peter_sm

Community Developer
  • Content count

    2177
  • Joined

  • Last visited

Community Reputation

7 Neutral

1 Follower

About peter_sm

  • Rank
    Advanced Member

Converted

  • Gender
    Male
  • Location
    sweden
  • Personal Text
    Club (1x) E5-2670's

Recent Profile Visitors

562 profile views
  1. How did you install 3.0.4 ? Can you try to install master and comment out the line I show in a earlier post? Thanks. EDIT Work fine with above zip file 1: DL and unzip to your folder. (Path to store Server, Clients config files and the Easyrsa V3) 2: rename to easy-rsa Generating a 2048 bit RSA private key ..........+++ ...............................+++ writing new private key to '/mnt/disks/SSD1/appdata/myVPNserver_1/easy-rsa/easyrsa3/pki/private/ca.key.XXXXiQQ53v' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name (eg: your user, host, or server name) [Easy-RSA CA]: CA creation complete and you may now import and sign cert requests. Your new CA certificate file for publishing is at: /mnt/disks/SSD1/appdata/myVPNserver_1/easy-rsa/easyrsa3/pki/ca.crt spawn ./easyrsa build-server-full server nopass Generating a 2048 bit RSA private key ............................................................................................................................................................................+++ .......+++ writing new private key to '/mnt/disks/SSD1/appdata/myVPNserver_1/easy-rsa/easyrsa3/pki/private/server.key.XXXXSS2Egv' ----- Using configuration from ./openssl-easyrsa.cnf Enter pass phrase for /mnt/disks/SSD1/appdata/myVPNserver_1/easy-rsa/easyrsa3/pki/private/ca.key: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'server' Certificate is to be certified until Dec 31 06:55:06 2027 GMT (3650 days) Write out database with 1 new entries Data Base Updated Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .......................................................................................................+..............................................+.................................................................................. DH parameters of size 2048 created at /mnt/disks/SSD1/appdata/myVPNserver_1/easy-rsa/easyrsa3/pki/dh.pem ls -altr total 672 drwxrwxrwx 8 root root 234 Dec 24 17:00 easy-rsa/ drwxrwxrwx 25 root root 4096 Jan 2 07:46 ../ -rw-r----- 1 root root 1089 Jan 2 07:47 openvpnserver.ovpn -rw-rw-rw- 1 root root 652211 Jan 2 07:47 easy-rsa-3.0.4.zip -r-------- 1 root root 4547 Jan 2 07:55 server.crt -r-------- 1 root root 1172 Jan 2 07:55 ca.crt -r-------- 1 root root 1704 Jan 2 07:55 server.key -r-------- 1 root root 424 Jan 2 07:55 dh.pem -r-------- 1 root root 636 Jan 2 07:55 ta.key Skickat från min iPhone med Tapatalk
  2. Easyrsa if fixed in 3.0.4 https://github.com/OpenVPN/easy-rsa/archive/v3.0.4.zip However my plugin DL the master branch, so need to wait for they to update the master branch. You can DL the above zip file your openvpn folder and unzip it, then rename the folder to easyrsa and you are good to go. //Peter
  3. unRAID iOS App - MargaritaToGo 1.3 Released

    Install the OpenVPN server plugin (See my sig) and access your sever from openVPN client from your phone or computer. //Peter
  4. TLS crypt is not the same as TLS auto. It's a new features in OpenVPN 2.4 and iOS openvpn connect don't support this yet. Therefor is this set to No See below the iptables line in red Skickat från min iPhone med Tapatalk
  5. You can try to modify easyrsa with comments above. Skickat från min iPhone med Tapatalk
  6. Is the 2 setting above defaults? Or you changed these ? If so go for defaults. What is your default route interface ? eth0, br0 ? Verify this by the last iptables row(in red) on the log page. You should see your LAN with all settings set to defaults. I have an update to verify this much better in next release! Skickat från min iPhone med Tapatalk
  7. easyrsa3 are broken https://github.com/OpenVPN/easy-rsa/issues/168 Older releases can be found here https://github.com/OpenVPN/easy-rsa/releases Skickat från min iPhone med Tapatalk
  8. Loos like they broken the easyrsa3 ... I see this in my log :-( .
  9. Did a fresh installation and all works fine! please check all your settings.
  10. CPU load not showing (nginx issue?)

    I see exactly the same on my configuration. I have almost same config as you. Don’t now how to solve it.... Skickat från min iPhone med Tapatalk
  11. Are you connecting from a windows computer ? can you access share with IP address? can you see other client on your LAN? //Peter
  12. Can you click on "Restore To Default values" and try again, some settings are not default, just for testing. Its differ from my default. //Peter
  13. Please add more info how you configured the server, or you maybe using all default settings?
  14. Nginx Forwarding

    server { listen 443 ssl; server_name unraid.myserver.com; root /config/www; index index.html index.htm index.php; ###SSL Certificates ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ###Diffie–Hellman key exchange ### ssl_dhparam /config/nginx/dhparams.pem; ###SSL Ciphers ssl_protocols TLSv1.2; ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_stapling on; ssl_stapling_verify on; ### Add HTTP Strict Transport Security ### add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header Front-End-Https on; # client_max_body_size 0; fastcgi_buffers 64 4K; location / { proxy_pass_header Authorization; proxy_pass https://UNRAID IP:443/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_buffering off; proxy_request_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect off; proxy_ssl_session_reuse off; } } Save this as unraid, works fine, I have a similar for nextcloud.

Copyright © 2005-2017 Lime Technology, Inc. unRAID® is a registered trademark of Lime Technology, Inc.