Discussion stats
  • 36 replies
  • 40976 views
  • 5 kudos
  • 9 in conversation
Announcements

Top Contributors
Reply
Highlighted
Tutor

Re: Installing and running OpenVPN @ boot - PrivateInternetA

dannieboiz wrote:
I believe I got it working. Below is my ifconfig. I rebooted the RN and tun0 is still there, so I guess my startvpn.sh script works. Now how do I stop it?

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.129.84.2 P-t-P:10.149.84.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:6683 errors:0 dropped:0 overruns:0 frame:0
TX packets:9854 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1587345 (1.5 MiB) TX bytes:1596541 (1.5 MiB)


Looks good to me Smiley Happy Have fun!!!
Message 26 of 37
Highlighted
Aspirant

Re: Installing and running OpenVPN @ boot - PrivateInternetA

I edit my post but here's my other question..

Also, my port fowarding no longer work. Do I need to stop openvpn before I can access my device remotely for things like ftp and stuff?

and how do I stop openvpn?

****I spend more time tweaking my NAS than my Server****


RN4200v2 - OS6

Message 27 of 37
Highlighted
Tutor

Re: Installing and running OpenVPN @ boot - PrivateInternetA

dannieboiz wrote:
I edit my post but here's my other question..

Also, my port fowarding no longer work. Do I need to stop openvpn before I can access my device remotely for things like ftp and stuff?

and how do I stop openvpn?

Will let the linux guru's answer this question.
Message 28 of 37
Highlighted
Aspirant

Re: Installing and running OpenVPN @ boot - PrivateInternetA

Hi

I know this is quite an old thread now.... first of all thanks for your informative post. I am trying to get my NV+ to use OpenVPN to connect using PrivateInternetAccess VPN. After having successfully gone through all of your steps... sadly I can't get it the NAS to connect.


I think Ive narrowed it down to the version of Openvpn that is installed by apt-get being 2.0, while the latest config files from PIA expect 2.1+.

In particular I believe the option "remote-cert-tls server" causes a problem. I tried tried reverting to the earlier option "ns-cert-type server" which stops errors being thrown but then the certificate seems to fail.

any hints or tips would be much appreciated.
Message 29 of 37
Highlighted
Aspirant

Re: Installing and running OpenVPN @ boot - PrivateInternetA

Hi,

I'm having the similar issues to lucky_readynas, I've also installed OpenVPN on my ReadyNAS Duo in the hope to connect to PIA and followed the configuration from earlier posts. When I attempt to bring the tunnel up it gets as far as verifing the server certificate and errors out. If anyone can assist here that would be fantastic.

NAS_DRIVE:/etc/init.d# ./startvpn.sh
Sun Apr 19 15:53:37 2015 OpenVPN 2.0 sparc-unknown-linux [SSL] [LZO] [EPOLL] built on Jan 17 2007
Sun Apr 19 15:53:37 2015 WARNING: file 'userpass.file' is group or others accessible
Sun Apr 19 15:53:37 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Apr 19 15:53:37 2015 LZO compression initialized
Sun Apr 19 15:53:37 2015 RESOLVE: NOTE: aus.privateinternetaccess.com resolves to 4 addresses, choosing one by random
Sun Apr 19 15:53:37 2015 UDPv4 link local: [undef]
Sun Apr 19 15:53:37 2015 UDPv4 link remote: 103.43.72.133:1194
Sun Apr 19 15:53:37 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086Smiley FrustratedSL routinesSmiley FrustratedSL3_GET_SERVER_CERTIFICATE:cert ificate verify failed
Sun Apr 19 15:53:37 2015 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 19 15:53:37 2015 TLS Error: TLS handshake failed
Sun Apr 19 15:53:37 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 19 15:53:39 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Apr 19 15:53:39 2015 Re-using SSL/TLS context
Message 30 of 37
Highlighted
Apprentice

Re: Installing and running OpenVPN @ boot - PrivateInternetA

Ask privateinternetaccess support how to configure an older version of openvpn. They are usually pretty responsive.

steve
Message 31 of 37
Highlighted
Aspirant

Re: Installing and running OpenVPN @ boot - PrivateInternetA

had to factory reset my NAS and reinstall this but now I'm greating with a new error

root@ReadyNAS:/etc/init.d# update-rc.d startvpn.sh defaults
update-rc.d: using dependency based boot sequencing
insserv: warning: script 'K01startvpn.sh' missing LSB tags and overrides
insserv: warning: script 'startvpn.sh' missing LSB tags and overrides
insserv: warning: script 'leafp2p' missing LSB tags and overrides

****I spend more time tweaking my NAS than my Server****


RN4200v2 - OS6

Message 32 of 37
Highlighted
Aspirant

Re: Installing and running OpenVPN @ boot - PrivateInternetA


tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.144.1.6 P-t-P:10.144.1.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:556 errors:0 dropped:0 overruns:0 frame:0
TX packets:531 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:475211 (464.0 KiB) TX bytes:60724 (59.3 KiB)


did a reboot and I think I'm back in business

****I spend more time tweaking my NAS than my Server****


RN4200v2 - OS6

Message 33 of 37
Highlighted
Initiate

Re: Installing and running OpenVPN @ boot - PrivateInternetAcces

Thanks to arpanj2 for starting the thread. I've found there are better and easier ways to do a few things which may have saved people some frustration. I hope this helps! If anyone wants to merge my suggestions with the original to create a definitive post, they're most welcome. Here are my changes:

 

Step 5: It's probably a good idea to retrieve new lists of packages so that you fetch the latest version of openvpn: 

# apt-get update
... # apt-get install openvpn

If you want an easier to use text editor, now is a good time to install nano:

# apt-get install nano

Step 8: If you installed nano, you probably want to use it:

# nano userpass.file
...

Step 9 is where I depart a bit; I prefer to keep the unzipped PIA .ovpn files unmodified. Instead, I create a copy of my preferred PIA site then edit it as directed:

# cp France.ovpn My.ovpn
...

Or, if you like one-liners:

# sed s/"auth-user-pass"/"auth-user-pass userpass.file"/ France.ovpn > My.ovpn

 

Steps 10 through 13a: There is no need to create a script or a cron job!!!

 

New Step 10: Let's now test our config file by running OpenVPN in the background:

# openvpn My.ovpn &

You'll see console output which looks something like this:

[1] 6938
root@hostname:/etc/openvpn# Sun Nov 1 01:26:49 2015 OpenVPN 2.2.1 arm-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014
Sun Nov 1 01:26:49 2015 WARNING: file 'userpass.file' is group or others accessible
Sun Nov 1 01:26:49 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 1 01:26:49 2015 LZO compression initialized
Sun Nov 1 01:26:49 2015 RESOLVE: NOTE: france.privateinternetaccess.com resolves to 13 addresses
Sun Nov 1 01:26:49 2015 UDPv4 link local: [undef]
Sun Nov 1 01:26:49 2015 UDPv4 link remote: [AF_INET]108.61.122.156:1194
Sun Nov 1 01:26:49 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Nov 1 01:26:51 2015 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]108.61.122.156:1194
Sun Nov 1 01:26:53 2015 TUN/TAP device tun0 opened
Sun Nov 1 01:26:53 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
...
Sun Nov 1 01:26:53 2015 Initialization Sequence Completed

It might look as though you don't have a prompt, but you do. Just hit enter a to get a fresh one.

 

New Step 11: Check the vpn is running with ifconfig:

# ifconfig

...and do whatever testing you need with your applications.

 

New Step 12: Find the job you created earlier and send it a TERM signal with the kill command:

root@hostname:/etc/openvpn# jobs
[1]+  Running                 openvpn My.ovpn &
root@hostname:/etc/openvpn# kill -term %1
Sun Nov  1 02:23:54 2015 event_wait : Interrupted system call (code=4)
root@hostname:/etc/openvpn# Sun Nov  1 02:23:54 2015 /sbin/ifconfig tun0 0.0.0.0
Sun Nov  1 02:23:54 2015 SIGTERM[hard,] received, process exiting

[1]+  Done                    openvpn My.ovpn
root@hostname:/etc/openvpn#

 

New Step 13: Once you're happy with your configuration file, rename it to something ending in '.conf':

# mv My.ovpn client.conf

 

New Step 14: Start the OpenVPN init script:

# /etc/init.d/openvpn start
[ ok ] Starting openvpn (via systemctl): openvpn.service.

 

That's it, you're done! As installed by default on my RN104, the OpenVPN init script looks for .conf files in the default /etc/openvpn directory where we unzipped the PIA files and did everything else. The OpenVPN init script is also set by default to start with the other services at runlevels 2-5. This means the init script will start a connection using your .conf file when the system reboots.

 

If you're like me, and prefer to access your ReadyNAS from the outside world using port forwarding configured on a router, you'll notice that turning on OpenVPN breaks remote access. I'll write another reply soon with directions on how to configure IP rules and routes on your ReadyNAS so that your port forwarding setup will function properly.

 

Until then, TTFN!

View solution in original post

Message 34 of 37
Highlighted
Initiate

Re: Installing and running OpenVPN @ boot - PrivateInternetAcces

Thanks for your excelent guide, it all work exactly as described except for the very last step.

 

When I start openvpn from the command line (openvpn myvpn.conf) it works perfectly but if I use service openvpn start it fails.

Actually it reports:

 

[ ok ] Starting openvpn (via systemctl): openvpn.service.

 

but then using ifconfig shows that there are no VPN tunnels and using service openvpn status shows :

 

(Modified to hide identifying information)

 

SIGUSR1[soft,tls-error] received, process restarting
NOTE: the current --script-security setting may allow this configuration to call u...scripts

Re-using SSL/TLS context
LZO compression initialized
RESOLVE: NOTE: XXXXXXXXXXXXXXXXX resolves to 13 addresses
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:XXX
ERROR: could not read Auth username from stdin
Exiting

 

This seems to indicate that when starting using init.d it cant read the myvpn.conf file?

Checked permissions on myvpn.conf and username/pass files and chmod'd 444 (read all) to test, but no change

 

any help?

 

Message 35 of 37
Highlighted
Initiate

Re: Installing and running OpenVPN @ boot - PrivateInternetAcces

Hey Coyote21,

 

I'm wondering if something may have changed in either the OpenVPN package or in the PIA config files between when I posted and now; can you post your version information and .conf file?

 

Here's what I get:

# openvpn --version
OpenVPN 2.2.1 arm-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec  1 2014
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
...
# more /etc/openvpn/client.conf
client
dev tun
proto udp
remote <some PIA server> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass userpass.file
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem
script-security 2
up /etc/openvpn/up.sh

The last two lines are for my routing rules script.

 

The thing which sticks out to me in your message is "ERROR: could not read Auth username from stdin". Did you point the .conf file at the userpass.file in Step 9? It's not clear to me why it's trying to read from STDIN.

 

For comparison, here is my service status output:

Starting virtual private network daemon: client.
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]<ipaddress>:<port>
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
[Private_Internet_Access] Peer Connection Initiated with [AF_INET] <ipaddress>:<port>
TUN/TAP device tun0 opened
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig tun0 <ipaddress> pointopoint <ipaddress> mtu 1500
/etc/openvpn/up.sh tun0 1500 1542 <ipaddress> <ipaddress> init
Initialization Sequence Completed

Similarly, there is a line in there about my little routing rules script.

 

I haven't written that follow-up piece yet either because I was wanting to test stability, but in the interval the connection to my local ISP has gotten flaky and created a whole new class of problems which I'm taking a look at when I have the time.

 

I hope this message helps some!

Message 36 of 37
Highlighted
Initiate

Re: Installing and running OpenVPN @ boot - PrivateInternetAcces

Thanks for that jungleboy,

 

I checked my openvpn version and .conf files and could'nt find anything different from yours (except for the routing rules script extras) but I did notice that starting the openvpn service again did not change the timestamps from the service status output, so I tried service openvpn stop and then start again and it worked.

 

I'm guessing that it would'nt re-read the .conf file until I had stopped it and then started it again, so what ever was causing the error (probably missing auth-user-pass entry) was fixed long ago but the init.d script never re-read the changed file until I had first stopped the current instance that was using the  (Faulty) .conf file. 

 

Sorry to have bothered you about this.

 

Message 37 of 37