This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
Installing and running OpenVPN @ boot - PrivateInternetAcces
Hi All,
I have been trying to install OpenVPN and use PrivateInternetAccess (PIA) as my VPN Server on my ReadyNAS for a while now - my prime usecase was that I wanted all the connection to be encrypted while exposing it to external world (like sharing files right out of my NAS or torrent). The following are the steps which worked for me and my NAS is always on VPN now.
1. Enable SSH by going into System -> Settings in your WebView PS: This may cause problem with Netgear support - so do @ your own risk. However, I am not modifying anything with system and it looks safe to me. 2. Download Putty from link below
3. Go to command prompt, navigate to the directory where you placed putty. Once in the directory, execute the following command
putty <NAS Address>
4. You will see a terminal window open up asking for your login. enter your login info that you use to access your NAS from webbrowser 5. Now enter the following command on the terminal prompt
apt-get install openvpn
6. This will install OpenVPN. Now, you need to get the VPN config files from PIA. Use the following commands below to navigate the OpenVPN directory and get the files
cd /etc/openvpn wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
7. Extract the files using unzip command. If you dont have the program, use apt-get command as above (replace openvpn with unzip)
unzip openvpn.zip
8. Now, create a file - say userpass.file and type username on first line and password on the second line and save it. To save a file, press Esc and type :wq (including the colon) and press enter
vi userpass.file
9. Chose one of the .ovpn file - for this eg, I chose France.ovpn and edit it. When you open it using the vi command, there will be a line auth-user-pass. Change it to auth-user-pass userpass.file and save the file as mentioned above.
vi France.ovpn
10. at this time, you are all set to create a VPN connection. However, the issue is that now you need to always activate it manually. So, now we will create a startup file which runs automatically everytime you boot your NAS. Use the following commands to create a new file called startvpn.sh - you can name whatever you want
cd /etc/init.d vi startvpn.sh
11. Now type the following lines and save the file
#!/bin/bash cd /etc/openvpn openvpn France.ovpn
12. Once saved, you need to make the script executable. Use the command below for the same
chmod +x startvpn.sh
13. Now, you need to add this script to run at everyboot. To do so, you need to add the following command in crontab file. Open the crontab file using command
crontab -e
and then add the following line anywhere in the file
@reboot ./etc/init.d/startvpn.sh &
. Save it using the Esc -> :wq! 13a. You can also use the following command to add this command to startup
update-rc.d startvpn.sh defaults
14. Now you need to see if the VPN has started. To do so, type ifconfig on the command line and you will see a new connection starting with a config similar to below
tun0-00 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
This means your vpn is running perfectly and you added another layer of security.
Please let me know if this worked for you - i am not a Linux expert but will try to answer any questions you may have
Linux experts - comment/add anything to make it better. Thanks, Arpan
Re: Installing and running OpenVPN @ boot - PrivateInternetAcces
Thanks to arpanj2 for starting the thread. I've found there are better and easier ways to do a few things which may have saved people some frustration. I hope this helps! If anyone wants to merge my suggestions with the original to create a definitive post, they're most welcome. Here are my changes:
Step 5: It's probably a good idea to retrieve new lists of packages so that you fetch the latest version of openvpn:
# apt-get update ...
# apt-get install openvpn
If you want an easier to use text editor, now is a good time to install nano:
# apt-get install nano
Step 8: If you installed nano, you probably want to use it:
# nano userpass.file ...
Step 9 is where I depart a bit; I prefer to keep the unzipped PIA .ovpn files unmodified. Instead, I create a copy of my preferred PIA site then edit it as directed:
# cp France.ovpn My.ovpn ...
Or, if you like one-liners:
# sed s/"auth-user-pass"/"auth-user-pass userpass.file"/ France.ovpn > My.ovpn
Steps 10 through 13a: There is no need to create a script or a cron job!!!
New Step 10: Let's now test our config file by running OpenVPN in the background:
# openvpn My.ovpn &
You'll see console output which looks something like this:
[1] 6938 root@hostname:/etc/openvpn# Sun Nov 1 01:26:49 2015 OpenVPN 2.2.1 arm-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014 Sun Nov 1 01:26:49 2015 WARNING: file 'userpass.file' is group or others accessible Sun Nov 1 01:26:49 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sun Nov 1 01:26:49 2015 LZO compression initialized Sun Nov 1 01:26:49 2015 RESOLVE: NOTE: france.privateinternetaccess.com resolves to 13 addresses Sun Nov 1 01:26:49 2015 UDPv4 link local: [undef] Sun Nov 1 01:26:49 2015 UDPv4 link remote: [AF_INET]108.61.122.156:1194 Sun Nov 1 01:26:49 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sun Nov 1 01:26:51 2015 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]108.61.122.156:1194 Sun Nov 1 01:26:53 2015 TUN/TAP device tun0 opened Sun Nov 1 01:26:53 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 ... Sun Nov 1 01:26:53 2015 Initialization Sequence Completed
It might look as though you don't have a prompt, but you do. Just hit enter a to get a fresh one.
New Step 11: Check the vpn is running with ifconfig:
# ifconfig
...and do whatever testing you need with your applications.
New Step 12: Find the job you created earlier and send it a TERM signal with the kill command:
root@hostname:/etc/openvpn# jobs
[1]+ Running openvpn My.ovpn &
root@hostname:/etc/openvpn# kill -term %1
Sun Nov 1 02:23:54 2015 event_wait : Interrupted system call (code=4)
root@hostname:/etc/openvpn# Sun Nov 1 02:23:54 2015 /sbin/ifconfig tun0 0.0.0.0
Sun Nov 1 02:23:54 2015 SIGTERM[hard,] received, process exiting
[1]+ Done openvpn My.ovpn
root@hostname:/etc/openvpn#
New Step 13: Once you're happy with your configuration file, rename it to something ending in '.conf':
That's it, you're done! As installed by default on my RN104, the OpenVPN init script looks for .conf files in the default /etc/openvpn directory where we unzipped the PIA files and did everything else. The OpenVPN init script is also set by default to start with the other services at runlevels 2-5. This means the init script will start a connection using your .conf file when the system reboots.
If you're like me, and prefer to access your ReadyNAS from the outside world using port forwarding configured on a router, you'll notice that turning on OpenVPN breaks remote access. I'll write another reply soon with directions on how to configure IP rules and routes on your ReadyNAS so that your port forwarding setup will function properly.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
For an even more advanced config there are a nice couple of blog articles at the link below about how to set things up so that the vpn is only used for selected services. The article describes how to set up utorrent. These instructions worked fine for me under OS6 but you really should be familiar with what is being done because you could bollix your network on boot. You can use the same approach to set up other services that support bind. For example, I set up a http proxy server that uses only the vpn link. This allows me to create a tunnel via ssh/putty to the nas and use the vpn connection from firefox on another system.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
Hi apanj2, thanks for the info. However I am still having problems getting OpenVPN to work, when I try to start the service I get:
root@NAShome:/etc/init.d# service startvpn.sh start Fri Jan 9 13:09:03 2015 OpenVPN 2.2.1 arm-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014 Fri Jan 9 13:09:03 2015 WARNING: file 'pass.txt' is group or others accessible Fri Jan 9 13:09:03 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Fri Jan 9 13:09:03 2015 LZO compression initialized Fri Jan 9 13:09:03 2015 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 4 addresses Fri Jan 9 13:09:03 2015 UDPv4 link local: [undef] Fri Jan 9 13:09:03 2015 UDPv4 link remote: [AF_INET]109.201.135.220:1194 Fri Jan 9 13:09:08 2015 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]109.201.135.220:1194 Fri Jan 9 13:09:10 2015 AUTH: Received AUTH_FAILED control message Fri Jan 9 13:09:10 2015 SIGTERM[soft,auth-failure] received, process exiting root@NAShome:/etc/init.d# AUTH: Received AUTH_FAILED control message -bash: AUTH:: command not found root@NAShome:/etc/init.d# Fri Jan 9 13:09:10 2015 SIGTERM[soft,auth-failure] received, process exiting
Any advice would be much appreciated. Thanks in advance?
Re: Installing and running OpenVPN @ boot - PrivateInternetA
dannieboiz wrote:
I've been looking for this for a long time. Couple questions before I jump on PIA
How's your speed Externally?
How's your internal speed? Any issues accessing it locally? By doing this, how does it change the way you access the RN locally?
The speed has been fine for me but again I am on 105Mbps connection, so I don't feel the pinch. I have seen torrents go as high as earlier (maybe slight downside maybe because I am using a French server while in US?)
As for local access, nothing changes - I am getting the same speed and able to access the server over LAN without any extra config. Infact, readycloud works without a glitch too over internet (when I am outside home)
FilthyAmatuer wrote:
Hi apanj2, thanks for the info. However I am still having problems getting OpenVPN to work, when I try to start the service I get:
root@NAShome:/etc/init.d# service startvpn.sh start Fri Jan 9 13:09:03 2015 OpenVPN 2.2.1 arm-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Dec 1 2014 Fri Jan 9 13:09:03 2015 WARNING: file 'pass.txt' is group or others accessible Fri Jan 9 13:09:03 2015 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Fri Jan 9 13:09:03 2015 LZO compression initialized Fri Jan 9 13:09:03 2015 RESOLVE: NOTE: nl.privateinternetaccess.com resolves to 4 addresses Fri Jan 9 13:09:03 2015 UDPv4 link local: [undef] Fri Jan 9 13:09:03 2015 UDPv4 link remote: [AF_INET]109.201.135.220:1194 Fri Jan 9 13:09:08 2015 [Private_Internet_Access] Peer Connection Initiated with [AF_INET]109.201.135.220:1194 Fri Jan 9 13:09:10 2015 AUTH: Received AUTH_FAILED control message Fri Jan 9 13:09:10 2015 SIGTERM[soft,auth-failure] received, process exiting root@NAShome:/etc/init.d# AUTH: Received AUTH_FAILED control message -bash: AUTH:: command not found root@NAShome:/etc/init.d# Fri Jan 9 13:09:10 2015 SIGTERM[soft,auth-failure] received, process exiting
Any advice would be much appreciated. Thanks in advance?
From what I am seeing, your username and/or password looks wrong. I am not a Linux Guru, so if that doesnt help, would be better to ask help in the forum.
The format for userpass file is username on first line and password on the second line. Just to check if the server is running, just type the following command in command prompt - I would strongly suggest creating a file in Linux and not on windows and then transfer.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
Thanks for the feedback, I originally setup my passfile as you instructed using putty, but saw someone else had success with a .txt file. I picked the netherlands connection over france because it looked to be faster on PIA website bandwidth speed. Normally in windows I connect to California USA, because I am in Australia, USA and Asia are much faster than Europe. I will let you know how I go tomorrow.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
omfg... the time I have wasted on this... I fked up big time... I changed my password, but ahh, was using the default password in the userpass.file. I litterally spent like a whole day on this. Thanks for your help.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
FilthyAmatuer wrote:
omfg... the time I have wasted on this... I fked up big time... I changed my password, but ahh, was using the default password in the userpass.file. I litterally spent like a whole day on this. Thanks for your help.
hah! Sh*t happens - Glad it worked out well for you! Have fun!
Re: Installing and running OpenVPN @ boot - PrivateInternetA
my startvpn.sh reads
### BEGIN INIT INFO # Provides: Openvpn # Required-Start: $network # Required-Stop: $network # Default-Start: 3 5 # Default-Stop: 0 1 2 6 #Short-Description: This shell script takes care of starting and stopping OpenV$ #Description: OpenVPN is a robush highly flexible tunneling application that us$ ### END INIT INFO
#!/bin/bash cd /etc/openvpn openvpn Japan.ovpn
When I type
update-rc.d startvpn.sh defaults
I get errors saying the start and stop values dont match up.
update-rc.d: warning: default start runlevel arguments (2 3 4 5) do not match startvpn.sh Default-Start values (3 5) update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match startvpn.sh Default-Stop values (0 1 2 6)
Any help would again be appreciated. My crontab file reads exactly the same as yours. Cheers.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
when trying to download openvpn.zip i get the following error
ERROR: The certificate of ‘www.privateinternetaccess.com’ is not trusted. ERROR: The certificate of ‘www.privateinternetaccess.com’ hasn't got a known issuer
Re: Installing and running OpenVPN @ boot - PrivateInternetA
Post by dannieboiz » Sat Jan 10, 2015 8:56 am
when trying to download openvpn.zip i get the following error
ERROR: The certificate of ‘www.privateinternetaccess.com’ is not trusted. ERROR: The certificate of ‘www.privateinternetaccess.com’ hasn't got a known issue
I don't understand why netgear decided to remove dozens of certificates from their build of ca-certificates. This can interfere with any app that uses the web (sickbeard, etc). I extracted all of them from the standard distribution of ca-certificates and these problems went away.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
My mate who is a wiz with linux solved my boot problem for me, he used the script:
#!/bin/sh
# A sample OpenVPN startup script # for Linux.
# openvpn config file directory dir=/etc/openvpn
#Run the above, with less waffle in the comment. openvpn --cd $dir --daemon --config Japan.ovpn
for startvpn.sh (with Japan.ovpn being my choice of server). Boots up with the VPN tunnel in place every time now. OP was a great help getting me most of the way there, this might help some people who cant quite get it to work like I did
Re: Installing and running OpenVPN @ boot - PrivateInternetA
arpanj2, I had read that some version of crontab dont accept @reboot - possibly this got disabled with an update or something. I think also what was happening is the script to run the config was firing before openvpn started. Regardless thanks for your help it definitely put me down the right path. Now I just need to get Couchpotato working and all will be good with my NAS box - if you have any ideas on this I would love to hear them, PM me.
My mate who is a linux whiz says you might use crontab to run a script every few hours to check that the tunnel is up, and if not restart the tunnel.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
Yeah - i couldnt figure out on how to get CouchPotato and/or Sickbeard started as i am not on the default config of Raid. I am using the full 8GB as 2 drives - hence the problem.
Netgear/Readynas apps tend to break when you are not in the default mode. I will try getting them to work but your mate could be able to help too 😄
As for the script - its a good backup to have but haven't seen OpenVPN breakin on me once connected.
Re: Installing and running OpenVPN @ boot - PrivateInternetA
I can't imagine how raid level could affect couch potato and/or sickbeard. If you've completely taken over formatting your own partition layout or something then maybe front view is totally broken, but raid level is pretty darn transparent to applications on the system. Could you elaborate on what problem you encountered?
Re: Installing and running OpenVPN @ boot - PrivateInternetA
I believe I got it working. Below is my ifconfig. I rebooted the RN and tun0 is still there, so I guess my startvpn.sh script works. Now how do I stop it?
Also, my port fowarding no longer work. Do I need to stop openvpn before I can access my device remotely for things like ftp and stuff?
