OpenVPN on DietPi (as DNS) and separate OMV Sever: can't connect to OMV :(

    • OMV 4.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • OpenVPN on DietPi (as DNS) and separate OMV Sever: can't connect :(

      New

      Hi there,

      I have some troubles setting up my Openvpn on a DietPie (running as DNS / PiHole) and a seperate OMV NAS.
      I'm trying to get the connection to the NAS (webGUI + SMB) via OpenVPN (except there's a better way?)
      What I still got working is acess to Internet via VPN and I can connect to Router (running on 192.168.xxx.1) und DietPi (192.168.xxx.2)

      What I've done so far:

      1. Setting up Router with
      - 192.168.xxx.2 as DNS-server
      - portfowarding of udp 1194 on 192.168.xxx.2
      - a route from 10.8.0.0 to 192.168.xxx.2

      2. Running OpenVPN on Dietpi with this config (comes from PiVPN):

      Source Code

      1. dev tun
      2. proto udp
      3. port 1194
      4. ca /etc/openvpn/easy-rsa/pki/ca.crt
      5. cert /etc/openvpn/easy-rsa/pki/issued/DietPi_7b1f0602-c12b-4152-adf3-bf1d69a4d9$
      6. key /etc/openvpn/easy-rsa/pki/private/DietPi_7b1f0602-c12b-4152-adf3-bf1d69a4d9$
      7. dh none
      8. topology subnet
      9. server 10.8.0.0 255.255.255.0
      10. # Set your primary domain name server address for clients
      11. push "dhcp-option DNS 192.168.xxx.1"
      12. #push "dhcp-option DNS 10.8.0.1"
      13. push "block-outside-dns"
      14. # Override the Client default gateway by using 0.0.0.0/1 and
      15. # 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
      16. # overriding but not wiping out the original default gateway.
      17. push "redirect-gateway def1"
      18. client-to-client
      19. keepalive 1800 3600
      20. remote-cert-tls client
      21. tls-version-min 1.2
      22. tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
      23. cipher AES-256-CBC
      24. auth SHA256
      25. user nobody
      26. group nogroup
      27. persist-key
      28. persist-tun
      29. crl-verify /etc/openvpn/crl.pem
      30. status /var/log/openvpn-status.log 20
      31. status-version 3
      32. syslog
      33. verb 3
      34. #DuplicateCNs allow access control on a less-granular, per user basis.
      35. #Remove # if you will manage access by user instead of device.
      36. #duplicate-cn
      37. #LAN Access
      38. push "route 192.168.xxx.0 255.255.255.0"
      Display All

      Router is defined as DNS in server.conf, but forwards to DietPi / PiHole on 192.168.xxx.2

      3. Iptables on OMV machine:

      Shell-Script

      1. #!/bin/sh
      2. iptables -A INPUT -i tun+ -j ACCEPT
      3. iptables -A FORWARD -i tun+ -j ACCEPT
      4. iptables -A INPUT -i tap+ -j ACCEPT
      5. iptables -A FORWARD -i tap+ -j ACCEPT
      6. # Allow packets from private subnets
      7. iptables -A INPUT -i eth1 -j ACCEPT
      8. iptables -A FORWARD -i eth1 -j ACCEPT
      9. # 192.168.xxx.0/24 = LAN
      10. iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
      11. echo 1 > /proc/sys/net/ipv4/ip_forward
      Display All

      If you have any ideas how to solve my problem, please let me know....

      Viele Grüße
      Martin