I am using a Allo Boss DAC for Roon connectivity. I am looking to put the DAC at a remote location and access my server through a L2TP VPN connection. I am looking for a VPN CLIENT that will allow me to do this in DietPi, and make sure all the traffic goes through the VPN connection. How can I do this? What app should be downloaded?
Thank you!
Are you bound to L2TP? That does not work with the VPN clients we offer through DietPi-Software. So if OpenVPN or WireGuard is an option, that would work.
I have no experience with L2TP, which is usually paired with IPsec, which again is known to be a bid complicated to setup. However hopefully this guide helps you: https://gist.github.com/mietek/4877cd74423bf6925b92
I am not bound to L2TP. The Qnap I am using as my VPN server does support OpenVPN.
I looked all over, and I can not find where to install just the CLIENT on OpenVPN in DietPi. Do you have instructions on that?
The other option, I was thinking about would be just using a SSH Tunnel. What are your thoughts on that?\
I have my iPhone and a MacBook Pro already configured to use the L2TP, and it works great. That is why I was trying to use that for the ALLO Boss.
JRaducha
Ah yeah that’s true, our OpenVPN install configures it as server. WireGuard allows to choose between server and client setup.
However for a client setup usually the config must be provided by the server. Perhaps the Qnap has an option to export a client config based on the VPN server configuration?
Generally the Debian guide explains and gives examples about how to setup both sides: https://wiki.debian.org/OpenVPN
A SSH tunnel is an alternative, but a VPN will be generally more secure, easier to be forced for all network requests on the client and faster (AFAIK) since it can be used with UDP protocol as well.
OK… I figured out how to get OpenVPN Client setup for DietPi.
Step 1
Set up your OpenVPN Server
Step 2
Login as root on to your DietPi
Step 3 Type-
apt-get update
Step 4 Type-
apt-get install openvpn
Step 5 – Configure the OpenVPN Client
In /etc/openvpn/ create a new text file named – (Your sever name).ovpn
Paste this text in - PLEASE MAKE CHANGES-----
client
dev tun
script-security 3
remote (YOUR IP ADDRESS X.X.X.X) 1194
resolv-retry infinite
nobind
auth-nocache
auth-user-pass
remote-cert-tls server
reneg-sec 0
cipher AES-128-CBC
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA
comp-lzo
proto udp
explicit-exit-notify 1
-----BEGIN CERTIFICATE-----
(THIS IS LOCATED ON YOUR SERVER CALLED YOURSERVERNAME.CA)
-----END CERTIFICATE-----
Step 6
Copy your CA from the server to the client
On the client - located at - /etc/openvpn/client/
Step 7 Type-
service openvpn restart
Step 8 (Just to make sure you have connectivity on both sides)
On the client, try and ping your server
Step 9 Type-
openvpn --config clientname.ovpn
Step 10
Enter your user name and password
Step 11
When OpenVPN shows the message “Initialization Sequence Completed“, then you are connected.
JRaducha
Many thanks for providing your solution. Jep looks good.
I am still thinking if OpenVPN ships a command to create a client config directly from the server 
. Will check this out.
It does, but I could not get it to work properly.
How to configure the client via command line - At least this is how it was explained to me.
OpenVPN server creates certificates for each VPN client machine. These certificates should be available on the client computer at the /etc/openvpn directory. Normally, we use the scp command and copy these files from the OpenVPN server to the machine.
This would fetch all the client certificates from the OpenVPN server.
Going further, we would then copy the OpenVPN configuration file using the command:
Now, on the client machine it’s time to make a few edits in the client specific configuration file at /etc/openvpn/client.conf.
Here, we set the address of the OpenVPN server, the port configured on the OpenVPN server and the actual name of the certificate and key file names. Usually, the OpenVPN port will be 1194.
Hi, I have VPS server with openvpn installed. I use this vpn for my laptops, smartphone and osmc(Rpi3) but cannot make it work with dietpi. I try to copy my dietpi.ovpn file to /etc/openvpn and /etc/openvpn/clients. I also change name for dietpi.config but also don;t work. When I make command in ssh terminal I see:
dietpi@DietPi:/$ sudo service openvpn restart
dietpi@DietPi:/$ sudo openvpn --config dietpi.ovpn
Options error: In [CMD-LINE]:1: Error opening configuration file: dietpi.ovpn
Use --help for more information.
dietpi@DietPi:/$ sudo systemctl status openvpn@dietpi
Broadcast message from root@DietPi (Tue 2020-03-24 13:09:29 CET):
Password entry required for 'Enter Private Key Password:' (PID 4396).
Please enter password with the systemd-tty-ask-password-agent tool:
● openvpn@dietpi.service - OpenVPN connection to dietpi
Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2020-03-24 13:09:29 CET; 4s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 4394 (openvpn)
Status: "Pre-connection initialization successful"
Tasks: 2 (limit: 4616)
Memory: 1.2M
CGroup: /system.slice/system-openvpn.slice/openvpn@dietpi.service
├─4394 /usr/sbin/openvpn --daemon ovpn-dietpi --status /run/openvpn/dietpi.status 10 --cd /etc/openvpn --config /etc/openvpn/dietpi.conf --writepid /run/openvpn/dietpi.pid
└─4396 /bin/systemd-ask-password --icon network-vpn Enter Private Key Password:
mar 24 13:09:29 DietPi systemd[1]: Starting OpenVPN connection to dietpi...
mar 24 13:09:29 DietPi ovpn-dietpi[4394]: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/dietpi.conf:17: block-outside-dns (2.4.7)
mar 24 13:09:29 DietPi ovpn-dietpi[4394]: OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
mar 24 13:09:29 DietPi systemd[1]: Started OpenVPN connection to dietpi.
mar 24 13:09:29 DietPi ovpn-dietpi[4394]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
And still ask me for password. I generate ovpn file with password first time but then I delete it because of error and generate second file without password.
Regards Przemek
maybe you should investigate the error message on your config file
Unrecognized option or missing or extra parameter(s) in /etc/openvpn/dietpi.conf:17
You would need to create the config file on your VPS OpenVPN Server and copy it to your DietPi system.
I use openvpn-script who create dietpi.ovpn file on my VPS and then copy it to my Dietpi (Rpi4).
ok but something seems to be wrong around line 17 on your conf file
Unrecognized option or missing or extra parameter(s) in /etc/openvpn/dietpi.conf:17
That’s it:
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
I have similar situation when Libreelec installed on Rpi4. I delete that line but don’t help.
can you check on OpenVPN Logs for further error messages.
I cannot find any openvpn log file but I have in ssh terminal still apearing messeges:
Broadcast message from root@DietPi (Tue 2020-03-24 15:38:38 CET):
Password entry required for 'Enter Private Key Password:' (PID 8108).
Please enter password with the systemd-tty-ask-password-agent tool:
Broadcast message from root@DietPi (Tue 2020-03-24 15:40:13 CET):
Password entry required for 'Enter Private Key Password:' (PID 8203).
Please enter password with the systemd-tty-ask-password-agent tool:
Broadcast message from root@DietPi (Tue 2020-03-24 15:41:48 CET):
Password entry required for 'Enter Private Key Password:' (PID 8230).
Please enter password with the systemd-tty-ask-password-agent tool:
Broadcast message from root@DietPi (Tue 2020-03-24 15:43:24 CET):
Password entry required for 'Enter Private Key Password:' (PID 8254).
Please enter password with the systemd-tty-ask-password-agent tool:
^C
dietpi@DietPi:/var/log$ ls
alternatives.log apt btmp dietpi-move_userdata.log dpkg.log fail2ban.log lastlog letsencrypt lighttpd mysql php7.3-fpm.log private proftpd redis wtmp
dietpi@DietPi:/var/log$
Broadcast message from root@DietPi (Tue 2020-03-24 15:44:59 CET):
Password entry required for 'Enter Private Key Password:' (PID 8299).
Please enter password with the systemd-tty-ask-password-agent tool:
I think it’s because the first file dietpi.ovpn I create. That file was password protected. Second file with the same name dietpi.ovpn was without password but messeges still appear.
probably you can create a new file with with complete different name. and to clean everything, do a reboot before.
Can You tell if I will install PiVP or openvpn server on my Dietpi how it will work? Do I will get some different IP than my Public IP?
Can You tell me how to clean openvpn configuration? I delete file dietpi.conf and dietpi.ovpn
Did you add password in the private key?
OK, I create new file and now it works. I see I use my VPN but now my …ddns.net/nextcloud stop working. Can this work together?
I am not familiar with ddns.net/nextcloud, but I suspect that you are redirecting all traffic to the VPN and these applications don’t work when they are behind VPN. Is that so?