[HOWTO] OSMC/Rasp Pi as OpenVPN client

not recommended, im sure @sam_nazarko can fill in why better then me

It’s not recommended to replace it or to propose to replace it? Because if the latter is true, then that’s a problem.

its not recommended to replace it on your system atm… as to the reasons why im gonna refer to Sam cause i dont remember the specifics

I wouldn’t do it as a user, but rather to propose it be replaced at the distribution level

You could propose it but your use case is somewhat niche and is unlikely to result in the change you are seeking here.
Here’s why you wouldn’t want to attempt to change it as a user

One man’s shit is one man’s treasure.

ConnMan fully supports VPN configuration. The reason for choosing ConnMan over the legacy networking system is that while it worked for you, the large majority (99%) of our users do not wish to configure networking via a command line. ConnMan provides us with a stable DBus interface so we can make configuring connections simple and manageable from Kodi. It also has a very low footprint.

It is easy for you to copy over /etc/network/ files to remedy the situation, and that’s what we expect from power users. We need to support the most common use case scenarios and make these as easy as possible for users to employ. ConnMan lets us do that.

With that said, I don’t anticipate a reason why we won’t have GUI based VPN configuration eventually

Here. What would you consider as more established? NetworkManager is a lot more resource intensive and wouldn’t work any magic: we’d still need to develop our addon to support VPN via the GUI, and additionally, have to rewrite all of the networking code.

If you can provide a better description of the issue then we can have a look.

Edit:

You are likely being caught out by WISPR. To determine true network connectivity (and in the future, to allow login to WiFi networks that ask for a username and password), ConnMan will configure a route and try to connect to osmc.tv. If it receives HTTP-X-OSMC then it knows that it is really connected to the Internet, and not a web page asking for credentials.

I see you are using a legacy /etc/init.d/ script. The solution is to write a proper systemd unit (I am sure one already exists for OpenVPN) and add After=connman.service.

ConnMan assumes that as it is the network manager it is permitted to configure routes accordingly. Other network managers will do the same

Sam

An even more generic solution that would still work on OSMC would be to specify After=network.target in your OpenVPN service.

This is the established way in systemd of specifying that your service should start after the network manager (whatever it might be) is up and running. (network.target does not mean that the network connection is configured and up and running, only that the network manager daemon has started running)

Because our connman.service has Before=network.target it must finish starting before any service that specifies After=network.target is allowed to start, but because network.target is a well known, generic, network manager agnostic target name it should work on any systemd system.

Question guys, have openvpn successfully installed and tested on my Rasp Pi but when configuring the Kodi add-on my folder /usr/sbin seems to be empty (show hidden files and folder enabled in file lists)

Probably a small thing i overlook but hope somebody can point me in good direction

thanks…

Sorry already solved, editing trough the context menu of the add-on did the trick

hi guys!

Is there any way to add visual feedback to OSMC while an openvpn connection is active? Maybe a tiny flag or text on any of the corners of the main menu (only) would do…

Just a thought…

Hi all, I am a total novice at Pi as only received it today. So any help would be appreciated.

When typing into Putty I get the response: openvpn: command not found.

Does that mean I have typed incorrectly into putty or the original configuration file.

Thanks, James

Did you actually install and configure openvpn or you thought it was preinstalled?

Ok, got past the putty problem, but now when I try to run openvpn i get the message:

An error has occurred whilst trying to connect OpenVPN
Unable to connect to OpenVPN management interface

Any suggestions please.

That sound you are talking about the openvpn kodi addon, or?
Have you installed and configured openvpn on the OS level?

When run through putty, this is the log:

login as: osmc
osmc@192.168.0.5’s password:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 30 12:33:40 2015 from 192.168.0.3
osmc@osmc:~$ sudo openvpn /home/osmc/vpn-config/TCP/USA-FLORIDA-TCP.ovpn
Mon Nov 30 13:02:13 2015 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 1 2014
Mon Nov 30 13:02:13 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Mon Nov 30 13:02:13 2015 WARNING: file ‘/home/osmc/vpn-config/pass.txt’ is group or others accessible
Mon Nov 30 13:02:13 2015 WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
Mon Nov 30 13:02:13 2015 WARNING: file ‘/home/osmc/vpn-config/Wdc.key’ is group or others accessible
Mon Nov 30 13:02:13 2015 Control Channel Authentication: using ‘/home/osmc/vpn-config/Wdc.key’ as a OpenVPN static key file
Mon Nov 30 13:02:13 2015 Attempting to establish TCP connection with [AF_INET]172.111.134.3:80 [nonblock]
Mon Nov 30 13:02:14 2015 TCP connection established with [AF_INET]172.111.134.3:80
Mon Nov 30 13:02:14 2015 TCPv4_CLIENT link local: [undef]
Mon Nov 30 13:02:14 2015 TCPv4_CLIENT link remote: [AF_INET]172.111.134.3:80
Mon Nov 30 13:02:14 2015 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Mon Nov 30 13:02:23 2015 [PureVPN] Peer Connection Initiated with [AF_INET]172.111.134.3:80
Mon Nov 30 13:02:25 2015 TUN/TAP device tun2 opened
Mon Nov 30 13:02:25 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Nov 30 13:02:25 2015 /sbin/ip link set dev tun2 up mtu 1500
Mon Nov 30 13:02:25 2015 /sbin/ip addr add dev tun2 172.111.134.194/26 broadcast 172.111.134.255
RTNETLINK answers: File exists
Mon Nov 30 13:02:28 2015 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Mon Nov 30 13:02:28 2015 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Mon Nov 30 13:02:28 2015 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Nov 30 13:02:28 2015 Initialization Sequence Completed
^CMon Nov 30 13:03:25 2015 event_wait : Interrupted system call (code=4)
Mon Nov 30 13:03:25 2015 /sbin/ip addr del dev tun2 172.111.134.194/26
Mon Nov 30 13:03:25 2015 SIGINT[hard,] received, process exiting

I have been trying to follow the Brian Hornsby instructions.

It is really hard to remotely trouble shoot that and I also don’t think that this thread is the right place. I will sent you a PM and we can try from there

Hey, thanks A LOT for this thread. Managed to follow Bryan’s tutorial (followed the raspbmc steps but some things are still outdated for OSMC - be sure you’re on the right paths) and also your tweaks with the sudoers file.

I know just have one question: is there anyway I can auto-start this add-on, or should I just create a normal linux init script? If I go the linux startup script, won’t I loose that once OSMC is updated?

Cheers and, again, big thanks!

I’d like to know this too.
Pedro if you manage to figure out a working script, please share it! I have no idea how to make one of those. Would be nice to have some indication on the main screen that the OpenVPN is running.

Hey,
I ended up creating a simple startup script which gets the job done…

Just create a script:
sudo vi /etc/init.d/startOpenVPN
with

#! /bin/sh
# /etc/init.d/startOpenVPN
### BEGIN INIT INFO
# Provides:          openVPN
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Simple script to start a program at boot
# Description:       Start / stop OpenVPN at boot / shutdown.
### END INIT INFO

openvpn /{YOUR_PATH}/{yourOwn}.ovpn

(edit the last line and make sure the path to your .ovpn file is correct)

and just make executable:
sudo chmod 755 /etc/init.d/startOpenVPN

and register it to start at startup:

sudo update-rc.d startOpenVPN defaults

reboot the Pi and check if it has started:
ps aux | grep openvpn

For what I need, it gets the job done. Thanks, again, to the OP for his tweaks!

1 Like

Hello

First of all i’m a total noob about ssh, linux and such but i was able to success on connecting to my private vps vpn server via openVPN client on osmc. The problem is i can only connect it via ssh command without any error and working fine but when i try to connect it from OSMC interface after i choose my vpn name it says “An existing OpenVPN instance appears to be running. Disconnect it?” If i say yes it asks me again and upon clicking no nothing happens. Also i tried to add an automated script which Pedro_Diogo mentioned, after i save script via :wq command and try to run sudo chmod 755 startOpenVPN it gives me an error of no such a file or directory.

As i said i’m total noob so please excuse me
Regards

edit: i’m using raspberry pi B+ with manual OSMC installation. My private vps vpn server is not local and loaded with openVpn software

edit2: When i connect with ssh command it opens 2 client connections according to OpenVPN management tool which is the maximum concurrent client at the same time.