OpenVPN on OpenMediaVault 5 inside Docker with Portainer using Raspberry Pi 4

In this segment, we are going to show you “How to Install OpenVPN on OpenMediaVault 5 inside Docker with Portainer using RPi 4

What is OpenVPN?

OpenVPN

OpenVPN is open-source commercial software that implements virtual private network (VPN) techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.

OpenVPN was written by James Yonan and is published under the GNU General Public License (GPL). It allows peers to authenticate each other using pre-shared secret keyscertificates, or username/password. When used in a multi client-server configuration, it allows the server to release an authentication certificate for every client, using signatures and certificate authority. It uses the OpenSSL encryption library extensively, as well as the TLS protocol, and contains many security and control features. It has been ported and embedded in several systems. For example, DD-WRT has the OpenVPN server function. SoftEther VPN, a multi-protocol VPN server, also has an implementation of OpenVPN protocol.

Source /> Wikipedia

Full credit for this tutorial goes to kylemanna/openvpn & darathor/openvpn

OpenMediaVault Versions :

OpenMediaVault 5 Installation Guide :

https://pcmac.biz/openmediavault-5-on-raspberry-pi/

Software Required :

Equipment Required Optional
Raspberry Pi Raspberry Pi 4 Case
SD_Card SD Card Raspberry Pi Keyboard
Ethernet Ethernet Cable Mouse
Charger Power Adapter    
HDD External HDD    
Shop now

Create OVPN_DATA Volume

  • First of all, we need to create a folder for OVPN_DATA and you can choose any name of your choice. Followed by initializing the $OVPN_DATA container that will hold the configuration files and certificates.
  • Secondly, it is recommended to use the ovpn-data- prefix to operate seamlessly with the reference system service. Users can replace example with a descriptive name of their choice.
OVPN_DATA="ovpn-data-openvpn"
docker volume create --name $OVPN_DATA

Initiate OpenVPN Configuration

  • To generate the configuration file for our OpenVPN server we need to create a Dynamic DNS address for our server.
Setting up Dynamic DNS
  • Now, we need to set up a Dynamic DNS to resolve the issue of Public IP address that keeps changing from our ISP. For that, we need to visit the DUCKDNS website to create a Free Dynamic DNS for our Public IP.

duckdns

  • You can use any of the above methods to login to the DUCKDNS website and create a subdomain for free. Once you logged in and create a subdomain then you can use this address for your OpenVPN.
  • In my case, I have created omvpcmac as my subdomain, You can create 5 subdomains account on Duck DNS for free.

duckdns

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm darathor/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
  • Once the Dynamic DNS successfully created we can replace the VPN.SERVERNAME.COM  with our DUCKDNS address and run the container from the above command.

Result

Processing PUSH Config: 'block-outside-dns'
Processing Route Config: '192.168.254.0/24'
Processing PUSH Config: 'dhcp-option DNS 8.8.8.8'
Processing PUSH Config: 'dhcp-option DNS 8.8.4.4'
Successfully generated config
Cleaning up before Exit ...

Generate CA Certificate

  • Eventually, we can go ahead and generate a CA certificate with the below command and a private key will generate which belongs to the PKI.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it darathor/openvpn ovpn_initpki
  • Now we need to enter the password to secure the key and the result will look like this.

This will take around 10-15 minutes to create an OpenVPN certificate.

Result

Your newly created PKI dir is: /etc/openvpn/pkiGenerating a 2048 bit RSA private key ............................................................................+++ ....+++

writing new private key to '/etc/openvpn/pki/private/ca.key.XXXXCFGIEm'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase: ...

Common Name (eg: your user, host, or server name) [Easy-RSA CA]:CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at:

/etc/openvpn/pki/ca.crtGenerating DH parameters, 2048 bit long safe prime, generator 2

This is going to take a long time ...

# Wait a whileEnter pass phrase for /etc/openvpn/pki/private/ca.key:

Check that the request matches the signature ...

Enter pass phrase for /etc/openvpn/pki/private/ca.key:

An updated CRL has been created.

CRL file: /etc/openvpn/pki/crl.pem

Start OpenVPN server process

Setting up Port Forwarding on Router
  • To start with Port Forwarding, we need to know the router IP Address and for that, we are going to use Wireless Network Watcher as shown below.

Nextcloud

  • Once we have the correct IP Address, we can go ahead and log in to our router. If you don’t know the username & password of your router you can always ask your ISP for personal routers, you can always check online for the default username & password for the router.
  • In my case, I need to navigate to services and then move to Port Forwarding, your’s might be different. After that, I can easily forward port 1194, to the Raspberry Pi IP Address.

Nextcloud

docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN darathor/openvpn

Produce a client certificate without a passphrase

  • However to generate the client certificate we will use the below command and change CLIENTNAME to any name of your choice. Here we passed the nopass option with that option, the user can connect directly with the configuration file.
  • In other words, this also means that if somebody gets the config file that we will generate in seconds, he or she can connect to our VPN server without the need for anything else. You will also be asked about the certificate authority password during the user creation.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it darathor/openvpn easyrsa build-client-full CLIENTNAME nopass

Result

........................................................+++
..........................................................+++
writing new private key to '/etc/openvpn/pki/private/CLIENTNAME.key.XXXXeoGIJE'
-----
Using configuration from /usr/share/easy-rsa/openssl-1.0.cnf
Enter pass phrase for /etc/openvpn/pki/private/ca.key:
...

Create and Download the client configuration with embedded certificates

  • Lastly, we can generate a configuration file that will be sent to the user. We can use the below command to generate a new file for every other device or user.
  • After that, we can change the CLIENTNAME to the name of your choice.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm darathor/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
Download Client File
Location : "root"
Tools to download client file
FTP
WINScp
  • Otherwise, just share the folder over the network. Type ls to check the file is created or not. After that, type python -m SimpleHTTPServer 8080

OpenVPN

  • The above command will share the current folder over the Network and you can download the file by typing the IP Address:8080 in your phone or computer web browser.

Configure OpenVPN Client for Windows

  • To configure OpenVPN client for windows you need to download software from the download link and after the installation finish, you need to open the software by right click on it and choose Run as Administrator

OpenVPN

openvpn
  • The default Path to save the .ovpn file or we can say configuration files is: C:\Program Files\OpenVPN\config.
  • Similarly, you can save your downloaded configuration files to the config folder, and then it will appear in VPN Client.
openvpn
  • After that, we can select the configuration file by clicking on it and enter the password to connect.
openvpn
  • If the password is correct you can easily connect to the server and the OpenVPN icon changed its color to green.
openvpn

Download & Setup VPN Software for Android

  • To install OpenVPN you need to download it from PlayStore and open it once installation finish.
openvpn
  • After that, open the app and it will prompt you for 2 options. So, we need to select FILE and navigate to our download folder to import our configuration file.

In conclusion, you are all set to use Raspberry Pi 4 as OpenVPN on OpenMediaVault 5 with the help of Docker. If you face any issue regarding this article please share your thoughts. Enjoy using OpenVPN on Docker with Openmediavault. Smile (.”_”.)

Please check out my other articles:

Did you find us helpful?

Subscribe to our YouTube Channel YouTube
Support us on Patreon Patreon
Like us on Facebook facebook
Share This Article with others

Harish Kumar

As a founder of the PcMac YouTube channel and website, Our goal is to provide Free Technical help to people and spread knowledge to everyone.
0 0 votes
Article Rating
Subscribe
Notify of
guest
40 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Jeroen
Jeroen
1 year ago

Hi I tried to this instruction but Generate CA Certificate I get the follow error
/usr/local/bin/ovpn_initpki: line 13: /etc/openvpn/ovpn_env.sh: No such file or directory
I did see that the file (ovpn_env.sh) is in the directory.
I tried also to edit the file ovpn_initpki with another directory for the ovpn_env.sh with the same result.
What do I wrong can you help me with this?

christer
christer
Reply to  Jeroen
4 months ago

Have the same problem. What to do?

Harsh
Harsh
1 year ago

Super Duper Thanks!!!!!!!!!!! works like a charm

tanguy
tanguy
1 year ago

hi mate ! thanks for your tutorial, i can connect to my VPN but unfortunately i can’t access to my local network – for exemple i can’t access to my OMV dashboard.
I open a topic here : https://www.reddit.com/r/OpenMediaVault/comments/gvvpz9/cant_access_to_my_local_network_througt_openvpn/

can you help on this ?

Thanks !

berry baart
berry baart
Reply to  Harish Kumar
1 year ago

After rebooting my omv5 openvpn does not work again. I cannot start it via docker. I installed it again. Now wait for reboot if it does not start again.

berry baart
berry baart
Reply to  Harish Kumar
1 year ago

How do i do that ?

berry baart
berry baart
Reply to  Harish Kumar
1 year ago

This does not work. Openvpn creates a new name and keeps restarting. The old name (zenborg) is working now.

berry baart
berry baart
Reply to  Harish Kumar
1 year ago

Is not possible keeps restarting

berry baart
berry baart
Reply to  Harish Kumar
1 year ago

Is not possible. Openvpn keeps restarting

Berry
Berry
Reply to  tanguy
1 year ago

I have the same problem

berry baart
berry baart
1 year ago

After restart omv5. The openvpn does not start automatically. In portainer i cannot start it either

PopoyMaster
PopoyMaster
Reply to  berry baart
1 year ago

Got same issue. I modified the container settings in the Portainer settings

Restart Poicy –> Unless Stopped

It worked for me.

Scott
Scott
1 year ago

Hey,
How do I add a second client? seem to get a bunch of errors if I run this a second time

PopoyMaster
PopoyMaster
Reply to  Scott
1 year ago

All you need is to run these 2 commands;

–> create new user
docker run -v $OVPN_DATA:/etc/openvpn –log-driver=none –rm -it darathor/openvpn easyrsa build-client-full CLIENTNAME nopass

–> generate ovpn
docker run -v $OVPN_DATA:/etc/openvpn –log-driver=none –rm darathor/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

can you share the error message?

Last edited 1 year ago by PopoyMaster
PopoyMaster
PopoyMaster
1 year ago

Hi,

Is there a way we use reverse-proxy on OpenVPN – that way we dont need to open 1194 on router (no direct access).

I am using SWAG within DockStarter.

I hope you can help me.

Thanks!

berry baart
berry baart
1 year ago

I have now a connection via openvpn client to my omv5 but cannot access local files.
I tried to locate /etc/openvpn to change adress 192.168.2.0 to 192.168.1.0 but cannot find files.

austin patton
austin patton
1 year ago

How would i go about making client certificate with a username and password?

Mar
Mar
1 year ago

Hi I tried to add a second client, but i get following error-message:

Using SSL: openssl OpenSSL 1.1.1a 20 Nov 2018

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /etc/openvpn/pki
Run easyrsa without commands for usage and command help.

Kay
Kay
1 year ago

Ash “Harsh” says: Super Duper thanks, works like a charm 😉

Zamlix
Zamlix
1 year ago

hi! super thanks!! The connection works, but i can’t connect with my network devices, it’s so important for me. Do you have an idea?

Giacomo
Giacomo
1 year ago

Hi
Great video congratulations, I would like to install open vpn, but I start from this situation, I have already created hostname and I use ports 80 and 443 (for let’s encrypt) because I installed nextcloudpi using docker. But I have changed the default port of omv 5. Now to install open vpn can I use the same hostname, using port 1194 or do I try to create some conflict?

Last edited 1 year ago by Giacomo
Giacomo
Giacomo
Reply to  Harish Kumar
1 year ago

Ok thanks.

Mr_Floki
Mr_Floki
10 months ago

Hi, all is working for me, but I can’t access to my devices with there hostname. Any suggestions?

Thanks

Paco
Paco
10 months ago

Hi,
Thanks a lot for this video. It is really working perfect.

Like others user here under I am trying to add another user but I have the same error than others in the discussion.
I am doing what you explained to Scott 4 months ago but I have the same error than Mar.

Error is :
Using SSL: openssl OpenSSL 1.1.1a 20 Nov 2018

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /etc/openvpn/pki
Run easyrsa without commands for usage and command help.

What is the path foreward ? Do we need to restart something to run init-pki before adding the new user ?
Also Can we create a user with PASSWORD (I suppose it is just by removing the “no pass” option)

Paco
Paco
10 months ago

Hi,

Thanks for this video.
Everything is working fine.

Now I want to create a new user as proposed by PopoyMaster to Scott here under/above but I have the same issue than Mam. Issue is :
Using SSL: openssl OpenSSL 1.1.1a 20 Nov 2018
Easy-RSA error:
EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /etc/openvpn/pki
Run easyrsa without commands for usage and command help.

Is there something to do to run init-pki ? How do you add another user certificate?
Also, do you know how to have a user certificate with password. I suppose we need to remove the “nopass” option but which password will then be asked ?

Thanks !

Marin Juracic
Marin Juracic
10 months ago

Hi pcmac, couple of months ago I installed Openvpn without any issues. Few days ago I did update of OMV in update management and my pi didn’t want to boot in OMV so I started from scratch and reinstalled OMV. My disks were recognized from before so I just remounted them, setup folders and started installing OMV according your tutorial. It generated certificates at the end I pasted python -m SimpleHTTPServer 8080, downloaded the file and went to connect with android openvpn client but it doesn’t want to connect. In portainer I get 2 or three containers for openvpn (darathor etc). I have no idea if old installation of openvpn left on my disk and conflicts with new installation. Can you give me command to completely remove openvpn and all files and folders related to it?
Thanks

John
John
9 months ago

Hi I tried to this instruction but Generate CA Certificate I get the follow error
/usr/local/bin/ovpn_initpki: line 13: /etc/openvpn/ovpn_env.sh: No such file or directory

What did I do wrong can you help me with this?

Nibor
Nibor
8 months ago

Hi, I’ve done every step in your tutorial. Got the file on my android, port forwarded etc. But connecting didn’t work so I checked out the container state. Its status is STOPPED. In the log-file it says: ”
/usr/local/bin/ovpn_run: line 55: /etc/openvpn/ovpn_env.sh: No such file or directory”
Can’t find what to do next, can you help me?

Shervin
Shervin
6 months ago

hey how can I remove the user that I added or some basic user management ? and is there a way to access gui any kind

Jimmy Wong
Jimmy Wong
3 months ago

Hi Sir, this is the error message i get from the raspberry pi. How to solve?

openVPN issue.jpg