Setting up openvpn

  • When I turn on OpenVPN on my asus router my network speeds slow down to a crawl...
    So I thought I would try to enable it on my server instead.
    All the guides I have found to set it up are for older plugins or via command line. from what I gather I need to enable, Oopen port 1194 on my router, do I was UDP or TCP? What do I want for my VPN address? DHCP options? Public address would be my ddns right?

  • If it is the openediavault-openvpn plugin you just need to open udp 1194. Is there not a default address range in the settings for your virtual private network??? Yes on your ddns address. I used the VPN AS plugin more. Let me look on my RPi 2.

  • I like the openvpn as because I can always set it up on any computer easy. I log into the UI and download/install the client software. It auotmatically installs the certs for my user. If you have used OpenVPN at all you should realize how nice this is. The big difference is the AS version is the pay version and they only let you use 2 free concurrent clients at a time. On my servers this is no big deal because I am only one accessing, same with my LAN in general. The community version lets you add as many clients as your like.

    VPN Network: (I think that is the default)
    put check mark in default gateway

    On DHCP options:
    DNS Server: ip of your router ( you do not need entry to domain search)

    Public address: is your ddns service address

  • At the top in plugin settings I have these after enable too:
    port 1194
    protocol udp
    use compression checked
    PAM authentication checked

    PS- Normally if you make any changes to the server settings you should download the client certs again. Delete the old certs from the client and insert the new ones.

  • You can create a special user. But you must do it in the Users section of OMV web gui. The server/client is using PAM authentication and that is why we are using the normal users. As long as there is no vpn user you can create one with that name. I don't think that name is used. To check just do this in command line:

    id vpn

  • I look to be up and running. Like VPN services this would encrypt the data between the server and client right? So if I'm sharing stuff with a buddy's computer it should be unreadable to isp?

    If it is the openediavault-openvpn plugin you just need to open udp 1194. Is there not a default address range in the settings for your virtual private network??? Yes on your ddns address. I used the VPN AS plugin more. Let me look on my RPi 2.

    What did you mean by this?

  • Yes, it is encrypted so anything you send through the tunnel is protected. It is good to have client software on your mobile devices too. When you are at a wifi hot spot that is open (i.e. not encrypted) you can connect to your home vpn server. Then you can browse safely through your internet connection at your home via the encrypted tunnel.

    I was just wondering what the default was for the VPN network and netmask. I saw it a bit later when I got on my RPi 2.

    PS- The OpenVPN mobile app is called OpenVPN Connect (in the Google Play Store). You have to get the zipped cert file on your phone, unzip it and then import it. The is a drop down to import in that app. You can guide it to where you have those files.

  • This should be a Guide. Has everything for the OpenVPN plugin.

    You cannot have both (openvpn & openvpn as) plugins installed at the same time!!!!

    One more piece of info. on the mobile app. You can import multiple client certs for different servers in the OpenVPN Connect. Mine is setup for 3 servers currently, 2 openvpn as and 1 openvpn.

    And have a nice day!!! :)

  • I appreciate it. i ended up finding it on my own.

    I have another much more advanced question. Not sure if I should make a another thread. I have another NIC port on my mobo. How would I set it up so bttransmission always goes though an off site VPN that I pay for? Is there a way to shut it down if the vpn drops?

  • I don't torrent much. I did some testing here lately on some torrent clients but I'm not best person to ask on this. There are some posts on the forum though concerning getting your vpn to always go through a vpn service provider, which you know is different than using the OpenVPN server on your machine.

    Yeah, make another topic.

    PS- It is not complicated for me. There are just legal reasons I don't get into this.

  • I have three questions related to setting up OpenVPN:

    1. For the DNS server section, is that used to assign the vpn client an internal IP address? I have a pi-hole DNS server running on the network at Could I put that as the DNS server?

    2. I got this warning in the OpenVPN logs. Is there any way to take this problem into account without messing with the IP addresses of my LAN?

    NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.

    3. My friend told me that security best practices are setting up a firewall to autoblock IP addresses after 3 failed login attempts. Can I accomplish that from within the webgui, or do I use the CLI for that?


Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!