OpenVPN - can't log in

  • Hello,


    I reinstall OMV from scratch to upgrade from PMV V3 to OMV 4 in the end of august.


    I add the plugin OpenVPN and I can't connect to the VPN neither with a mobile phone nor with my computer.
    With OMV V3, I have no problem, I install, configure user and all works fine.


    With OMV 4, I always have a timeout error.
    I don't modify my router configurationa nd the port 1194 is opened.
    I have no error during OpenVPN installation and/or configuration.


    How can I have an access to the OpenVPN error log from the OMV webinterface so I can't debug


    Is anyone have such a problem ?

  • is openvpn the official part of omv? If not...
    ...

    hmm,
    no idea what you mean. are there "unofficial" plugins?


    thats what I did:
    OMV3: install openvpn plugin (openmediavault-openvpn 3.0.6) via web plugin installer -> works perfectly
    OMV4: install openvpn plugin (openmediavault-openvpn 4.0.1) via web plugin installer -> does not work (see links in my above post)


    p.parker


    p.s.
    I havent tried the solution that solved the issue for gromgsxr.

  • After poking a while to make this work and yes THIS thread helped a lot to figure out my problem. Could not find a tutorial for this at all but here it is my attempt of creating one:


    - First install the plugin (openmediavault-openvpn 4.0.1)

    SETTINGS:
    General settings:
    - Configure the plugin:
    - enable: true
    - port: 1194
    - use compression: true
    - PAM: true


    VPN network:
    - Address: 10.8.0.0
    - MASK: 255.255.255.0
    - Gateway interface: your internet interface (mine is ens5, but the interface is in the dropdown list just select the one connected to the internet)
    - Default gateway: true


    DHCP options
    everything is empty


    Public:
    - Public address: your IP or if NO-IP use your domain.ddns.net

    FIXING THE SERVER:
    - ssh into your server
    - cd /etc/openvpn/
    - nano server.conf
    - find in this file something like ;push "route 192.168.0.0 255.255.255.0" (the IP address can be different 192.xx.xx.xx)
    - in the above two things need to be changed first remove the ; if you have one in your config file, and than change the IP to the same VPN address 10.8.0.0
    - From this: ;push "route 192.168.0.0 255.255.255.0" to this: push "route 10.8.0.0 255.255.255.0"
    - restart the openvpn service: service openvpn status check if already started service openvpn stop, service openvpn status be sure it stopped, service openvpn start, service openvpn status be sure it started


    CERTIFICATES:
    - first create a user from left menu ACCESS RIGHTS MANAGEMENT -> User
    - navigate back to your openVPN -> certificates click on ADD and select the user and give it a common name and finally save.
    - select the user and click on DOWNLOAD CERTIFICATE
    - Extract the archive
    - in your VPN GUI import *.ovpn file


    IF BEHIND ROUTER:
    - if you have a router between your server and internet do not forget to open port 1194 UDP

  • Thx,
    i tried the changes on my server.
    The Port 1194 is opened for TCP and UDP.


    In my openvpn-software i got the error:
    Sat Oct 20 21:44:24 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Sat Oct 20 21:44:24 2018 TLS Error: TLS handshake failed

  • Hi,I am trying to apply the solution in omv 4.1.3. and the server keeps responding "waiting for server".It's still working?Thank you.

  • Hi,I am trying to apply the solution in omv 4.1.3. and the server keeps responding "waiting for server".It's still working?Thank you.

    From what I remember this is no longer an issue in 4.1.3 as it was fixed and tested by multiple users.
    Can you post your config and your server.conf ?

  • Hello,My configuration is the following:



    port 1194
    proto udp
    dev tun
    ca "/etc/openvpn/pki/ca.crt"
    cert "/etc/openvpn/pki/issued/raspberrypi.crt"
    key "/etc/openvpn/pki/private/raspberrypi.key" # This file should be kept secret
    dh "/etc/openvpn/pki/dh.pem"
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "route 10.8.0.0 255.255.255.0"
    ifconfig-pool-persist ipp.txt
    ;push "route 169.254.0.0
    192.168.1.0 255.255.255.0"
    push "redirect-gateway def1 bypass-dhcp"
    ;client-to-client
    keepalive 10 120
    comp-lzo
    plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
    user nobody


    My config:


    - port: 1194
    - use compression: yes
    - PAM: yes


    VPN
    - Address: 10.8.0.0
    - MASK: 255.255.255.0
    - Gateway interface: enxb827eb691307
    - Default gateway: yes



    DHCP options
    empty



    Public:
    ****.ddns.net





    thanks for answering so fast.

  • thanks for answering so fast.


    Tested the plugin and for me it works, from the error message you are getting I do not think it is openvpn server issue it looks more like you can't reach your machine at all from your client.


    Is your server behind a router ? If yes than in your router you need to open port 1194 for server local IP in the network.


    For me it looks like this in my router:


    Screenshot from 2019-04-26 11-38-39.png

  • Same for me, please help.


    RE: Okey, i figured it, now it is working. :thumbup:

  • Hello,I could make it work. The problem was in the configuration of the raspberry network card.In Lan / interfaces I added VLAN and everything worked correctly.Thank you very much for answering.

  • I had to reconfigure my omv and now I can not get openvpn to work. :(


    I post my server.conf



    port 1194
    proto udp
    dev tun
    ca "/etc/openvpn/pki/ca.crt"
    cert "/etc/openvpn/pki/issued/raspberrypi.crt"
    key "/etc/openvpn/pki/private/raspberrypi.key" # This file should be kept secret
    dh "/etc/openvpn/pki/dh.pem"
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "route 10.8.0.0 255.255.255.0"
    ifconfig-pool-persist ipp.txt
    ;push "route 255.255.255.0"
    push "redirect-gateway def1 bypass-dhcp"
    ;client-to-client
    keepalive 10 120
    comp-lzo
    plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so login
    user nobody
    group nogroup


    port: 1194
    use compression: yes
    PAM: yes


    VPN


    Address: 10.8.0.0
    MASK: 255.255.255.0
    Gateway interface: enxb827eb691307
    Default gateway: yes


    DHCP options
    empty


    Public:
    ****.ddns.net
    Thanks,

  • My advice to you guys is to stop using this plugin, it does not work for me either, and it happens every time I update something on the server, so I chose to go the docker way.
    Fairly simple:
    https://hub.docker.com/r/kylemanna/openvpn


    open ssh terminal to your server and copy paste:


    OVPN_DATA="ovpn-data-myvpn"docker volume create --name $OVPN_DATA


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://DNS-SERVER.COM-OR-IP


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpkidocker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass


    - nopass if you just want to connect to your VPN server only with your *.ovpn file, or remove nopass for login with username - password


    docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn


    cat CLIENTNAME.ovpn


    copy the contents of this file on your host, text editor save as CLIENTNAME.ovpn than just connect.Works like a charm.

  • Thanks for the Link! Its working, but slow like hell -.- Server with OMV 4.1.22 is a Intel G4400 @3.30GHz - Internet Speed 1000/50, connected with OpenVPN (Android) Speedtest.net throws 3,94 mbps down and 13,5 Mbps upload at me *cry* G4400 CPU Usage ~5%


    Edit : Fixed with OpenVPN Server.config tuning. Now 48/45mbps

  • Hello,


    Could you please tell me if this also works with raspberry pi?


    Since the openVPN plugin won't work for me anymore after an omv update, I switched to docker and transmission-openVPN from the image "ledokun/armhr-docker-transmission-openvpn" and followed the instructions form techno dad life video "How to Install Transmission with VPN on Openmediavault with Docker". The problem is that I don't know how to configure openVPN in that docker container... for the moment it does not work for me.


    I only use VPN to access my network from outside... so I have no custom VPN provider and since the plugin is dead I want to switch to docker.

  • I would NOT enable compression. It is a known vulnerability in OpenVPN. Straight from the developers of OpenVPN: "For now, it is advised that users of the OpenVPN Access Server and the OpenVPN Connect Client software disable the use of compression."

  • When I had the openVPN plugin up and running I could put all those settings as you wrote above... and indeed they work. Now with the docker and openvpn I dont know where to put the setting and how to configure openvpn with docker for Raspberry pi.


    I am also a beginner with omv, rpi, linux :)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!