OpenVPN HOWTO?

  • ptruman,


    Thanks a lot. I was able to get up and running with that. I just have one final issue to resolve and was wondering if you would know how to fix it:


    I am successfully opening my OpenVPN connection from work, and I can see my home shares, browse the web fine, etc. However, once the VPN connection is established, I can no longer connect to machines in my work network. My OpenVPN client is Tunnelblick running on Mac OS X (10.8).


    My work network uses the 10.* address space, my home network uses the 192.168.* address space, and the VPN server is configured with the 172.* space (as shown in the screenshot attached). So there shouldn't be a conflict. I am actually not sure if this is a Mac issue, a Tunnelblick issue, or a VPN server issue. Any light you can shed would be appreciated.

  • Heh, I am mr_pete on the old forum. Should probably request Volker rename my account :)


    As you can see in your pic, you've selected "All Network Traffic" - so when OpenVPN starts, it sets up a route with high priority for all traffic, and shunts it over the OpenVPN interface.


    Technically this is good, as otherwise you can get "leaky" traffic (i.e. you try to visit http://www.gaming.com and your DNS request might go to your corporate LAN, or your web traffic via your work proxy - getting you (or your traffic) in trouble).


    If you look in /etc/openvpn/omv.conf file, you will probably see


    push "redirect-gateway def1 bypass-dhcp"


    or something similar - that is forcing all your traffic over the VPN, as intended.
    Change the "All Network Traffic" to "Local Network" or "Server Only" and ONLY your VPN LAN (i.e. home network) traffic will go over the VPN. Everything else will go "as it was".


    Obviously you need to ensure your VPN Client (Tunnelblick) doesn't clash with the server config :)

  • Dammit, stupid forum ate my post!


    I am mr_pete on the old forum - I really should ask Volker to change my login name :)


    Simply change the "All Network Traffic" dropdown to "Local network" - and everything intended for your home LAN will go over the VPN - everything else, won't. Simples.

  • Thanks mr_pete. Unfortunately, the only option available in the plugin's dropdown is "All network traffic", there are no other options :? . I am running the latest version of OMV and the latest version of the plugin as far as I know. I can manually change the config file if I knew what the other two options translate to when it comes to the config file (could you post your config file for those?) thanks a bunch.

  • Erm, something isn't right with your install then.
    I have three options, and always have had.


    Unless it's something odd to do with a fresh .3 install, rather than .2->.3 which is what I did.


    Maybe log a bug on the actual plugin source pages :)

  • Mr. Pete, your posts have not been eaten. The forum has had some issues with spam and some posts need to be approved before they get on the forums. If you see the message "This message has been successfully submitted" and your post does not show it is probably awaiting approval.

  • Hi,


    Same Problem here. In former openvpn worked on my omv-nas. I had to do a fresh install of omv, because my hdd died and now I have only the entwork-to-network option.


    Please do a bugfix, since I really need openvpn to work in roadwarrior mode (multiple clients to my nas).


    This really is a bug and needs to be fixed. As I stated I used openvpn on the same machine in that mode before, so it hase to work again now.


    Is it somehow possible to downgrade to an older version?


    Please need fast help, because i need vpn on monday!

  • Im trying work out how to configure openvpn so I can use it, but the link at the beginning of this thread doesn't seem to work anymore? can anyone point me in the right direction?

  • The plugin creates what is called a routed VPN. It will not broadcast any network info. thru the connection. So if you are on a Windows machine and browse thru the network you will not be able to veiw the machines via this type of connection. To do this you need bridged VPN. In routed vpn the vpn server sets up another subnet connected to the local network your omv is on and routes data thru that subnet from the local network to the connected vpn client. The connected vpn client is assigned an address on the subnet created by the openvpn server. In this example below the client would have an address of like 10.8.0.6 with traffic routed to it from the local network(192.168.1.x) via the openvpn server.


    1) Install OpenVPN plugin
    2) Goto Open VPN plugin in web-gui click on Create Ceftificate Authority, click on next, fill in various fields and click on next.
    3) Choose which volume you want the VPN cofiguration to be saved on and click on next.
    4) Click on Generate Server Certificate and then click on finish.
    5) Do not alter any default currently setup.
    5a) Then put check in enable.
    5b) Put check in require authentication.
    5c) Under VPN access/ Public Address put the wan ip the local network your omv is on. You can put "what is my ip" into google to figure out your current address. If your internet service provider has given you a fixed ip you are ok. If not you should sign up for a service like dyndns to deal with dynamic ips (this is whole diff topic).
    5d) Under VPN Network /Route you need to choose what you want to connect to (i.e. just the server (OMV only), the local network (i.e. if you want to connect to other machines on the local network besides just your OMV), or all network traffic (this is good if you are in a public wifi hotspot. a secure vpn connection to your home network will be created and all your traffic will go thru this tunnel. Even your internet browsing so you can securely view the internet from a wifi hotspot).
    5e) Under VPN Network /Address put 10.8.0.0 if your OMV's network is 192.168.1.1
    5f)Then put in DNS server, which is usually the ip address or your router. Click on OK.
    6) Now that you saved all settings on that page click on tab at the top that says Client Certificates. Then click on new and then click on next. Select a OMV user you want to be able to connect via OpenVPN to your OMV's network. Then click on next. Fill in various fields and click on next. Click on finish.
    7) Now highlight the user certificate you just created and then click on Generate Config. Click on next. Choose Operating system of client machine (the one that will be remotely connecting). I'm assuming windows cuz this example will be for windows. Click on finish. This will download a zipped file to your machine. You may have a default download place or choose where to download it.
    8) Go to openvpn.net and click on community. Put cursor over downloads and select community downloads. Here is link:
    http://openvpn.net/index.php/d…/community-downloads.html
    Most recent client is OpenVPN 2.3 scroll down and choose the 32bit or 64 bit installer depending on if your client machine (the one remotely connecting) is 32 bit or 64 bit. Install that on your client machine.
    9) Now go back and get the zip folder client certificate that you downloaded and move the file to your client machine. On your client machine click on the zipped file to open it up and view the contents. Highlight all the contents and then right click and then click on copy. Then go to:
    c:/Program Files/OpenVPN/config
    and paste the contents of the zipped file into that location.
    10) On router of local network where your OMV is forward port 1194 UDP to your OMV machine. If you enabled firewall on OMV ALLOW port 1194 UDP.
    11) In OMV Web-GUI go to /Access Rights Management /User then on the right window highlight the user you plan to use with OpenVPN and click on edit.
    Then make sure you add the user to the openvpn group. Do this with all users you plan to use.
    12) Now on client machine you should be able to click on the icon created when you installed the OpenVPN client software downloaded from the OpenVPN.net site and it should bring up a authentication screen to your OMV's network. Enter user name and password for the user you created the Client Certificates. The icon in the system tray should turn green when a connection is established. Once connected on the client machine pull up a command prompt and ping the router of your omv's network by using "ping 192.168.1.1". You should get a response if you used local netork, or all traffic, in the setup(won't work if you used server only)


    This was done pretty fast. There may be some errors, and I'm world's worst typist, but it gives you the basics. If you make a mistake and want to start over just go to the volume where you installed the certs, etc... There wil be an openvpn-keystore folder. You can simply delete this folder to start over. If you encounter any errors you can uninstall the plugin and reinstall. Good Luck....

  • Life suxx without openvpn on my server running correctly. I still do not have the 3 options in the dropdown :( as i had them before the fresh install of omv. Please give some help. This is really frustrating, since i habe set up openvpn again and again and again.

  • scopeye, I cannot reproduce the issues you are having. I was able to reproduce the issues ice.man had with creating Client Certificates but not the issue with the dropdown box missing 2 parameters. Did you try clearing out your browser cache? Did you try from another browser or another computer to access omv and create the openvpn server?

  • Yes I tried :(
    Could it be possible, that there is a problem with user rights? I don't know which user openvpn uses in the system or which files are affected. mrml. I will give it another try by tomorrow or the day after, since (guess) I am on the road :(


    Thanks for trying to help me.


    +++


    Well what should I say? I tried it on different browsers and different devices. I emptied the cache, tried it again. I uninstalled the plugin, emptied the cache, removed the certificate directory on the filesystem, reinstalled the plugin configured it (AGAIN), emptied the cache (AGAIN), recreated the certificates (that as never been a problem for me) and guess what! The options are still missing. This now really keeps pissing me off. Please get that prolem sorted, since the openvpn plugin used to work as expected in one of the last versions.


    So to explain it again:
    The only option that is available for Route is "All network traffic". With this option I am not able to access my VPN from anywhere in the world! Why? Even if I don't like this option, why isn't the VPN accessible from the outside?
    This whole thing used to work and I want it to work again. This has to be possible.


    There has to be some config file where the options are stored and that whole markup that belongs to the plugin. Please point me to that, so I can look if the options are even missing there.

  • So after whining I digged into the filesystem and found the file /var/www/openmediavault/js/omv/module/admin/openvpn.js
    The .inc files do not seem to be affected by the problem, so I localised it in this js.


    In this file there seems to be the declaration of the Field presets (I am a coder but don't know the OMV-plugin-system).
    Well so and in this file there is only one entry ^^ as you can see below.
    Please post your openvpn.js so I can paste it and hopefully fix the problem for me.



    Please help :)

  • here is mine
    my openVPN just works for already existing certificates, I got error trying to generate a new user certificate

  • Scopeye, let me know if you find the variance between iceman's and your file. What version of OMV and 32 or 64 bit? I want to know why you do not have the same file as iceman. I would really like to see a bridged VPN plugin and a plugin for a OpenVPN client

  • OK :(
    There is no difference :(


    I am using OMV x64.
    This is really wierd :( Why is that "All network traffic" option in that file and none of the other ones. I really do not get how this plugin is working. Where did the Plugin get the options in former, when it worked?


    Hopefully this gets sorted soon. It is really kind of depressing.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!