OpenVPN can't get it up

nexusle · Feb 17th 2020

Hi,

I try to get up OpenVPN but get this error:

Code

Fehler #0:
OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; omv-salt deploy run openvpn 2>&1' with exit code '1': debian:
----------
          ID: update_openmediavault_openvpn_config
    Function: cmd.run
        Name: /usr/sbin/omv-openvpn setup
      Result: False
     Comment: Command "/usr/sbin/omv-openvpn setup" run
     Started: 10:55:05.447955
    Duration: 151.627 ms
     Changes:
              ----------
              pid:
                  28821
              retcode:
                  2
              stderr:
                  /usr/sbin/omv-openvpn: line 46: 5 - ( / 8) : syntax error: operand expected (error token is "/ 8) ")
                  iptables v1.8.2 (nf_tables): option "--to" requires an argument
                  Try `iptables -h' or 'iptables --help' for more information.
              stdout:
----------
          ID: start_openvpn_service
    Function: service.running
        Name: openvpn
      Result: True
     Comment: The service openvpn is already running
     Started: 10:55:05.606457
    Duration: 20.049 ms
     Changes:


Summary for debian
------------
Succeeded: 1 (changed=1)
Failed:    1
------------
Total states run:     2
Total run time: 171.676 ms in /usr/share/php/openmediavault/system/process.inc:182
Stack trace:
#0 /usr/share/php/openmediavault/engine/module/serviceabstract.inc(60): OMV\System\Process->execute()
#1 /usr/share/openmediavault/engined/rpc/config.inc(167): OMV\Engine\Module\ServiceAbstract->deploy()
#2 [internal function]: Engined\Rpc\Config->applyChanges(Array, Array)
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#4 /usr/share/php/openmediavault/rpc/serviceabstract.inc(149): OMV\Rpc\ServiceAbstract->callMethod('applyChanges', Array, Array)
#5 /usr/share/php/openmediavault/rpc/serviceabstract.inc(588): OMV\Rpc\ServiceAbstract->OMV\Rpc\{closure}('/tmp/bgstatusTS...', '/tmp/bgoutputR0...')
#6 /usr/share/php/openmediavault/rpc/serviceabstract.inc(159): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure))
#7 /usr/share/openmediavault/engined/rpc/config.inc(189): OMV\Rpc\ServiceAbstract->callMethodBg('applyChanges', Array, Array)
#8 [internal function]: Engined\Rpc\Config->applyChangesBg(Array, Array)
#9 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#10 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('applyChangesBg', Array, Array)
#11 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('Config', 'applyChangesBg', Array, Array, 1)
#12 {main}

Display More

Could someone say what's wrong?

I used the same config like on OMV4. OpenVPN is installed from the version 5 testing repo.

nexusle · Feb 17th 2020

Figured it out...

I've a network bridge (br0) for my virtual machines. If these bridge exists, OpenVPN wont start. I had to delete the bridge, start OpenVPN and recreate the bridge again.

RUsum1 · Feb 25th 2020

Where do you even find OpenVPN? I've been looking at guides on how to access my server if I'm not on the network and all of them say to install OpenVPN.

"To begin, navigate to System>OMV Extras. In the search bar near the top, search for OpenVPN. Select OpenVPN and again near the top, select install."

OMV-Extras doesn't have a search bar for me (OMV5). Plugins does but OpenVPN is not an option. Is there an up-to-date guide that will let me access my server from outside of my network?

nexusle · Feb 26th 2020

1. Activate "Testing Repo" in "OMV-Extras"

001.png 002.png

2. Search for "openvpn" on "Plugins"

003.png 004.png

nexusle · Feb 26th 2020

After you've installed the plugin, here a sample config:

005.JPG 006.JPG

RUsum1 · Feb 26th 2020

Quote from nexusle

After you've installed the plugin, here a sample config:

005.JPG 006.JPG

Thank you. I got OpenVPN added to my OMV. I then started following this guide. When I get to the last image where it wants me to log in, I get an error.
Wed Feb 26 16:28:59 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 26 16:28:59 2020 TLS Error: TLS handshake failed
Wed Feb 26 16:28:59 2020 SIGUSR1[soft,tls-error] received, process restarting

It looks like you changed some things that the guide didn't change.

Where did you come up with your VPN Network Address? That defaulted to something like 10.8.0.0 for me. Should that be my server IP?
Is the DNS server the IP address of my server (192.168.1.35) or the IP address of my router (192.168.1.1)?
The guide says to put your public IP in the Public Address bar but you have what looks like a made up website. Which should be here? If it is my public IP, is that what shows up when I log into my router page and look under WAN>IP address?

Here is my port forward (to make sure that is correct)

nexusle · Feb 28th 2020

Port forwarding setting is correct. Target must be the OMV server.

Quote

Where did you come up with your VPN Network Address? That defaulted to something like 10.8.0.0 for me. Should that be my server IP?

No. This is the virtual network ID. Like for me, 192.168.10.0 - If you let this on default (10.8.0.0), your first client in VPN will get 10.8.0.2 (.1 is the VPN server IP)

Quote

Is the DNS server the IP address of my server (192.168.1.35) or the IP address of my router (192.168.1.1)?

Your router, when it acts as DNS server. You also can use a public DNS server like Google (8.8.8.8)

Quote

The guide says to put your public IP in the Public Address bar but you
have what looks like a made up website. Which should be here? If it is
my public IP, is that what shows up when I log into my router page and
look under WAN>IP address?

In my case it's the fqdn of my dyndns provider. It's like my public WAN IP, but as this IP will be changed from time to time, I use DynDNS provider "MyFritz.net" (only if you use a Fritzbox.
If you want to use dynamically DNS, your router should be able to use such a provider.

RUsum1 · Feb 28th 2020

So what am I messing up? I saved my certificate and added those files to the config folder. Should my DNS server (under DHCP settings) be something different like 8.8.8.8?
(I changed the VPN network address)

When I try and connect through the OpenVPN gui I keep getting the error that I posted above. I'm not sure if that's because I'm currently on the same network or if that even matters

edit: for Gateway Interface I don't have an eth0 option. What I have in that box is the only thing that appears when I click there.

nexusle · Feb 28th 2020

Check your net mask. For C-net it should be 255.255.255.0 not 255.255.252.0

i think you have some misunderstanding what a VPN is.

The upper settings are for the virtual network itself. For the setting to outside you only need the WANIP informatiom.

The DNS server is ok with 8.8.8.8, but you could also use the router IP if it acts as DNS server for your home network.

192.168.1.1 is my router IP. You should use your own, if the IP address differs.

nexusle · Feb 28th 2020

which client software you use? On a PC or mobile device?

nexusle · Feb 28th 2020

One more thing:

if you make changes on your config, you should make new certificates and restart openvpn service manually:

systemctl restart openvpn.service

RUsum1 · Feb 28th 2020

I am on a Windows laptop trying to use OpenVPN.

I know that a VPN makes your public IP address appear like it's from somewhere else. I have Windscribe free account that I use on occasion. The only reason I have OpenVPN added to my OMV server is because the guide I found said that's what I need to access my files if I'm not on the same network as the server. If I'm doing this wrong, maybe you have a different step-by-step guide that I could follow for success? Unless I'm only a step or two away from getting it

192.168.1.1 is my router's IP. I use FreshTomato for my router firmware.

After changing the info in the OpenVPN tab, pressing save, then pressing apply...that doesn't restart the service correctly? I have to input your systemctl restart openvpn.service command somewhere and then make a new certificate? Where do I put that command? Into Putty?

nexusle · Feb 28th 2020

Yes. SSH with putty

RUsum1 · Mar 4th 2020

Still no luck. Is there a better guide to follow than the one I linked above in post #6? Or a better method? My goals are to 1) be able to access my server over the Internet and 2) access my Plex library over the internet.

gderf · Mar 4th 2020

Quote from RUsum1

My goals are to 1) be able to access my server over the Internet and 2) access my Plex library over the internet.

1) Exactly what do you mean by "access my server over the Internet"? Be very specific.

2) You don't need VPN to access your Plex over the internet.

nexusle · Mar 4th 2020

Quote from RUsum1

Still no luck. Is there a better guide to follow than the one I linked above in post #6? Or a better method? My goals are to 1) be able to access my server over the Internet and 2) access my Plex library over the internet.

No. The guide is exactly this, what I made to get OpenVPN running

nexusle · Mar 4th 2020

Please make a screenshot of the config page from your openvpn installation.

As your error message is "TLS key negotiation failed to occur within 60 seconds" something is wrong with the connection and/or ssl encryption. Please provide a full log file output

RUsum1 · Mar 4th 2020

Quote from gderf

1) Exactly what do you mean by "access my server over the Internet"? Be very specific.
2) You don't need VPN to access your Plex over the internet.

I want to be able to access my server if I'm not on my home network. (I'm at a friend's house but I want to see my server's files)

As far as Plex, I figured out that when I thought I created the forwarded port on my Router page, I must have forgotten to click Save. I went back to check that again and it wasn't there. I just added it and re-tested and it shows that I'm available remotely

Quote from nexusle

Please make a screenshot of the config page from your openvpn installation.

As your error message is "TLS key negotiation failed to occur within 60 seconds" something is wrong with the connection and/or ssl encryption. Please provide a full log file output

Not exactly sure what you're referring to. I found this when I click System Information on the left

Code

"abstract": "OpenVPN plugin for OpenMediaVault.",
"architecture": "all",
"breaks": "",
"conflicts": "",
"depends": "openmediavault (>= 5.1), openvpn",
"description": "OpenVPN plugin for OpenMediaVault.n Allow controlling OpenVPN directly from OpenMediaVault.",
"descriptionmd5": "",
"extendeddescription": "Allow controlling OpenVPN directly from OpenMediaVault.",
"filename": "pool/main/o/openmediavault-openvpn/openmediavault-openvpn_5.0.2_all.deb",
"homepage": "",
"installed": true,
"installedsize": 28632,
"maintainer": "OpenMediaVault Plugin Developers <plugins@omv-extras.org>",
"md5sum": null,
"multiarch": "",
"name": "openmediavault-openvpn",
"package": "openmediavault-openvpn",
"pluginsection": "remote",
"predepends": "",
"priority": "optional",
"repository": "Bintray/buster",
"section": "net",
"sha1": "d44741349dc90e04abea00707e1093b24e6b04e3",
"sha256": "a319fe4b6eeee10fd1cde042eae5b84f5fcf327d94551e5333fd6ee334d21713",
"size": 28632,
"suggests": "",
"summary": "OpenVPN plugin for OpenMediaVault.",
"version": "5.0.2

Display More

If you mean the settings used when I click OpenVPN from the left tab, I have that picture in Post #9. However I changed my Mask to 255.255.255.0 and I changed my DNS Server to 8.8.8.8 per your recommendation than made a new certificate but that didn't work when I was at my girlfriend's house

nexusle · Mar 6th 2020

Sorry,

I mean the Log file content of your client, not the server. Start your client, establish a connection and choose "Log Information". Notpad will be opened. Copy the content (kill personally information before post here)

RUsum1 · Mar 6th 2020

This is what shows when I open my OpenVPN GUI icon, right click the emblem at the bottom right (next to the clock), and click View Log

Code

Fri Feb 28 18:04:43 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Fri Feb 28 18:04:43 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 28 18:04:43 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Enter Management Password:
Fri Feb 28 18:04:43 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 28 18:04:43 2020 Need hold release from management interface, waiting...
Fri Feb 28 18:04:44 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 28 18:04:44 2020 MANAGEMENT: CMD 'state on'
Fri Feb 28 18:04:44 2020 MANAGEMENT: CMD 'log all on'
Fri Feb 28 18:04:44 2020 MANAGEMENT: CMD 'echo all on'
Fri Feb 28 18:04:44 2020 MANAGEMENT: CMD 'bytecount 5'
Fri Feb 28 18:04:44 2020 MANAGEMENT: CMD 'hold off'
Fri Feb 28 18:04:44 2020 MANAGEMENT: CMD 'hold release'
Fri Feb 28 18:04:52 2020 MANAGEMENT: CMD 'username "Auth" "OMV-omen"'
Fri Feb 28 18:04:52 2020 MANAGEMENT: CMD 'password [...]'
Fri Feb 28 18:04:52 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*publicIP":1194
Fri Feb 28 18:04:52 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 28 18:04:52 2020 UDP link local: (not bound)
Fri Feb 28 18:04:52 2020 UDP link remote: [AF_INET]*publicIP*:1194
Fri Feb 28 18:04:52 2020 MANAGEMENT: >STATE:1582931092,WAIT,,,,,,
Fri Feb 28 18:05:52 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Feb 28 18:05:52 2020 TLS Error: TLS handshake failed
Fri Feb 28 18:05:52 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Feb 28 18:05:52 2020 MANAGEMENT: >STATE:1582931152,RECONNECTING,tls-error,,,,,
Fri Feb 28 18:05:52 2020 Restart pause, 5 second(s)
Fri Feb 28 18:05:57 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*publicIP*:1194
Fri Feb 28 18:05:57 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 28 18:05:57 2020 UDP link local: (not bound)
Fri Feb 28 18:05:57 2020 UDP link remote: [AF_INET]*publicIP*:1194
Fri Feb 28 18:05:57 2020 MANAGEMENT: >STATE:1582931157,WAIT,,,,,,
Fri Feb 28 18:06:28 2020 SIGTERM[hard,] received, process exiting
Fri Feb 28 18:06:28 2020 MANAGEMENT: >STATE:1582931188,EXITING,SIGTERM,,,,,

Display More

Participate now!