to run this at boot time, openvpn needs to be run from a script along the lines of this:

      #!/bin/sh

      exec 1>/var/log/vpn 2>&1

      case "$1" in
      start)
      echo "Connecting to PIA VPN "
      /usr/sbin/openvpn --config /path/to/config.ovpn &
      ;;
      stop)
      echo "Closing connection to PIA VPN "
      killall openvpn
      ;;
      *)
      echo "Usage: /etc/init.d/vpn {start|stop}"
      exit 1
      ;;
      esac

      exit 0

      Fill in the red fields for your system. If you (as root) place this script in /etc/init.d/ (for Slackware check out /etc/rc.d/) and then run

      update-rc.d vpn defaults

      then this will be added to your boot sequence. (This command is Debian specific.)

      At this point you also have to fully specify the paths in your .opvn file as it is now being run from a script without context.

      The script logs to /var/log/vpn

      Hope this is useful to someone.

      At first I was going to try to make only certain apps use the VPN and thought that I had to enable the VPN per app but it turns out that once the VPN client is running all outgoing traffic runs on the VPN. I'm good with that.

      Transmission won't work out of the box though you have to hunt for a setting - Micro Transport Protocol (µTP) ---- Enable µTP. should be disabled.

      to test if my VPN was working I did two things.

      from the command line I did wget http://wtfismyip.com/text this downloads a text with the ip address used to connect.

      then I went to https://torguard.net/checkmytorrentipaddress.php, grabbed the magnetic link and uploaded it to Transmission. This will tell you the IP address Transmission is using.
    • How hard would it be to make a module out of this?
      it would have to do the following;
      1. install open-vpn
      2. download and extract all the conf files from PIA (i imagine other providers may be similar)
      3. store the user pass in a txt file
      4. modify selected config file to point to the user/pass file (change 2 lines) (i would copy the selected file naming it something friendly and modify that)
      5. create the shell script to run the vpn software with the selected config file
      6. be able to turn off/disable/uninstall the vpn software
      7. test the connection (use wget http://wtfismyip.com/text and display the text).