OpenVPN issue on OMV 1.9

Hi all,

I just got a IPVanish VPN account (https://www.ipvanish.com) and I'm currently trying to set up the VPN connection.
Thus I have installed the openmediavault-openvpn 1.1 pluging (not the openvpnas).
Unfortunately, when I go in the certificat tab then try to add a user it return me the following error message:

Failed to execute command 'export LANG=C; omv-mkconf openvpn add 6ccbc240-f81e-4cba-b31f-7d3a3588aaf0 2>&1': /usr/share/openmediavault/mkconf/openvpn: line 409: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory

Erreur #4000:
exception 'OMVException' with message 'Failed to execute command 'export LANG=C; omv-mkconf openvpn add 6ccbc240-f81e-4cba-b31f-7d3a3588aaf0 2>&1': /usr/share/openmediavault/mkconf/openvpn: line 409: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory' in /usr/share/openmediavault/engined/rpc/openvpn.inc:394
Stack trace:
#0 [internal function]: OMVRpcServiceOpenVpn->set(Array, Array)
#1 /usr/share/php/openmediavault/rpcservice.inc(125): call_user_func_array(Array, Array)
#2 /usr/share/php/openmediavault/rpc.inc(79): OMVRpcServiceAbstract->callMethod('set', Array, Array)
#3 /usr/sbin/omv-engined(500): OMVRpc::exec('OpenVpn', 'set', Array, Array, 1)
#4 {main}

Neverthless, if I switch to parameter tab, then go back in the certificat tab, the new user is properly listed.

However, after selecting the new user, I cannot download the certificat (nothing happen when I click on "Download certificat")

=> Could somebody help me setting up my VPN connection?

Hi,

Thanks subzero79 for your quick feedback.
I the meantime I also found a tuto on IPVanish web site (https://support.ipvanish.com/c…envpn-linux-command-line-).
With all these data I was able to setup my VPN.
Unfortunately, IPVanish VPN does not support port forwarding. Thus, once the VPN is activated on OMV, the server is no more accessible from the web, but only from my LAN.
As I mostly control the server from outside my home, this is not acceptable for me. In addtition, if the VPN is activated I can no more use the FTP.
The good point is that I did not paid for this VPN account (gift from my usenet provider).

=> For people who plan to set a VPN on there OMV server, take care to set a VPN that support port forwarding, otherwise you will only have acces to it from you LAN

Thanks @subzero79 and @shadowzero,
These days I'm a little busy and do not have some much time to look at it.null

Just for my understanding, the openmediavault-route plugin's goal is to set the iptable
=> Thus all the modification needed could be done through it, right ?

Thanks for your support

Hi all,

As I'm not an expert, I took time to have a look @subzero79 and @shadowzero sugestion.
After some research about iptable I think I find someting that could help bypassing the VPN with few Iptables Rules.
Actually I found 2 web sites which explain how to develop a script to set up the iptable properly at boot:
http://www.linksysinfo.org/ind…hrough-vpn-openvpn.37240/
https://forum.hidemyass.com/in…websites-and-more-tomato/

Then I have set one script for my peronal need:

# First it is necessary to disable Reverse Path Filtering on all
# current and future network interfaces:
#
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
  echo 0 > $i
done


# Delete table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING


# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
ip route show table main | grep -Ev ^default | grep -Ev "tun0" \
  | while read ROUTE ; do
      ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
 
# Default behavior: MARK = 1 all traffic bypasses VPN, MARK = 0 all traffic goes VPN
#All traffic for Direct Download and Usenet goes into the VPN, all other bypasses the VPN
iptables -t mangle -I PREROUTING -i br0 -p tcp -m multiport --dport 80,443,563 -j MARK --set-mark 0
iptables -t mangle -I PREROUTING -i br0 -p tcp -m multiport --dport ! 80,443,563 -j MARK --set-mark 1

However, before breaking all my network interfaces, I would appreciate if someone could have a look to this code.
Actually, there are for me several open points:
- In its previous comment @davidh2k talks about "table admin", but when looking on the web I mostly saw iptable with "table 100" (as in the above script) => Wath is the difference between these tables ?
- In my understanding "nvram get wan_gateway" is a Tomato command that provides the gateway address, but is there an equivalent on OMV?

Again, thanks for helping

@subzero79, my goal is to set all usenet and direct download into the VPN. And all other traffic outside of the VPN.
In other words, I want only download traffic into the VPN. So I can still access to OMV, sonarr, couchpotato,... using my public I.

Hi @subzero79,

According to what I saw on your github, it seems that I'm moving in the right direction to do what I want.

what are the "#netfilter and #openvpn channel"?