Posts by RainerM

    ok, but you don't see a point in sniffing data from the WLAN and hijacking a connection.
    Hm. ok.


    But is there a manual how and what to set up on OpenVPN, in case I intent to connect it to my OpenVPN sandbox on a cloud system?


    Is there a chance to assign the transfer network adresses depending on the client who connects ?
    What is Client-to-client especially for ?
    Where do I find further infos on what the OpenVPN server on OMV configures exactly ?


    Thanks

    Hm, I must admit it's not absolutely clear to me what you mean.
    Maybe I expressed myself not clearly enough in my last statement.


    I would like to connect several Ras-Pi to OMV with WLAN.
    All Ras-Pi are on the LAN side of the WLAN router, so all ports are supposed to be open by default.
    OpenVPN is not supposed to connect to a machine on the WAN at the moment. If I will need that I will open the UDP port 1194 to the WAN.


    My problem is that I don't know how to set up OpenVPN on OMV and would appreciate if someone could point to a tutorial to me.
    OMV is supposed to run as the server and provide the VPN transfer networks to the clients. Registered VPN client IPs would be appreciated.
    Means every time a client connects with WLAN he gets the same IP by the WLAN router.
    If OMV could then always provide the same IPs for the VPN transfer networks, that would be great.


    The RasPi are supposed to run on Debian 8 as VPN clients only. They are supposed to controll i.e. light, shutters, ... in the house.
    One of my problems is that last time I used OpenVPN on the Ras-Pi, they shut down WLAN when OpenVPN was started.


    I now hoped that someone already had the same idea and could provide a tutorial for RasPi and/or tutorials to set up the complete scenario successfully.
    My problem is that I'm not experienced with OpenVPN.


    What would be the best way to solve my intentions, in your opinion ?


    Thanks
    Rainer

    As I wrote before I intent to connect RaspPi to the NAS by OpenVPN.
    I want to use several RaspPi with standart Raspbian to control the home installations via WLAN.
    Every RaspPi is supposed to get its own VPN setup to be able to exclude seperately from the network, in case.
    For that reason I decided to go back OpenVPN and not to use OpenVPN AS with the momentary 2 user limitation.


    Today I set up a new RaspPi with Jessie Lite (Debian 8 ) and tried to
    connect it via OpenVPN through WLAN.
    All VPNs are within the private network, so no firewall is involved.


    I must admit I struggled on the VPN setup on OMV.
    I played around with it and several questions arose.


    What part does OpenVPN play on the NAS ? Is it the server config ?
    Do I need new users for the VPN ? In which groups do they have to be present ?
    What do I have to enter and how will I set up the RaspPi with these files ?
    Can I still use the secure connection to OMV which is used for OpenVPN AS when using it ?


    Well, all in all, does anyone know of (a) tutorial(s) describing the setup of OpenVPN on OMV together with OpenVPN on RaspPi,
    specially concerning the connection through WLAN ?
    Last time I tried it on RaspPi the WLAN was disabled imediately after OpenVPN was started.


    Thanks for your support.

    I installed OpenVPN ans OpenVPN AS.


    When I try to activate OpenVPN AS I get the error:


    Fehler #4000:
    exception 'OMVException' with message 'Failed to execute command 'export LANG=C; invoke-rc.d 'openvpnas' stop 2>&1': invoke-rc.d: unknown initscript, /etc/init.d/openvpnas not found.' in /usr/share/php/openmediavault/initscript.inc:176
    Stack trace:
    #0 /usr/share/php/openmediavault/initscript.inc(148): OMVSysVInitScript->invoke('stop')
    #1 /usr/share/php/openmediavault/initscript.inc(53): OMVSysVInitScript->stop()
    #2 /usr/share/openmediavault/engined/module/openvpnas.inc(114): OMVSysVInitScript->exec()
    #3 /usr/share/openmediavault/engined/rpc/config.inc(164): OMVModuleOpenVPNAS->stopService()
    #4 [internal function]: OMVRpcServiceConfig->applyChanges(Array, Array)
    #5 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
    #6 /usr/share/php/openmediavault/rpcservice.inc(158): OMVRpcServiceAbstract->callMethod('applyChanges', Array, Array)
    #7 /usr/share/openmediavault/engined/rpc/config.inc(224): OMVRpcServiceAbstract->callMethodBg('applyChanges', Array, Array)
    #8 [internal function]: OMVRpcServiceConfig->applyChangesBg(Array, Array)
    #9 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
    #10 /usr/share/php/openmediavault/rpc.inc(79): OMVRpcServiceAbstract->callMethod('applyChangesBg', Array, Array)
    #11 /usr/sbin/omv-engined(500): OMVRpc::exec('Config', 'applyChangesBg', Array, Array, 1)
    #12 {main}


    I already updated OMV, error stays.
    I tried it before I aktivated OpenVPN and after I successfully started OpenVPN.
    Error stays ?


    Do I have to install anything else before the activation ?
    Thanks

    Sorry for not being clear.


    I created a VM named User1 and I created a VM named User1-crypted.
    First one formated with ext4 and available through SMB/CIFS to Windows.
    The second is encrypted but not available to Windows, since the existance should not be disclosed to other users.


    That means, I would like to mount User1-crypt to a mount point in my home directory.
    A mount point like /media/<uuid>/User1/User1-crypt


    I already tried to link to User1-crypt by a soft link to my home directory.
    Its shown in my home directory, but I don't get access into User1-crypt.
    Now I thought I could mount the crypted vm to a mount point in my home directory.


    I hope that a bit more clear now.

    Well I thought about luks encryption again and intended to just mount the luks partition on top of my private file system.
    I couldn't find any place where I could set the mount point of the encrypted vm, and when I tried to link it into my vm, I had no access rights.


    Any posibility for that ?

    Well decryption works.


    But how about encryption and decryption by user. Is that possible ?
    If yes, how is it implemented ?
    What I mean is, can anyone except admin decrypt the volume ?
    If its assigend to several user(s), can they somehow enter the(ir) key and decrypt the volume.
    Something like, there is a treasure map on the encrypted volume. Only I and my wife should be able to see it.
    When I'm gone, how could she decrypt the vm, when she doesn't understand anything of OMV ?
    And after she had a look she again wants no one else to be able to see the map, without rebooting the server.
    How could she encrypt the vm again ?


    Since I'm not absolutely sure if I did everything right when I set up the vm, here is what I did.
    Maybe I missed something.


    When the keys and decryption worked, I had to format the decrypted volume with ext4.
    I assigned the according access rights to the directory and mounted it to User1/.
    I also inserted it into SMB/CIFS.
    I was able to access it (read/write) from Win7.


    But when I tried to encrypt it on OMV, encryption wouldn't let me. Encryption is greyed out.
    When I rebooted the server, the encrypted vm wasn't accessable until I decrypted it on OMV.
    Then I could access it until next reboot.
    Point is, I don't want to reboot the machine every time I had a look at the encrypted vm.


    And something off toppic, but maybe someone has a suggestion. (even where to look :) )
    Is it possible to hide the directory on SMB/CIFS (Windows) to everyone who isnt at leased allowed reading ?


    Any suggestion ?

    Perfect it works now.
    Thank you very much.


    After the update I tested the key again. Working.
    Then I could easyly unlock the encrypted partition without doing anything on the partition.
    Thanks

    oops, yes indeed a typo. :)
    2.1.25
    Thanks for checking.


    Since it's my first contact with OMV, I recorded all installation steps in detail to be able to install it again.
    In case, I could provide them.

    I recently installed OMV 2.1.15 including the Backport Kernel, lvm2 (2.1) and luksencryption (2.1.1).
    I created a RAID5 system with lvm, one volume group and several volumes.
    One volume I encrypted as User1, the others are plainly formated with ext4.
    All volumes are readable / writeable, except the luks formated.
    I assigned a key, which unlocks the partition when I just test the key.
    I can also change the key.
    But when I try to decrypt the partition I always get the error:


    Unable to unlock encrypted device: Device mapper/VG-User1-crypt not found


    Error #4001:
    exception 'OMVException' with message 'Unable to unlock encrypted device: Device mapper/VG-User1-crypt not found' in /usr/share/openmediavault/engined/rpc/luks.inc:288
    Stack trace:
    #0 [internal function]: OMVRpcServiceLuksMgmt->openContainer(Array, Array)
    #1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
    #2 /usr/share/php/openmediavault/rpc.inc(79): OMVRpcServiceAbstract->callMethod('openContainer', Array, Array)
    #3 /usr/sbin/omv-engined(500): OMVRpc::exec('LuksMgmt', 'openContainer', Array, Array, 1)
    #4 {main}


    Any idea ? Did I miss something when I set the volumes up ?