[UPDATED] OpenVPN Server for LibreELEC

  • #UPDATED Version 1.0.9 - 27th September 2022

    Running with LE11 (and E12)

    # UPDATED Version 1.0.6 --- 19th March 2021

    Now runs in both LibreELEC 9.X and 10.X

    Link update bellow

    # INTRO

    I've made a small openvpn server that can be installed on LibreELEC running raspberry pi devices (and eventually other arm devices).

    The server runs in a small docker image (around 20MB) that is automatically loaded on first start

    After first run, you should configure your server address giving its ddns name or wan ip address.

    Then, START THE ADDON and go to your ssh CONSOLE and run:

    "openvpn-add-server" to:

    - create the server config and keys;

    - define your router address (so your openvpn clients can get access to your lan).

    Note that the keys will take up to 15 minutes to create in a Raspberry Pi 4 (be patient).

    Then call:

    "openvpn-add-user" to:

    - create users and get the ovpn file of each one.

    Theses are the files you must give to the client to acess your openvpn server using an openvpn client software.

    Restart the add-on and it's done !

    ### DOWNLOAD HERE

    Version 1.0.9 - LE11 & LE12

    https://mega.nz/file/EOAhCYDb#WtSj0s5-jXdcuqftXOD0IOUGaBV-UxjhrpF3_T8EsRQ

    # TECH STUFF

    ### The docker is hosted in:

    Docker Hub

    ### The git source is:

    GitHub - nvdias0/rpi-docker-openvpn: Docker OpenVPN image for Raspberry Pi

    it is a fork from olivierguerriat/rpi-docker-openvpn, which in turn is a fork from kylemanna/docker-openvpn with an armhf base image

    Look at those links above if you want to know more.

    Edited 8 times, last by nvdias: download link updated for version 1.0.9 - LE11 & LE12 (January 24, 2024 at 11:03 AM).

  • Hi nvdias, the command openvpn-add-server in ssh returns the following message:

    Code
    -sh: openvpn-add-server: not found

    I juste installed the addon and configured the DDNS adress. Did I miss something?

  • You just have to install the add-on and have-it enable for the path to be searchable.

    you can also try:

    Code
    /storage/.kodi/addons/docker.openvpn.server/bin/openvpn-add-server
  • nvdias

    Hello,

    I managed to setup the openvpn server using this method and I can connect to it also. So that works fine.

    But now my question/problem. When the user connects to the network he can access and see all shares defined on the network.

    How can I make it possible that he can't access my shares? I only want to give that user access to my vpn such that it is he is working from my home/country and not from his place (which is another country) but he should see nothing from my network. Do you know how this must be done?

    Thank you

  • Well ... when I was preparing this addon, it was with the objective of someone entering trough the vpn, would work as he was in the lane, at home.

    What you want to do, needs some adjustments at the routing level to avoid does accesses (I’m not ver proficient with that, sorry).

    You could also define a iptable rule that refuses connections to the lan (or to samba port) when coming from vpn.

  • When the user connects to the network he can access and see all shares defined on the network

    What you want I don't know how to do it in openvpn but I can do it in zerotier. Zerotier is a service that creates an additional network interface on a device and manages a private virtual network accessible from anywhere on the internet. If we connect a second device to our virtual private network then we can establish communication links between the two devices. The second device only sees the first device but does not see any other device or anything related to the local network of the first device. This is the default setting.

    In zerotier we can also establish a bridge on any connected device to have access to its local network, in a unidirectional way (zerotier towards the ethernet / wireless interface) or absolutely bidirectional to relay EVERYTHING that happens in our local network to the zerotier network. This is done with simple iptables commands.

    Maybe zerotier, because its flexibility, is the solution to your problem.

  • nvdias Do you also have a github page or so where docker.openvpn.server.1.0.4 is located? The current download way is a bit strange and enoying ( popup window, first opening another page).
    Also in your explanation here you didn't mention that on the router the port 1194 UDP must be forwarded to the rpi. Fortunately I saw this in the readme in the addon before I gave up.
    Also an explanation of "PEM pass phrase" and "Distinguished or Common Name (DN)" and especially where it is needed for would be nice.
    Also it was not clear for me that the password you use for "PEM pass phrase" must be at the end entered again while it was given another name there. Somewhat confusing and I am afraid not many people succeed in using this because of the lack of this information.