Hello,
Please can somebody help me with OpenVPN client connection. I have read lots of threads and cant seem to get the last bit sorted!
Running 11.2-U4 I have used the emby plugin and created an emby jail which works as expected.
I have followed numerous threads and installed to the emby jail OpenVPN server.
I have managed to get the openVPN server running and all seems good.
also ifconfig looks ok to me
I have a dyndns service running and can ping my public ip address from outside my network.
I have added a port forward in the router which is the 'emby jail ip address' start/ end port 1194 to internal port 1194
My client is a windows machine with openvpn client running on it.
I do not think there is any problem with certs and this is my client.conf
Server.conf
rc.conf
I have also tried adding the following to rc.conf
with the following ipfw.rules file (both options tried)
I have been tinkering all day but with no success, my openvpn client log shows a failed TLS handshake.
Can anybody help as I really have fried my brain today trying to sort this!
As a side note when I started this morning if I attempted to reach my public IP address in a browser window from outside my network The response was 'The server refused the connection'
Since tinkering today that response has now changed to 'took to long to respond'
Any pointers gratefully recieved !!
This has totally fried my brain today.
Thanks
Please can somebody help me with OpenVPN client connection. I have read lots of threads and cant seem to get the last bit sorted!
Running 11.2-U4 I have used the emby plugin and created an emby jail which works as expected.
I have followed numerous threads and installed to the emby jail OpenVPN server.
I have managed to get the openVPN server running and all seems good.
root@emby:/ # sockstat -4 -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
emby mono-sgen 16420 17 tcp46 *:8096 *:*
emby mono-sgen 16420 20 tcp46 *:8920 *:*
emby mono-sgen 16420 24 udp4 *:1900 *:*
emby mono-sgen 16420 25 udp4 *:33210 *:*
emby mono-sgen 16420 26 udp4 *:7359 *:*
nobody openvpn 16388 6 udp4 192.168.1.138:1194 *:*
root natd 16335 3 div4 *:8668 *:*
also ifconfig looks ok to me
root@emby:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe**:******o0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether d0:**:**:**:**:60
hwaddr 02:**:**:**:**:0b
inet 192.168.1.138 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
tun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00
nd6 options=1<PERFORMNUD>
groups: tun
Opened by PID 16388
I have a dyndns service running and can ping my public ip address from outside my network.
I have added a port forward in the router which is the 'emby jail ip address' start/ end port 1194 to internal port 1194
My client is a windows machine with openvpn client running on it.
I do not think there is any problem with certs and this is my client.conf
client
tls-client
pull
dev tun
proto udp
remote mydynIPaddress 1194 udp
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
key-direction 1
comp-lzo
verb 3
auth SHA512
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIJANayYsJ9kpufMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
BLAH
16ihwv0tEmzzsYPfeZAiU6Jj4IAw
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDUjCCAjqgAwIBAgIRAIyDygpySpgCYlu65vkbQN8wDQYJKoZIhvcNAQELBQAw
BLAH
pXDskJOtZf1P+0Ze8vJznNRKdzwY+q200dK3kw5PPoaXiKyhjnU=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbTQ9VfS3e9j0C
BLAH
vgvmZzXoZGOWoRc4r7TPqwsW
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
18b3ea19c141a8f92d69b719cada3099
BLAH
94a1c6bbc6bbef8e13e5597fe200b46e
-----END OpenVPN Static key V1-----service
</tls-auth>
Server.conf
local 192.168.1.138
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key
dh /usr/local/etc/openvpn/server/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.138 255.255.255.0"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
auth sha512
remote-cert-tls client
rc.conf
ifconfig_epair0b="DHCP"
hostname="emby"
cron_flags="$cron_flags -J 15"
# Disable Sendmail by default
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
# Run secure syslog
syslogd_flags="-c -ss"
# Enable IPv6
ipv6_activate_all_interfaces="YES"
emby_server_enable="YES"
firewall_enable="YES"
firewall_type="open"
gateway_enable="YES"
natd_enable="YES"
natd_interface="em1"
natd_flags="-dynamic -m"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server/server.conf"
I have also tried adding the following to rc.conf
firewall_script="/usr/local/etc/ipfw.rules"
with the following ipfw.rules file (both options tried)
# Bibi40k method:
#!/bin/sh
#EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
##ipfw -q -f flush
#ipfw -q nat 1 config if ${EPAIR}
#ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
#ipfw -q add nat 1 all from any to any in via ${EPAIR}
#TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
#ifconfig ${TUN} name tun0
# gsrcrxsi method:
!/bin/sh
EPAIR=$(/sbin/ifconfig -l | cut -d' ' -f2)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}
TUN=$(/sbin/ifconfig -l | cut -d' ' -f3)
ifconfig ${TUN} name tun0
I have been tinkering all day but with no success, my openvpn client log shows a failed TLS handshake.
Can anybody help as I really have fried my brain today trying to sort this!
As a side note when I started this morning if I attempted to reach my public IP address in a browser window from outside my network The response was 'The server refused the connection'
Since tinkering today that response has now changed to 'took to long to respond'
Any pointers gratefully recieved !!
This has totally fried my brain today.
Thanks
Last edited: