OpenVPN Server help

  • Hi,

    I have been reading and tinkering for a couple days off and on and I can't seem to get anything working. I am setting up a NUC for my brother that lives many states away and is a disabled vet that would not be able to manage a kodi system on his own. I would like to be able to ssh into the NUC to manage updates and anything else that's needed remotely.


    I have installed the Docker and LinuxServer.io addons, but right off the bat, there is not an openvpn image to download through the addon as is mentioned in the forums. If I go directly to LinuxServer.io, I can see the image there and that it's deprecated. I did find some guides for using the image at hub.docker.com, but the instructions there fail at a couple places. I'm guessing there is something fundamentally different about setting this up on Libreelec, and I think it's a path issue.


    While I'm not completely inept, this is my first foray into both Libreelec and OpenVPN, so I find myself getting lost and could really use some help. Would anyone be able to give me some advice on how to get this going? I didn't want to start by posting a wall of text of everything I've tried so far, but happy to do so.


    Thanks!

  • Just a quick update. I found one of my errors and have now successfully created my ovpn file and copied it to my client machine.


    Will I be able to test this connection even though server and client are on the same network behind my router's firewall? I did try to connect already by importing the ovpn file into my kde network manager, but it's asking for a "Key Password". Obviously I have something wrong as I understood that it should not require a p/w at all.




    Here are the contents of my ovpn file with keys and ip removed.

    Thanks!

  • The key password is the password you used when you created your ovpn user key on the server..you will need that to connect otherwise anyone with the ovpn file can connect to your server..

  • Do you really need a VPN? .. Or would SSH key-only auth be sufficient? (which is a one-click toggle in the GUI once you've deployed keys). You can change the sshd_config to move the exposed port to something non-standard; doesn't improve security but does reduce the number of bots that will find the port and attempt to exploit it.

  • Everytime I think I'm getting somewhere, I'm not. :/


    The key password is the password you used when you created your ovpn user key on the server..you will need that to connect otherwise anyone with the ovpn file can connect to your server..

    I managed to figure that out, but trying to set this up at home on a single network was futile. Thanks though!


    Do you really need a VPN? .. Or would SSH key-only auth be sufficient? (which is a one-click toggle in the GUI once you've deployed keys). You can change the sshd_config to move the exposed port to something non-standard; doesn't improve security but does reduce the number of bots that will find the port and attempt to exploit it.

    I want super simple, so this sounds more my speed. I thought I saw on these forums that it was recommended to use openvpn for any remote access which is why I was trying this.


    Is there a tutorial you recommend?

  • Where are you getting stuck?Did you find an openvpn server addon?

    I m using this and it's very easy to setup but its for Rpi's but you can always ask on that thread for any help to get it working on your nuc Open vpn server

    Keep in mind that by setting up the server you ll be probably able to access all your brother's home network connected devices not just the nuc..and your connecting device will be like being at your brother s house and assigned the ip from your brother's isp router..

  • Is there a tutorial you recommend?

    Nope. VPN and SSH achieve different things. VPN will give you access to the remote network. SSH will give you access to the remote host. If you only want to admin the remote system SSH is enough and 99% easier to setup than a VPN server. Both expose services to the Internet which creates a risk; but LE is generally using very recent versions of SSH binaries which mitigates the risk of known vulnerabilities. You need to use SSH key auth to expose logins securely else the login process will be targetted with dictionary attacks. Ensure you only expose SSH and not all ports (else SMB and Kodi services are exposed too).


    There are a millions of "how to use SSH key authentication" guides .. read a few and you'll see the repetition/process.