Cant connect to OpenVpn

  • Hi


    I have built a Pi 4 with OMV 5.


    I cant get openvpn to connect dont know if i am doing it properly. I have port forwarded on my router 1194 to 10.8.0.0 the default address, is this correct? Or do i use the ip address of the raspberry pi. I have been using the open vpn cofig file with Openvpn from downloading the certs on my phone is this correct also.


    I have set up openvpn on another pi before with no problems but i cant get this one one to work.


    My settings are:


    Compression: Off
    PAM: On
    VPN address: 10.8.0.0
    DNS Srv: 192.168.0.1 (my router)
    Public Add: My ddns address


    Many thanks in advance for any help given

  • Hi, for making openvpn plugin work on OMV 5 you have to follow these steps (for me works):



    0) On your router open the UDP 1194 port pointing your server ip (e.g. 192.168.1.xxx)


    1) On the Control Panel in the Web GUI set the following :


    --------------------------------------------


    GENERAL


    Enable -> ON
    Port-> 1194
    Protocol -> UDP
    Use Compression -> ON
    PAM Authentication -> ON
    Extra Options -> NONE
    Logging level -> Normal Usage output


    VPN NETWORK


    Adress -> 10.8.0.0
    Mask -> 255.255.255.0
    Gateway -> Select Your Connection (e.g. eth0)
    Default gateway -> ON
    Client to client -> OFF


    DHCP options


    DNS Server(s) -> NONE
    DNS search domains -> NONE
    WINS Server -> NONE


    PUBLIC


    Public Adress: yourdomain.duckdns.org (or other ddns or your static ip if you have one)


    --------------------------------------------
    Then Save and Apply


    2) Generate the certificate for the users on the WebGUI ( you may also do that in a second moment)


    3) Then SSH into your server and cd /etc/openvpn/ and nano server.conf


    4) Remove from the server.conf file the following line --> ;push "route 192.168.1.0 255.255.255.0" then Ctrl+X ->Y->Enter to apply changes


    (You can also delete -> ;push " route client-to-client" and other commented settings to make the file more clean but it is not necessary to get the plugin work. I don't know the reason why deleting the line indicated in 4 must be done to get the plugin work even if it's a commented setting too)


    5) cd ~ and service openvpn restart



    After this mod in the server.conf file the vpn works. The server.conf remains updated (also after reboot the machine) until you change something in the web GUI control panel of the plugin, then the wrong line appear again and you have to reupdate the server.conf file by repeat 3) 4) 5) to make the plugin work again.

  • I have similar settings like yours.


    OpenVPN worked for me on OMv5 previously, but it stopped working.


    There is a thread that somebody wrote a script that you can renew the cert periodically with a cron job.

  • Do you mean this thread? OpenVPN-Renew CRL


    If I understand correctly the plugin stop work when the certificates are revoked and they have to be updated manually.


    I execute openssl crl -in /etc/openvpn/pki/crl.pem -text to check my expiration date and i get Next Update : Jul 20 14:54:17 2020 GMT.


    So before Jul20 i have to renew certificates by executing : /opt/EasyRSA-3.0.6/easyrsa gen-crl and the plugin continue work. It's correct?


    Finally, just for curiosity, have you modified the server.conf file too to get the plugin work?

  • Tried that too, but still failed.


Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!