Hi,
I don’t know exactly where I should post this so I am trying on the “Help and Support” section. Please advice if it is the wrong place.
I have built a new OSMC unit for use at my summer home using an RPi2B with a 1 TB NTFS hard disk attached.
This now works just fine, so I am continuing on to install the OpenVPN server, which will give me remote access to the network at the summer home.
I have used a memo document I wrote up concerning how to install OpenVPN on a RaspBian system and transfer the certificates etc from a source Pi OpenVPN server in order to clone the server. This has worked perfectly fine the two previous times I created a new OpenVPN server.
But there seems to be a problem when doing it on an OSMC Pi…
I think there is a basic problem in getting it to properly install and run.
I have used
sudo apt-get install openvpn openssl
in order to install the server, then I have used scp across the network to copy the OpenVPN config and certificate files from the working server, all according to my previous notes. Then I have edited the files in need of edit to define the new OpenVPN configuration (basically the network specific details) again following my notes.
But the server fails to work, I cannot connect at all.
If I look at the service restart response on RaspBian versus OSMC I see this:
On RaspBian (and RaspBMC):
pi@raspbian-pi2 ~ $ sudo service openvpn restart
[ ok ] Stopping virtual private network daemon: server.
[ ok ] Starting virtual private network daemon: server.
pi@raspbian-pi2 ~ $
But on OSMC:
osmc@osmc:~$ sudo service openvpn restart
osmc@osmc:~$
As you can see there is no feedback at all on OSMC, not even an error message!
In the Raspi forum I was adviced that OSMC is built on “Jessie” and therefore uses another boot and service control system. So I googled and found out that there is a command that can show you all services.
Tried it on mu OSMC installation and this is what I found in the long list of items:
openvpn.service loaded active exited OpenVPN service
* openvpn@server.service loaded failed failed OpenVPN connection to serve
and with another command I tried to restart it then look at the status:
root@osmc:/home/osmc# systemctl restart openvpn
root@osmc:/home/osmc# systemctl status openvpn
* openvpn.service - OpenVPN service
Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
Active: active (exited) since Thu 2015-06-11 10:34:42 UTC; 9s ago
Process: 689 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 689 (code=exited, status=0/SUCCESS)
root@osmc:/home/osmc# ^C
root@osmc:/home/osmc#
It seems like there is a problem with the openvpn server service, but this gives me no clue to why.
When it is started it does not stay running…
Is there someone here who can help?
You sure that the connection works? i havent any problems with openvpn ^^ for more information
cd /etc/openvpn
(sudo) openvpn client.conf (verbose you will see whats the matter!)
(sudo) oepnvpn server.conf
then it start automaticly at boot! I have osmc rc3, no problems at all!
Thanks!
For some reason this made the server work and I could connect from my phone using the mobile network.
What does not work, however is to get outside of OSMC. I can access the media drive share on the Pi (USB disk) fine from the phone.
But if I try to go outside the Pi to the NAS on my internal network (192.168.0.x address) then it just sits forever trying to connect.
It is as if the OSMC Pi does not allow the OpenVPN server to use the local network.
This is really very strange, the same server.conf file used on my other installations has been copied here and I only changed the IP addresses where appropriate for this Pi.
Anyway one step forward at least.
Is there a firewall on the OSMC, which needs to be modified???
you have to route. i think i can give you a direction but its more likely you have to wait for a professional ^^
sudo sysctl -w net/ipv4/ip_forward=1 ( to connect tap with eth0 ) ( for auto /etc/sysctl.conf )
sudo route add -net 10.8.0.0 netmask 255.255.255.0 gw vpn.server.i.p ( for auto in /etc/rc.local without sudo )
I managed to get it going now but only until the next reboot…
The traffic forwarding starts working after this iptables command:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.154
But as soon as I reboot the Pi this disappears! I need some mechanism to get it reset every boot and in the notes I have is a script that should be included in /etc/network/interfaces:
F) Configure usage of the script
nano /etc/network/interfaces
Find the line that reads:
iface eth0 inet dhcp
We want to add a line below it at an indent (tab or space? I don't know).
So this is what the two lines, existing and new, will look like when you’re done:
iface eth0 inet dhcp
pre-up /etc/firewall-openvpn-rules.sh
The problem here is that OSMC seems to not have such a file…
If I try the edit command an empty screen is opened in nano.
So how can I make the iptables command persistent in OSMC?
At the moment OSMC doesn’t have support for /etc/network/interfaces or /etc/network/if-up.d/ scripts, as connman does not use them. (The document you’ve followed probably assumes network manager is installed) The /etc/network/if-up.d/ directory is there but not properly functional.
We’re investigating ways to provide if-up.d functionality in the future though.
Since the problem is only apparent at boot-up, is there not some way to run a custom script at that time to set the iptables routing rule?
Or can I use the dphys-swapfile package?
I have a note for RaspBMC where I already had this problem which suggests:
Making the iptables commands persistent
---------------------------------------
From: http://forum.stmlabs.com/showthread.php?tid=3552&pid=45001#pid45001
Install the dphys-swapfile package:
sudo apt-get update
sudo apt-get install dphys-swapfile
sudo shutdown -r now (to reboot)
I already use it on a home computer. I copied the keys/files, client.conf from /etc/openvpn to OSMC /etc/openvpn. Once I started openvpn it routed propery. IF you are not able to do that then you need to setup your client.conf file with the proper information.
You can view routing by typing “route” in terminal . You should have a Tun interface in the routing table with a 10.x.x.x ip address. Use the command curl -s checkip.dyndns.org | sed -e ‘s/.Current IP Address: //’ -e 's/<.$//’ to check your external ip to confirm you are using your vpn and not your isp’s ip.
I rebooted twice and it’s running so openvpn seems to start properly on reboot.
I am not sure that you are doing the same as I was trying…
I was discussing setting up the OpenVPN SERVER and not the client.
What I want is a server that I can connect to from the outside to reach my home network through.
OK, got it.
I have (after I started this thread) cloned my original OpenVPN server install to an RPi1B and an RPi2B (running RaspBian on both) and changed the port they operate on. I have forwarded the new ports to these from my Internet router, effectively making 2 new OpenVPN channels into my network. Furthermore I have cron’ed one of them to reboot daily so it won’t lock up as it had done in the past after running for a month or so.
Then to top it off I also enabled OpenVPN server on my Synology DS212j NAS on yet another port, also forwarded from my router.
So now I have a 3-fold redundancy in accessing my network at home!
The original RPi1B(256 Mb) unit running RaspBMC where I installed OpenVPN to begin with has now been decommissioned and the new RPi2B with OSMC has replaced it as a media center.
The only reason for me now to combine OSMC and OpenVPN would be next summer when I move the media center Pi to the summer home, where I don’t have the infrastructure I have at home. Then it would be nice to have a VPN channel also to that location. But there is no rush now.
I also put an RPi1B+ with an OpenVPN server clone over at my daughter’s home in the USA so I can easily reach her as well. No redundancy there, though…
Did you install the OpenVPN server or client?
The server installs as a service and will start on boot. The client is just a user level program, I believe.
I have never used the OpenVPN client on a Pi, but on Windows, Mac and Android and there you have to start the client to use it.
If you’re still having a problem with the server start up (or for anyone else having the same problem and reading this) then have a look at the following work-around …
