Guide for Setting Remote Management

  • Hello,


    I have been looking for a guide to set up remote management securely on my OMV installation, but have not been successful. I have read about using OpenVPN but can't seem to find a post, document, or video that would guide me in accomplishing this. I need to be able to manage my installation from a remote location. Any pointers are appreciated.


    Thanks!

  • :( unfortunately ONLY for


    x86-64latest



    any ideas on what to do on arm, armhf ... based OMV installations?


    currently I am using the openvpn plugin, but it's a nightmare :thumbdown:

  • Hi @TechnoDadLife! I managed to follow your tutorial but I am encountering two issues. First, I can get Openvpn-as installed and connectable. However, after an unspecified amount of time, it is no longer accessible even though the Docker image is still running and DuckDNS is working fine. I have restarted the image and OMV server to no avail. The only way I have found to fix this is deleting the running image and creating a new one based on your steps. It then becomes accessible again for an unknow amount of time (but with new profiles that need download, etc.). Any idea why this might be happening? I would love to have it stable, but so far I have had to reinstall 4 times to get it back up and working. I reinstalled one day ago and it is still working.


    The other issue that I am having is that once I get it working (for whatever limited time) I am not really sure how to access my OMV admin panel, as well as other services running on the server and my network. I have tried https://myduckdnsname.duckdns.org:943/admin and I get nothing. I have also tried my actual IP and get the same. Is there something I may have missed during installation? I believe I followed all steps 100%. The OpenVPN application automatically assigns an IP in the 172.27.224.0 range. Not sure what else needs to be done or enabled to be able to reach and manage my OMV install.


    Thanks in advance for anyone's assistance.

  • Can you please define "securely" ?


    port forward from your router to the installation of OMV ( I assume it is https:// and you are not using default password) done
    Are you afraid of exposing OMV to internet ? Why? Change port for more obscurity

  • Can you please define "securely" ?


    port forward from your router to the installation of OMV ( I assume it is https:// and you are not using default password) done
    Are you afraid of exposing OMV to internet ? Why? Change port for more obscurity

    The security part is already taken care of with OpenVPN. The problem is that I still cannot figure out how to access my OMV admin panel. I can connect with OpenVPN (so far it has been running for 4 days without issues), but I am not sure if I am missing something that is causing me to not be able to access the admin page. I have followed @TechnoDadLife's guide completely.

  • To connect to your OMV via an OpenVPN connection, you need to use the local, private IP address of your OMV machine once you have established the VPN connection.


    Using the WAN address that your OMV is connected to, or any domain name that resolves to that address is incorrect.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Thank you @gderf for your response. I have tried my local OMV IP as "https://192.168.x.x:943/admin" when connected through OpenVPN and it still does not work. But then again, 192.168.x.x:943 is the OpenVPN address on my local network on OMV. Even if I do just https://192.168.x.x, I get nothing and that would be the address to my OMV. I am currently connected using OpenVPN and it is assigning me an IP in the 172.27.224.x range, which is apparently what it defaults to. Could this be the problem? Any other suggestions? Thank you.

  • You need to be using the same exact URL address that you would use when connecting from your LAN. Obfuscating private IP address with x.x is pointless, so stop doing that.


    You are trying this from another network such as a cell phone, right?


    If you can not ping your OMV private IP address thru the VPN, then something is wrong with a configuration. Did you set a port forward for the VPN in your router?


    If needed to to connect to my OMV web admin page from another network (and I don't need to do this) I would use ssh tunneling. It's much simpler and the ssh server is already installed and running.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    Einmal editiert, zuletzt von gderf ()

  • Yes, I am using the exact IP address that I use for connecting to my OMV from my LAN. I am also trying this from two totally different networks, including a cell phone. Both the cell phone and Windows clients can establish a connection to OpenVPN-as on my OMV server (I can confirm the clients are connected on the OpenVPN admin page). Port is forwarded in the router. Please see attached. These are the VPN settings for the OpenVPN server. Is the Routing part, private subnets, set correctly or does my local subnet need to be added there too?

  • In your VPN settings under routing you have 172.17.0.0/16. Where did that come from? I would have the private network of the machine there.


    But I do not use this VPN setup myself. If I needed inward VPN access to my network, it would be running on the router.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • In your VPN settings under routing you have 172.17.0.0/16. Where did that come from? I would have the private network of the machine there.


    But I do not use this VPN setup myself. If I needed inward VPN access to my network, it would be running on the router.

    @gderf: That address is added by the OpenVPN server. In your opinion, are there any specific advantages/disadvantages to having the OpenVPN running on the router vs. OMV? This may be something that I could also try. Thank you for your help.


    After reviewing all of the steps in the setup video and looking into other areas of the OpenVPN admin page, there is one thing that is missing from the video which I believe is critical for users to be able to access their OMV admin page. Under Configuration -> VPN Settings -> Routing, you need to specify the private subnets to which OpenVPN clients will have access to, otherwise any valid connection to the OpenVPN server will only have access to the OpenVPN-created network (172.27.224.0, see picture above). So basically, you need to add your local network and subnet mask in that box (e.g. 192.168.1.0/24, or whatever your local network address is). This should allow you to connect using OpenVPN and access your different internal IP addresses.


    My next step is to figure out how to use an SSL certificate created with the Letsencrypt Docker in OMV. I would like to first start with the OMV admin page, so that I can connect using https. I know how to switch to https, but cannot find a way to add the Letsencrypt certificate.

  • I already have a very capable router, I don't need to turn my OMV machine into another one. From my perspective, given the choice between running a VPN solution on the router or running it on a LAN machine, best practice would be to run it on the router.


    As for your desire to use an SSL certificate for connection to OMV, it won't hurt anything. But you already have end to end encryption being provided by OpenVPN.


    And as I previously suggested, an SSH tunnel would have provided a one line shell command solution to your problem of securely connecting to your OMV Admin page remotely.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

    Einmal editiert, zuletzt von gderf ()

  • Hi there.


    First thanks to everyone sharing their info in this matter!


    My first thought was using TeamViewer to remote control (can't get it to work, others also have issues with this. Something about TeamViewer host can't connect to router). But on second thought I think it's not convenient. So want to use OpenVPN.
    Have been reading and watching the videos in this threat.
    I'm using armhf, so the docker won't be an option. My modem doesn't support VPN.


    Externer Inhalt www.youtube.com
    Inhalte von externen Seiten werden ohne Ihre Zustimmung nicht automatisch geladen und angezeigt.
    Durch die Aktivierung der externen Inhalte erklären Sie sich damit einverstanden, dass personenbezogene Daten an Drittplattformen übermittelt werden. Mehr Informationen dazu haben wir in unserer Datenschutzerklärung zur Verfügung gestellt.


    Might do the trick, but i'm a beginner when it comes to security. Would like some advice end have some questions.


    Is it correct security-wise VPN is safer then SSH-tunneling with certificate? @gderf: U use VPN in router, and no SSH-tunneling, correct?
    Also setting up OpenVPN on OMV is possible (outside docker), but I guess it's not that safe (that's why use docker), right?
    As for the last option (when I started using OMV), I've been experimenting with it, and it's not most user-friendly in use. Also read somewhere that it doesn't work well with haugene-transmission-openvpn.
    Also want to access to this docker image remotely...


    It's not that I'm very concerned about my data on OMV, but don't like easy access to my home network for people with bad intentions.


    Again thanks for all the provided info here! And thanks in advance for anyone willing to clarify.

    ODROID-HC2 running OMV4
    ASUS F2A85-M LE running OMV4

    Einmal editiert, zuletzt von sm0ke () aus folgendem Grund: Added link to gderf and tried to improve my English :P

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!