OpenVPN - can't log in

  • Hello,


    I reinstall OMV from scratch to upgrade from PMV V3 to OMV 4 in the end of august.


    I add the plugin OpenVPN and I can't connect to the VPN neither with a mobile phone nor with my computer.
    With OMV V3, I have no problem, I install, configure user and all works fine.


    With OMV 4, I always have a timeout error.
    I don't modify my router configurationa nd the port 1194 is opened.
    I have no error during OpenVPN installation and/or configuration.


    How can I have an access to the OpenVPN error log from the OMV webinterface so I can't debug


    Is anyone have such a problem ?

  • is openvpn the official part of omv? If not...
    ...

    hmm,
    no idea what you mean. are there "unofficial" plugins?


    thats what I did:
    OMV3: install openvpn plugin (openmediavault-openvpn 3.0.6) via web plugin installer -> works perfectly
    OMV4: install openvpn plugin (openmediavault-openvpn 4.0.1) via web plugin installer -> does not work (see links in my above post)


    p.parker


    p.s.
    I havent tried the solution that solved the issue for gromgsxr.

    Odroid HC1 | HGST Travelstar 7K1000 | OMV 4.1.35-1 (Arrakis) | 4.14.94-odroidxu4

  • After poking a while to make this work and yes THIS thread helped a lot to figure out my problem. Could not find a tutorial for this at all but here it is my attempt of creating one:


    - First install the plugin (openmediavault-openvpn 4.0.1)

    SETTINGS:
    General settings:
    - Configure the plugin:
    - enable: true
    - port: 1194
    - use compression: true
    - PAM: true


    VPN network:
    - Address: 10.8.0.0
    - MASK: 255.255.255.0
    - Gateway interface: your internet interface (mine is ens5, but the interface is in the dropdown list just select the one connected to the internet)
    - Default gateway: true


    DHCP options
    everything is empty


    Public:
    - Public address: your IP or if NO-IP use your domain.ddns.net

    FIXING THE SERVER:
    - ssh into your server
    - cd /etc/openvpn/
    - nano server.conf
    - find in this file something like ;push "route 192.168.0.0 255.255.255.0" (the IP address can be different 192.xx.xx.xx)
    - in the above two things need to be changed first remove the ; if you have one in your config file, and than change the IP to the same VPN address 10.8.0.0
    - From this: ;push "route 192.168.0.0 255.255.255.0" to this: push "route 10.8.0.0 255.255.255.0"
    - restart the openvpn service: service openvpn status check if already started service openvpn stop, service openvpn status be sure it stopped, service openvpn start, service openvpn status be sure it started


    CERTIFICATES:
    - first create a user from left menu ACCESS RIGHTS MANAGEMENT -> User
    - navigate back to your openVPN -> certificates click on ADD and select the user and give it a common name and finally save.
    - select the user and click on DOWNLOAD CERTIFICATE
    - Extract the archive
    - in your VPN GUI import *.ovpn file


    IF BEHIND ROUTER:
    - if you have a router between your server and internet do not forget to open port 1194 UDP

  • Thx,
    i tried the changes on my server.
    The Port 1194 is opened for TCP and UDP.


    In my openvpn-software i got the error:
    Sat Oct 20 21:44:24 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Oct 20 21:44:24 2018 TLS Error: TLS handshake failed

  • Hi,I am trying to apply the solution in omv 4.1.3. and the server keeps responding "waiting for server".It's still working?Thank you.

  • Hi,I am trying to apply the solution in omv 4.1.3. and the server keeps responding "waiting for server".It's still working?Thank you.

    From what I remember this is no longer an issue in 4.1.3 as it was fixed and tested by multiple users.
    Can you post your config and your server.conf ?

  • Hello,My configuration is the following:



    port 1194
    proto udp
    dev tun
    ca "/etc/openvpn/pki/ca.crt"
    cert "/etc/openvpn/pki/issued/raspberrypi.crt"
    key "/etc/openvpn/pki/private/raspberrypi.key" # This file should be kept secret
    dh "/etc/openvpn/pki/dh.pem"
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "route 10.8.0.0 255.255.255.0"
    ifconfig-pool-persist ipp.txt
    ;push "route 169.254.0.0
    192.168.1.0 255.255.255.0"
    push "redirect-gateway def1 bypass-dhcp"
    ;client-to-client
    keepalive 10 120
    comp-lzo
    plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
    user nobody


    My config:


    - port: 1194
    - use compression: yes
    - PAM: yes


    VPN
    - Address: 10.8.0.0
    - MASK: 255.255.255.0
    - Gateway interface: enxb827eb691307
    - Default gateway: yes



    DHCP options
    empty



    Public:
    ****.ddns.net





    thanks for answering so fast.

  • thanks for answering so fast.


    Tested the plugin and for me it works, from the error message you are getting I do not think it is openvpn server issue it looks more like you can't reach your machine at all from your client.


    Is your server behind a router ? If yes than in your router you need to open port 1194 for server local IP in the network.


    For me it looks like this in my router:


    Screenshot from 2019-04-26 11-38-39.png

  • Same for me, please help.


    RE: Okey, i figured it, now it is working. :thumbup:

  • Hello,I could make it work. The problem was in the configuration of the raspberry network card.In Lan / interfaces I added VLAN and everything worked correctly.Thank you very much for answering.

  • I had to reconfigure my omv and now I can not get openvpn to work. :(


    I post my server.conf



    port 1194
    proto udp
    dev tun
    ca "/etc/openvpn/pki/ca.crt"
    cert "/etc/openvpn/pki/issued/raspberrypi.crt"
    key "/etc/openvpn/pki/private/raspberrypi.key" # This file should be kept secret
    dh "/etc/openvpn/pki/dh.pem"
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "route 10.8.0.0 255.255.255.0"
    ifconfig-pool-persist ipp.txt
    ;push "route 255.255.255.0"
    push "redirect-gateway def1 bypass-dhcp"
    ;client-to-client
    keepalive 10 120
    comp-lzo
    plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
    user nobody
    group nogroup


    port: 1194
    use compression: yes
    PAM: yes


    VPN


    Address: 10.8.0.0
    MASK: 255.255.255.0
    Gateway interface: enxb827eb691307
    Default gateway: yes


    DHCP options
    empty


    Public:
    ****.ddns.net
    Thanks,

  • My advice to you guys is to stop using this plugin, it does not work for me either, and it happens every time I update something on the server, so I chose to go the docker way.
    Fairly simple:
    https://hub.docker.com/r/kylemanna/openvpn


    open ssh terminal to your server and copy paste:


    OVPN_DATA="ovpn-data-myvpn"docker volume create --name $OVPN_DATA


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://DNS-SERVER.COM-OR-IP


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpkidocker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass


    - nopass if you just want to connect to your VPN server only with your *.ovpn file, or remove nopass for login with username - password


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn


    cat CLIENTNAME.ovpn


    copy the contents of this file on your host, text editor save as CLIENTNAME.ovpn than just connect.Works like a charm.

  • Thanks for the Link! Its working, but slow like hell -.- Server with OMV 4.1.22 is a Intel G4400 @3.30GHz - Internet Speed 1000/50, connected with OpenVPN (Android) Speedtest.net throws 3,94 mbps down and 13,5 Mbps upload at me *cry* G4400 CPU Usage ~5%


    Edit : Fixed with OpenVPN Server.config tuning. Now 48/45mbps

  • Hello,


    Could you please tell me if this also works with raspberry pi?


    Since the openVPN plugin won't work for me anymore after an omv update, I switched to docker and transmission-openVPN from the image "ledokun/armhr-docker-transmission-openvpn" and followed the instructions form techno dad life video "How to Install Transmission with VPN on Openmediavault with Docker". The problem is that I don't know how to configure openVPN in that docker container... for the moment it does not work for me.


    I only use VPN to access my network from outside... so I have no custom VPN provider and since the plugin is dead I want to switch to docker.

  • I would NOT enable compression. It is a known vulnerability in OpenVPN. Straight from the developers of OpenVPN: "For now, it is advised that users of the OpenVPN Access Server and the OpenVPN Connect Client software disable the use of compression."

    Is this old airplane safe to fly? How in the world do you think it got to be this old?

  • When I had the openVPN plugin up and running I could put all those settings as you wrote above... and indeed they work. Now with the docker and openvpn I dont know where to put the setting and how to configure openvpn with docker for Raspberry pi.


    I am also a beginner with omv, rpi, linux :)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!