ANSWERED Unraid Gluetun OpenVPN error. Wireguard working.

[graveness3283 0]

Hello,

I have been able to setup Wireguard via Gluetun successfully, however I have not had any success with OpenVPN. I feel like I must be making a simple silly mistake somewhere.

I used AirVPN's Config Generator to generate Linux/OpenVPN/UDP .ovpn file.

Gluetun Container Settings:

• VPN_SERVICE_PROVIDER: airvpn
• VPN_TYPE: openvpn
• VPN_INTERFACE: tun0
• OPENVPN_PROTOCOL: udp
• OPENVPN_USER: *removed variable
• OPENVPN_PASSWORD: *removed variable
• OPENVPN_VERSION: 2.5
• OPENVPN_VERBOSITY: 1
• OPENVPN_PROCESS_USER: no
• OPENVPN_IPV6: off
• *removed all WIREGUARD variables
• *left all SERVER variables blank
• FIREWALL: on
• All DOT variables: default
• HTTPPROXY_PORT: 8888
• SHADOWSOCKS_LISTENING_ADDRESS: 8388
• OPENVPN_KEY: copied from .ovpn file between -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
• OPENVPN_CERT: there are 2 certs in the .ovpn file, not sure which one to use. I've tried both without success

Container Logs
2024-04-06T14:54:29-04:00 WARN You are using the old environment variable HTTPPROXY_LOG, please consider changing it to HTTPPROXY_LOG
2024-04-06T14:54:29-04:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.3 and family v4
2024-04-06T14:54:29-04:00 INFO [routing] local ethernet link found: eth0
2024-04-06T14:54:29-04:00 INFO [routing] local ipnet found: 172.17.0.0/16
2024-04-06T14:54:29-04:00 INFO [firewall] enabling...
2024-04-06T14:54:29-04:00 INFO [firewall] enabled successfully
2024-04-06T14:54:29-04:00 INFO [storage] merging by most recent 19476 hardcoded servers and 19476 servers read from /gluetun/servers.json
2024-04-06T14:54:29-04:00 ERROR VPN settings: OpenVPN settings: client certificate: illegal base64 data at input byte 64
2024-04-06T14:54:29-04:00 INFO Shutdown successful

Any help is much appreciated.

[Staff 9767]

13 hours ago, graveness3283 said:

2024-04-06T14:54:29-04:00 ERROR VPN settings: OpenVPN settings: client certificate: illegal base64 data at input byte 64

Hello!

A possible error's cause that comes to mind is a wrong copy/paste of the user.crt file content (your client certificate), can you please check? If in doubt you can generate split certificates and keys so you know exactly which is which. To do it, just turn on the "Advanced" switch available on the Configuration Generator and then enable "Split certs/keys from ovpn files". The Generator will create the following additional files not embedded anymore in the ovpn file:

• user.crt - the client certificate
• user.key - the client key
• ca.crt - the CA certificate of the VPN servers
• tls-crypt.key - the TLS Crypt key

Kind regards


 

[graveness3283 0]

Figured it out, the split certs/keys helped.

Steps for those reading this in the future

• AirVPN Config generator -> toggled "advanced" -> pick your OVPN protocol and generate
• Download user.crt and user.key, rename to client.crt and client.key
• On Unraid, add both to whatever the "config" field is in your Gluetun container settings
  • For me that was /mnt/user/appdata/gluetun
• Remove the "OPENVPN_USER:" and "OPENVPN_PASSWORD:" fields
• VPN_SERVICE_PROVIDER = airvpn
• VPN_TYPE = openvpn
• Everything else is self-explanatory, if you're not sure just leave it on the default value