Tuesday, 18 October 2016

Setting up a VPN on unRAID

Occasionally, I need access to files on my unRAID server when I'm away from home. Now that I'm setting up more home automation, I can also envisage needing increased access to utilities etc. I figured it was about time to connect my unRAID server to the interweb, but how to do so securely? openVPN looks like the answer.

I have a decent fibre broadband connection, but don't have a fixed IP address. The first thing I needed to do set up a dynamic DNS whereby I could use a fixed URL to access my changing IP address.


I went with no-ip for this, for no other reason than there was an unRAID Docker to support it. Having set up a no-ip account and selected an easy-to-remember URL (xxxxxx.hopto.org), I set up the Docker via the Community Applications plug-in in unRAID. It's unusual in that there's no web UI for this docker - it just places a config. file in the appdata folder into which you enter your no-ip credentials. Then, the docker looks after communicating with No-IP's servers and updating them with the current IP address which in turn allows the custom URL to work.

No-IP is free for a couple of URLs but requires renewal every 30 days. I'm not sure how that will work out but if it turns into a hassle, I'll just purchase the subscription.


With Dynamic IP set up, I went ahead and installed OpenVPN. It's complicated enough and a little bit daunting initially but this post on unRAID forums was super useful in setting it up. The biggest issue I had was figuring out how to setup a user and change passwords for both the admin user and this new user. Turns out this is done at unRAID command line by issuing commands to the specified docker in the following format;

docker exec -it openvpn-as adduser someusername

docker exec -it openvpn-as passwd someusername

I hadn't done this before but it's useful to know for future reference how to access a dockers command line. (openVPN users have nothing to do with unRAID users - they are users who are managed in the docker).

Having tested locally and confirmed I had admin access to openVPN, the final step was to set up port forwarding on my router to direct incoming requests on a specific port to a corresponding port on the openVPN docker. With that done, I could then navigate to my custom URL from outside my network and log in to openVPN. Doing so for the first time downloads the openVPN connect application to the client and allows the connection to take place. After that, it's EXACTLY like sitting at my desk at home. I can browse the unRAID UI, access directories and files on my server and even VNC in to VMs.

Should have done it years ago!





2 comments:

Anonymous said...

Very interesting but there's something I didn't understand.

¿How do you VNC your virtual machines?
¿Do you have to specify a new port for every VM?
¿Where do you specify those ports?

Thankyou
Gus

Peter Mee said...

Yes, each one has a discrete port. Unraid assigns ports automatically and you can find them on the vm tab when the vms are running.