OpenVPN HOWTO?

  • Hello tekkbebe and thanks for the guide on setting up OpenVPN with OMV.


    But there is one thing which is confusing the hell out of me. You say that i need a static IP address or sign up with Dyndns in able to forward my dynamic IP to a hostname?


    But im confused about how this is done. I want to connect my OMV server with a VPN service, so that all outgoing internet traffic (only from my server running OMV) is through a vpn tunnel. I still want to be able to connect to my server from within my LAN as i normally do.


    So how does this work? Lets say i sign up for a hostname eg. "myhostname.dyndns.com" How do i keep my dynamic IP associated with the hostname?


    I know this is not the obvious place to post this, but i have read several articles and still just as confused.


    Thanks for your time.

  • You need this so you can find your OMV when you are away and want to connect to it if you have dynamic ip from your internet service provider:
    You need to use a client for the dyndns service to report your lan's ip. Whatever service you use they have standard formats for your host name. You can usually pick the first part of the name (e.g. dannermax.dyndns.com). I use the client on DD-WRT. You could do it on your OMV as well.



    DD-WRT is way to go on your home lan but here is a debian example if you want to put a client on your OMV.


    http://www.debianadmin.com/ddc…-dynamic-dns-service.html


    Dyndns has clients for windows machines too. I think the best place is on your router because it's on all the time.


    To connect to an openvpn server outside your lan you do not need the plugin, you just need to install openvpn. Why do this? So you can be anonymous while on the internet (e.g. torrenting). This will give you the basic idea how to use the openvpn client to connect to a openvpn server outside of your LAN. Look at the "On the client" section. Your provider will give you keys, certs, etc.. for your connection and you just need to setup your client.conf file. Once it is setup you can manually start a session in command line like this: openvpn /etc/openvpn/client.conf


    http://www.hermann-uwe.de/blog…envpn-on-debian-gnu-linux


    Once you are connected you should check to see that your external ip address has changed. Here is how to check it.


    http://phpraxis.wordpress.com/…om-command-line-in-linux/


    Most vpn service providers will have instructions how to connect. Here is an example from IPredator:


    https://ipredator.se/guide/openvpn/debian/native

  • EDIT: i had overlooked your link to ipredator with the setup.. Perhaps its the same with my provider. But my other questions still apply...:) dont hate me for being such a noob.. This vpn stuff is not for beginners :)
    EDIT: These files are the default openVPN provided files for my provider: https://www.privateinternetaccess.com/openvpn/openvpn.zip
    How do i load the "ca.crt" file into the program?


    Thanks Tekkbebe..your the man i managed to use Dynamic DNS from within my router settings and have now set up a host from a free provider. So now, when i enter this DNS-hostname i am presented with my routers login screen.


    But if i may ask another question:


    In your guide, you mention this:


    Quote

    5d) Under VPN Network /Route you need to choose what you want to connect to (i.e. just the server (OMV only), the local network (i.e. if you want to connect to other machines on the local network besides just your OMV), or all network traffic (this is good if you are in a public wifi hotspot. a secure vpn connection to your home network will be created and all your traffic will go thru this tunnel. Even your internet browsing so you can securely view the internet from a wifi hotspot).


    When i click "VPN network and Route" i can choose from:


    Local network 192.168.1.0/24
    or
    All Network Traffic


    But my server with OMW installed, has IP: 192.168.1.33 (and i only need traffic from my server to go through the tunnel..)
    But it looks like only traffic untill 192.168.1.24 is forwarded? Or am i mistaking?


    Also, i am using a paid client to route through. They have some guides here:


    https://www.privateinternetacc…ent-support/#other_guides


    Do you know which one i should follow, and how does this paid providers setup, match your HOW-TO guide?


    Again, many thanks for your help. I Dont know where else to recieve support.. :)

  • 192.168.1.0/24 means local network with ip range 192.168.1.0-192.168.1.255 and the /24 stands for 255.255.255.0 netmask.


    I would e-mail them and ask if they have instructions for debian in command line. The ubuntu instructions they gave are for if you have a desktop installed.

  • New Info on the problem with the dropdown?
    "Good" to see someone has that problem, too :(


    Why would the problem be produced by the IP settings? I don't get the point.
    My Network is in 192.168.0.xxx/24 and, as I stated before, it used to work with my old OMV installation.
    With my clean fedaykin installation ist does not show the complete dropdown only "All Network traffic". I already tried your instructions tekkbebe.


    The VPN works, but all traffic is sent through the VPN even surfing traffic, what is not what I want, since my upstream at home is crap.

  • tekkbebe,


    Holly crap! It worked! Flawlessly by the way. I just had to change a few stuff after following you tutorial.


    • On my router, redirect UDP/TCP port 8081 to 1194
    • On OMV OpenVPN configuration page changed Protocol to TCP
    • Included port 8080 on the .openvpn configuration file
    • Also changed protocol on the .openvpn configuration file


    That was it, now I can connect ;)


    Going to set it on my phone right now!


    UDP was blocked here, that's why I have changed to TCP. Is there a problem using TCP? Is it less secure?

  • TCP should not be a problem...



    PS- On Android devices you should use the official OpenVPN client. Once install and you open the app I think it is import you want to use by pressing the button to the left of the home button at the bottom of the phone. I tinhk I chose "import access server profile". Then direct it to where your certs are located. You have to select your configuration file, the one that ends .ovpn. Once you do that the program will get the certs automatically as long as they are in the same folder.


    PPS- When I'm at a conference for work I use this in hotels with open wifi networks. I make sure the OpenVPN server setting has "all network traffic". Then all my data goes thru the vpn tunnel instead of risking using open wifi at the hotel. Once you connect the client and then pull up a browser on your laptop you will notice your ip changes to your home ip if you check on whatismyip.com.


  • Thanks for the Android information ;)


    I'm using "all network traffic" alright. Already tested on Windows and it worked flawlessly, used what's my IP and actually accessed OMV and other services using local (my home) IP. But I'll probably not use that with computers, my home connection has 1 mbit upload, as fast as my 3G network, LOL, and 10 mbit download!


    By the way, my brain just short-circuited. LOL! When I'm uploading to my home NAS, I'll have 10mbit, that's my download speed there, and when I download, I'll have 1 mbit, that's the upload speed. Is that right?

  • There are 3 network. 192.168.1.0, 192.168.2.0, 192.168.3.0. Openvpn server is installed on the machine 192.168.1.1, from which access to the rest of the network is. In the plugin settings in the route options have 3 options.
    1. server only (192.168.1.1)
    2. local network (192.168.1.0/24)
    3. all network traffic
    For access to all three networks to choose item 3. And in the add. option to append 2 lines.
    push "route 192.168.2.0 255.255.255.0"
    push "route 192.168.3.0 255.255.255.0"
    But the problem is that while all the traffic on the internet with vpn-client goes through the openvpn-server.
    If you select 2, the traffic is divided as it should, but do not have access to the networks 192.168.2.0 and 192.168.3.0....

  • Install the omv-extras plugin and enable the vpn checkbox on the secondary tab of omv-extras. Then it will be in the plugin list.

    omv 5.5.2 usul | 64 bit | 5.4 proxmox kernel | omvextrasorg 5.3.3
    omv-extras.org plugins source code and issue tracker - github


    Please read this before posting a question.
    Please don't PM for support... Too many PMs!

  • Apologies for resurrecting such an old thread, if there's a more recent answer could you please point me in the right direction.


    I'm trying to set up openvpn and am coming across an issue, my openvpn client just says 'looking up DNS name' and never gets further. I'm running omv 3.0.41 on an RPi3.


    I've set up port forwarding on my router and am using duckdns as my DDNS service. DDNS is working as I've tested access to another port for another device.


    On the main webgui setup page there are four boxes; general settings (default options kept), vpn network (default options kept), dhcp settings (added 8.8.8.8 and http://www.google.com), public (added my ddns address).


    After this I created a certificate for my username, downloaded and imported the .opvn file to my client. Finally I added the username to the openvpn group on omv.


    Have I missed something out, or should I be changing some of those default values?


    I've managed to get vpn working in the past for a different OS on the RPi, so I know it should be possible.


    Thanks in advance for any pointers.

  • Not sure which change made it work but I can now connect via Android client. Just in case this helps someone else here are my working settings.
    Enable: Y
    Port: 1194
    Protocol: UDP
    Use compression: Y
    PAM authentication: Y
    Address: 10.8.0.0
    Mask: 255.255.255.0
    Default gateway: Y
    Client to client: Y
    DNS server: 8.8.8.8
    DNS search domain: http://www.google.com
    WINS server: blank
    Public address: my ip / domain name redirect


    This is pretty much the default setting, but it wasn't working originally... it now does :-)

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!