OpenVPN - can't log in

    • OMV 4.x
    • OpenVPN - can't log in

      Hello,

      I reinstall OMV from scratch to upgrade from PMV V3 to OMV 4 in the end of august.

      I add the plugin OpenVPN and I can't connect to the VPN neither with a mobile phone nor with my computer.
      With OMV V3, I have no problem, I install, configure user and all works fine.

      With OMV 4, I always have a timeout error.
      I don't modify my router configurationa nd the port 1194 is opened.
      I have no error during OpenVPN installation and/or configuration.

      How can I have an access to the OpenVPN error log from the OMV webinterface so I can't debug

      Is anyone have such a problem ?
    • Mr.Grape wrote:

      is openvpn the official part of omv? If not...
      ...
      hmm,
      no idea what you mean. are there "unofficial" plugins?

      thats what I did:
      OMV3: install openvpn plugin (openmediavault-openvpn 3.0.6) via web plugin installer -> works perfectly
      OMV4: install openvpn plugin (openmediavault-openvpn 4.0.1) via web plugin installer -> does not work (see links in my above post)

      p.parker

      p.s.
      I havent tried the solution that solved the issue for gromgsxr.
      Odroid HC1 | HGST Travelstar 7K1000 | OMV 4.1.20-1 (Arrakis) | 4.14.94-odroidxu4
    • After poking a while to make this work and yes THIS thread helped a lot to figure out my problem. Could not find a tutorial for this at all but here it is my attempt of creating one:

      - First install the plugin (openmediavault-openvpn 4.0.1)

      SETTINGS:
      General settings:
      - Configure the plugin:
      - enable: true
      - port: 1194
      - use compression: true
      - PAM: true

      VPN network:
      - Address: 10.8.0.0
      - MASK: 255.255.255.0
      - Gateway interface: your internet interface (mine is ens5, but the interface is in the dropdown list just select the one connected to the internet)
      - Default gateway: true

      DHCP options
      everything is empty

      Public:
      - Public address: your IP or if NO-IP use your domain.ddns.net

      FIXING THE SERVER:
      - ssh into your server
      - cd /etc/openvpn/
      - nano server.conf
      - find in this file something like ;push "route 192.168.0.0 255.255.255.0" (the IP address can be different 192.xx.xx.xx)
      - in the above two things need to be changed first remove the ; if you have one in your config file, and than change the IP to the same VPN address 10.8.0.0
      - From this: ;push "route 192.168.0.0 255.255.255.0" to this: push "route 10.8.0.0 255.255.255.0"
      - restart the openvpn service: service openvpn status check if already started service openvpn stop, service openvpn status be sure it stopped, service openvpn start, service openvpn status be sure it started

      CERTIFICATES:
      - first create a user from left menu ACCESS RIGHTS MANAGEMENT -> User
      - navigate back to your openVPN -> certificates click on ADD and select the user and give it a common name and finally save.
      - select the user and click on DOWNLOAD CERTIFICATE
      - Extract the archive
      - in your VPN GUI import *.ovpn file

      IF BEHIND ROUTER:
      - if you have a router between your server and internet do not forget to open port 1194 UDP
      Theme changer tool: Unofficial OMV Theme Changer tool, css themes and UI manipulation
      Theme changer plugin: OMV-Theme plugin, theme changer and UI customisation

      omv-theme repo: github.com/virgil-av/omv-theme
      openmediavault-theme repo: github.com/virgil-av/openmediavault-theme

      If you appreciate what i do just smash that like

      The post was edited 2 times, last by Virgil.A ().

    • Thx,
      i tried the changes on my server.
      The Port 1194 is opened for TCP and UDP.

      In my openvpn-software i got the error:
      Sat Oct 20 21:44:24 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Sat Oct 20 21:44:24 2018 TLS Error: TLS handshake failed
    • Virgil.A wrote:

      After poking a while to make this work and yes THIS thread helped a lot to figure out my problem. Could not find a tutorial for this at all but here it is my attempt of creating one:

      - First install the plugin (openmediavault-openvpn 4.0.1)

      SETTINGS:
      General settings:
      - Configure the plugin:
      - enable: true
      - port: 1194
      - use compression: true
      - PAM: true

      VPN network:
      - Address: 10.8.0.0
      - MASK: 255.255.255.0
      - Gateway interface: your internet interface (mine is ens5, but the interface is in the dropdown list just select the one connected to the internet)
      - Default gateway: true

      DHCP options
      everything is empty

      Public:
      - Public address: your IP or if NO-IP use your domain.ddns.net

      FIXING THE SERVER:
      - ssh into your server
      - cd /etc/openvpn/
      - nano server.conf
      - find in this file something like ;push "route 192.168.0.0 255.255.255.0" (the IP address can be different 192.xx.xx.xx)
      - in the above two things need to be changed first remove the ; if you have one in your config file, and than change the IP to the same VPN address 10.8.0.0
      - From this: ;push "route 192.168.0.0 255.255.255.0" to this: push "route 10.8.0.0 255.255.255.0"
      - restart the openvpn service: service openvpn status check if already started service openvpn stop, service openvpn status be sure it stopped, service openvpn start, service openvpn status be sure it started

      CERTIFICATES:
      - first create a user from left menu ACCESS RIGHTS MANAGEMENT -> User
      - navigate back to your openVPN -> certificates click on ADD and select the user and give it a common name and finally save.
      - select the user and click on DOWNLOAD CERTIFICATE
      - Extract the archive
      - in your VPN GUI import *.ovpn file

      IF BEHIND ROUTER:
      - if you have a router between your server and internet do not forget to open port 1194 UDP

      Virgil.A wrote:

      After poking a while to make this work and yes THIS thread helped a lot to figure out my problem. Could not find a tutorial for this at all but here it is my attempt of creating one:

      - First install the plugin (openmediavault-openvpn 4.0.1)

      SETTINGS:
      General settings:
      - Configure the plugin:
      - enable: true
      - port: 1194
      - use compression: true
      - PAM: true

      VPN network:
      - Address: 10.8.0.0
      - MASK: 255.255.255.0
      - Gateway interface: your internet interface (mine is ens5, but the interface is in the dropdown list just select the one connected to the internet)
      - Default gateway: true

      DHCP options
      everything is empty

      Public:
      - Public address: your IP or if NO-IP use your domain.ddns.net

      FIXING THE SERVER:
      - ssh into your server
      - cd /etc/openvpn/
      - nano server.conf
      - find in this file something like ;push "route 192.168.0.0 255.255.255.0" (the IP address can be different 192.xx.xx.xx)
      - in the above two things need to be changed first remove the ; if you have one in your config file, and than change the IP to the same VPN address 10.8.0.0
      - From this: ;push "route 192.168.0.0 255.255.255.0" to this: push "route 10.8.0.0 255.255.255.0"
      - restart the openvpn service: service openvpn status check if already started service openvpn stop, service openvpn status be sure it stopped, service openvpn start, service openvpn status be sure it started

      CERTIFICATES:
      - first create a user from left menu ACCESS RIGHTS MANAGEMENT -> User
      - navigate back to your openVPN -> certificates click on ADD and select the user and give it a common name and finally save.
      - select the user and click on DOWNLOAD CERTIFICATE
      - Extract the archive
      - in your VPN GUI import *.ovpn file

      IF BEHIND ROUTER:
      - if you have a router between your server and internet do not forget to open port 1194 UDP
      Hi,I am trying to apply the solution in omv 4.1.3. and the server keeps responding "waiting for server".It's still working?Thank you.
    • peluka82 wrote:

      Hi,I am trying to apply the solution in omv 4.1.3. and the server keeps responding "waiting for server".It's still working?Thank you.
      From what I remember this is no longer an issue in 4.1.3 as it was fixed and tested by multiple users.
      Can you post your config and your server.conf ?
      Theme changer tool: Unofficial OMV Theme Changer tool, css themes and UI manipulation
      Theme changer plugin: OMV-Theme plugin, theme changer and UI customisation

      omv-theme repo: github.com/virgil-av/omv-theme
      openmediavault-theme repo: github.com/virgil-av/openmediavault-theme

      If you appreciate what i do just smash that like
    • Hello,My configuration is the following:


      port 1194
      proto udp
      dev tun
      ca "/etc/openvpn/pki/ca.crt"
      cert "/etc/openvpn/pki/issued/raspberrypi.crt"
      key "/etc/openvpn/pki/private/raspberrypi.key" # This file should be kept secret
      dh "/etc/openvpn/pki/dh.pem"
      topology subnet
      server 10.8.0.0 255.255.255.0
      push "route 10.8.0.0 255.255.255.0"
      ifconfig-pool-persist ipp.txt
      ;push "route 169.254.0.0
      192.168.1.0 255.255.255.0"
      push "redirect-gateway def1 bypass-dhcp"
      ;client-to-client
      keepalive 10 120
      comp-lzo
      plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
      user nobody

      My config:

      - port: 1194
      - use compression: yes
      - PAM: yes

      VPN
      - Address: 10.8.0.0
      - MASK: 255.255.255.0
      - Gateway interface: enxb827eb691307
      - Default gateway: yes


      DHCP options
      empty


      Public:
      ****.ddns.net




      thanks for answering so fast.

      The post was edited 1 time, last by peluka82 ().

    • peluka82 wrote:

      thanks for answering so fast.

      Tested the plugin and for me it works, from the error message you are getting I do not think it is openvpn server issue it looks more like you can't reach your machine at all from your client.

      Is your server behind a router ? If yes than in your router you need to open port 1194 for server local IP in the network.

      For me it looks like this in my router:

      Theme changer tool: Unofficial OMV Theme Changer tool, css themes and UI manipulation
      Theme changer plugin: OMV-Theme plugin, theme changer and UI customisation

      omv-theme repo: github.com/virgil-av/omv-theme
      openmediavault-theme repo: github.com/virgil-av/openmediavault-theme

      If you appreciate what i do just smash that like
    • RudiSH wrote:

      Thx,
      i tried the changes on my server.
      The Port 1194 is opened for TCP and UDP.

      In my openvpn-software i got the error:
      Sat Oct 20 21:44:24 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Sat Oct 20 21:44:24 2018 TLS Error: TLS handshake failed

      Same for me, please help.

      RE: Okey, i figured it, now it is working. :thumbup:

      The post was edited 1 time, last by Dash_007 ().

    • Virgil.A wrote:

      peluka82 wrote:

      thanks for answering so fast.
      Tested the plugin and for me it works, from the error message you are getting I do not think it is openvpn server issue it looks more like you can't reach your machine at all from your client.

      Is your server behind a router ? If yes than in your router you need to open port 1194 for server local IP in the network.

      For me it looks like this in my router:


      Hello,I could make it work. The problem was in the configuration of the raspberry network card.In Lan / interfaces I added VLAN and everything worked correctly.Thank you very much for answering.
    • I had to reconfigure my omv and now I can not get openvpn to work. :(

      I post my server.conf


      port 1194
      proto udp
      dev tun
      ca "/etc/openvpn/pki/ca.crt"
      cert "/etc/openvpn/pki/issued/raspberrypi.crt"
      key "/etc/openvpn/pki/private/raspberrypi.key" # This file should be kept secret
      dh "/etc/openvpn/pki/dh.pem"
      topology subnet
      server 10.8.0.0 255.255.255.0
      push "route 10.8.0.0 255.255.255.0"
      ifconfig-pool-persist ipp.txt
      ;push "route 255.255.255.0"
      push "redirect-gateway def1 bypass-dhcp"
      ;client-to-client
      keepalive 10 120
      comp-lzo
      plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
      user nobody
      group nogroup

      port: 1194
      use compression: yes
      PAM: yes

      VPN

      Address: 10.8.0.0
      MASK: 255.255.255.0
      Gateway interface: enxb827eb691307
      Default gateway: yes

      DHCP options
      empty

      Public:
      ****.ddns.net
      Thanks,
    • My advice to you guys is to stop using this plugin, it does not work for me either, and it happens every time I update something on the server, so I chose to go the docker way.
      Fairly simple:
      hub.docker.com/r/kylemanna/openvpn

      open ssh terminal to your server and copy paste:

      OVPN_DATA="ovpn-data-myvpn"docker volume create --name $OVPN_DATA

      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://DNS-SERVER.COM-OR-IP

      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpkidocker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass

      - nopass if you just want to connect to your VPN server only with your *.ovpn file, or remove nopass for login with username - password

      docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

      cat CLIENTNAME.ovpn

      copy the contents of this file on your host, text editor save as CLIENTNAME.ovpn than just connect.Works like a charm.
      Theme changer tool: Unofficial OMV Theme Changer tool, css themes and UI manipulation
      Theme changer plugin: OMV-Theme plugin, theme changer and UI customisation

      omv-theme repo: github.com/virgil-av/omv-theme
      openmediavault-theme repo: github.com/virgil-av/openmediavault-theme

      If you appreciate what i do just smash that like
    • Thanks for the Link! Its working, but slow like hell -.- Server with OMV 4.1.22 is a Intel G4400 @3.30GHz - Internet Speed 1000/50, connected with OpenVPN (Android) Speedtest.net throws 3,94 mbps down and 13,5 Mbps upload at me *cry* G4400 CPU Usage ~5%

      Edit : Fixed with OpenVPN Server.config tuning. Now 48/45mbps

      The post was edited 1 time, last by Troox ().