[HOWTO] OSMC/Rasp Pi as OpenVPN client

Thanks.
I typed in which openvpn and it came back with usr/sbin/openvpn Then I tried sudo openvpn client.conf it came back with ERROR opening configuration file:client .conf
I’m at a loss with this, how do I set up a client.conf file?

A client.conf is usually provided by a openvpn service provider. Do you have one? or you generate one when you make / install the openvpn acces server on your home/office network

if you do have an client.ovpn without a password(auto login), then you can just one on one copy the client.ovpn to a file called client.conf. then place that file in /etc/openvpn by default your system will boot up with an openvpn connection to that specific server.

The principal is that an Openvpn client connects to an Openvpn server. If for example you wish to use openvpn to connect to your home network then you will need install a openvpn server at home wich will allow your openvpn client to connect there.

If you want to use openvpn to anonymise your internet activities or to be able to watch content from another Geo graphical region you would need to have an account with an openvpn provider.

What do you want to use it for?

Thanks for your help with this.
I have a vpn provider and have a .ovpn file from them that gives all the info required to log in to their server.I have put this .ovpn file in the folder /home/osmc/vpn-config. I have also copied a file called pass.txt to that same directory containing log in password etc. The VPN provider gives me the .ovpn file not a .conf file so I am confused where this comes from.
Next I run the kodi add-on and my vpn connects but two minutes in it disconnects for no reason. If I have my openvpn setup correctly this must be due to something else but it is not my VPN provider. It is either the openvpn setup is wrong or else the pi has a problem with network connections.
As I said I use this setup with Openelecto access the web and anonymize my web activity and it works fine.
Any other suggestions much appreciated

Hi again. Looking into this more I changed the name of the .ovpn file to client.conf and placed this in /etc/openvpn and rebooted. As you said this works connecting me to the vpn server without disconnection. Clearly I read this wrong and have been putting the .ovpn file in the wrong place. However I would still like to be able to connect via the Kodi add-on rather than an always connected vpn service. How would this work?

I guess that would depend on the plugin that you decide to install …

Usually the plugins author provides installation and configuration information.
At least you know it is working and you know that you can enable and disable on the command line.

Me personally I by default let my Pi connect to Openvpn on start up, its just better that way :smiley:

If you do find a good addon let me know :smiley:

Good luck :smiley:

Hello all, I am new to the OSMC world but average linux user.

I easily got openvpn setup and I run it at start up and use CLI to verify external IP and tunnel in interface. For the life of me, I cannot get the add-on it to work, I followed the steps word for word a few times and keep getting the “management interface” error. I have checked openvpn --version and management interface is “ON,” I have modified my sudoers file, I have added the management port to my .ovpn configuration file, I have gone into the add-on configuration and changed /usr/bin/openvpn to user/sbin/openvpn, and nothing. Same error every time. I feel like I’ve tried everything.

Does anyone have any other suggestions I can try? Thanks in advance.

Wanted to thank everyone in earlier thread as it gave lots of good info. I will try to document what I had to do, hopefully it will help someone else to setup with PIA (I am not affiliated with PIA)

1 Install openvpn

sudo apt-get update
sudo apt-get install openvp

2 Make directory OpenVPNConfig to store all the files

mkdir ~/OpenVPNConfig
cd ~/OpenVPNConfig

3 Download and extract OpenVPN Configuration Files (Default) from PIA Support Portal

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip

4 Easiest way is to get the files without spaces. Make sure you are in OpenVPNConfig directory (pwd)

cd ~/OpenVPNConfig
rename “s/\s+//g” *

5 In the same directory create pass.txt with your PIA credentials:

username
password

6 Update all your PIA files with this oneliner to the location of your files. In my case I have installed in /home/osmc directory, if your home directory is different just replace the path (make sure you have everything on one line. The sed will make a backup of all your files, when you verify all looks good, just remove all files with .bak extension

sed -i.bak -e ‘s/ca\ ca.crt$/ca\ /home/osmc/OpenVPNConfig/ca.crt/g’ -e ‘s/auth-user-pass$/auth-user-pass\ /home/osmc/OpenVPNConfig/pass.txt/g’ -e ‘s/crl-verify$/crl-verify\ /home/osmc/OpenVPNConfig/crl.pem/g’ -e ‘s/crl-verify\ crl.pem$/crl-verify\ /home/osmc/OpenVPNConfig/crl.pem/g’ *.ovpn

7 Install Kodi OpenVPN plugin as in http://brianhornsby.com/kodi_addons/openvpn

NOTE: You will need to configure after installation path to openvpn from

/usr/bin/openvpn
to
/usr/sbin/openvpn

and enable “run with sudo”

8 Now it is a good time to check if your vpn actually works:

sudo openvpn ~/OpenVPNConfig/{yourpreferredVPNprofile}.ovpn

If all works you are now to move into GUI.

9 Copy all your config files to Kodi openvpn config: I chose to just copy and replace files as needed (symlinks may work too, did not test)

cp ~/OpenVPNConfig/*.ovpn /home/osmc/.kodi/userdata/addon_data/script.openvpn/

10 Test in KODI if you are able to connect, disconnect from VPN. If all looks good, then you may also prefer to start PIA on boot. For that I copied Pedro_Diogo instructions above, however I modified VPN startup from:

openvpn /{YOUR_PATH}/{yourOwn}.ovpn

to:

  • Connect to your preferred VPN in KODI
  • Get the entire command as KODI openvpn users with ‘ps aux |grep openvpn’
  • Now replace that entire command in “/etc/init.d/startOpenVPN” config file.

On every reboot you will connect to PIA automatically and if needed you can always disconnect with KODI openvpn client and reconnect as needed.

1 Like

Guys I have this reoccurring problem.
If I let the system sit for a bit, it will lose my connection and the network status in “system information” will change to “busy”.
Rebooting the whole system solves the issue temporarily.
This can happen in 15 minutes or sometimes 2 days.

I tried following al the tuts as correctly as possible, and vpn connection does work initially. But I get the feeling that the connection to the vpn server is hampered at some point, which makes the whole connection break.

Any help will be much appreciated!
I use OSMC, rpi2 + usb dongle, nordvpn

For everyone dealing with the RTNETLINK error showing up. I figured out what the problem is. Since debian 8 the openvpn connection should be called upon differently according to this link

What I did to fix the problem is the following.

1. I created a inline configuration file named clientvpn.ovpn 2. I renamed the clientvpn.ovpn to clientvpn.conf 3. I then went on and put the confige file in the /etc/openvpn/ directory along 4. I then entered this command: systemctl start openvpn@clientvpn.service

My vpn is now connected without any problems

1 Like

Putting this into the client.conf file:
redirect-gateway def1
Fixed the issue for me me

Thanks for your instructions on getting vpn working.

Appreciate cheers :slight_smile:

My setup is leaking dns, anyone know what to add to keep it using the vpn dns.

Thanks

Edit: Resolved by installing resolvconf. Then updating the server ovpn file with the following lines:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

I tried the steps described by BigSnicker.

Now - even after a reboot - I see this error message from the command line: “TCP/UDP: Socket bind failed on local address [undef]: Address already in use”
:cry:

$ sudo openvpn /etc/openvpn/client.conf
Sat Jul 16 22:24:00 2016 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 19 2015
Sat Jul 16 22:24:00 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Sat Jul 16 22:24:00 2016 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jul 16 22:24:00 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 16 22:24:00 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 16 22:24:00 2016 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sat Jul 16 22:24:00 2016 Attempting to establish TCP connection with [AF_INET]185.57.81.13:443 [nonblock]
Sat Jul 16 22:24:10 2016 TCP: connect to [AF_INET]185.57.81.13:443 failed, will try again in 5 seconds: Connection timed out
Sat Jul 16 22:24:10 2016 SIGUSR1[soft,init_instance] received, process restarting
Sat Jul 16 22:24:10 2016 Restart pause, 5 second(s)
Sat Jul 16 22:24:15 2016 Socket Buffers: R=[163840->131072] S=[163840->131072]
**Sat Jul 16 22:24:15 2016 TCP/UDP: Socket bind failed on local address [undef]: Address already in use**
**Sat Jul 16 22:24:15 2016 Exiting due to fatal error**

The client configuration (.ovpn) file, that I saved as /etc/openvpn/client.conf, contains the following connections (for 8 vpn servers).

remote vpn1.nobrother.net 1194 udp
remote vpn1.nobrother.net 443 tcp
remote vpn1.nobrother.net 53 udp
remote vpn1.nobrother.net 123 udp

… all the way to …

remote vpn8.nobrother.net 1194 udp
remote vpn8.nobrother.net 443 tcp
remote vpn8.nobrother.net 53 udp
remote vpn8.nobrother.net 123 udp

I wonder if using those ports (numbers below 1024) is OK?

Hi doku

I got mine working correctly following this post above using pia VPN.

I have had my OpenVPN setup running great with PIA but am now wondering if I need to update the .ovpn server files since PIA have changed the port (from 1194 to 1198) and increased the level of encryption following the closing of their Russian server.
(I haven’t seen any error messages popping up but just checked the external IP address - by ssh into OSMC and using Stim’s “curl ipv4.icanhazip.com” command - I find that the PIA server’s IP is still reported)

Brian Hornsby’s install guide has not been updated and the newer .ovpn files contain some different lines to the old ones.

Anyone have any experience with that?
Thanks,
Loop

Hi loop

Yeah was wondering too if I need to update the ovpn files following the Russian server takedown.

Seems it still working ok with current setup.

Do you know if killswitch is implemented in openvpn?

Thanks

Hey!
I’m afraid I have no idea if killswitch (or a similar function) is enabled in openvpn.
Sure would be useful…
Loop

Hi everyone

My openvpn is working great on rpi3, one issue is amount of bandwidth consumed using openvpn.

I checked bandwidth usage on idle and theres an average 20KB/s download using openvpn.

I tested with openvpn disconnected and average is below 1KB/s.

Is this because openvpn has to keep the vpn connection alive by sending requests?

If this is case is there way to make to check less often.

Thanks for any info

Seem to have an issue with getting openvpn to work on Raspberry Pi 2 on Sky broadband (UK). I can connect fine while using my phone’s wifi but keep getting this TLS error on my home broadband:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Router has port forwarded to the device and all blocking and firewalls turned off. Have been using the VPN Manager for OpenVPN and openvpn directly by via ssh.

I can ping the server and get a response in 10-20 ms. Confused.

Anyone else have this issue?

Hey guys (& gals?!),
So following years of faithful service using the method described above, the Brian Hornsby OpenVPN add-on seems to have been ‘broken’ by the latest December update. Now when I start the add-on and pick a server/config I get the message that “An error has occurred when trying to connect OpenVPN. Unable to connect to OpenVPN management interface”, click OK and the add-on closes without starting a connection.
Can anyone offer any advice on how to get it up and running again?
Is there a different way to have the VPN auto-connect on start-up and still retain the ability to choose/switch VPN connections?
Any advice or links gratefully received. I have done some searching but am rather baffled by the various complicated methods I’ve been reading.

I’ve posted over in this thread too, where people are discussing a fix for this.
https://discourse.osmc.tv/t/brian-hornsbys-openvpn-script-doesnt-work-after-stretch-update/69740/11

OK the solution was provided to me over in the other thread. Thanks!