[HOWTO] OSMC/Rasp Pi as OpenVPN client


#1

Hi all,

Heads-up on a nice add-on for working with multiple VPN connections. I spent most of yesterday writing scripts so that I could control my VPN connections via the Kodi desktop (and Advanced Launcher). I ran into all kinds of problems, and only after several fruitless hours did I think to google for ‘kodi open vpn’. Maybe I can save someone else the time…

http://brianhornsby.com/kodi_addons/openvpn

Works nicely! Standard openVPN installation is controlled by root, so if you don’t want to type a sudo password each time you connect you will need to modify you sudoers file with the entry…

ALL ALL =NOPASSWD: /usr/sbin/openvpn

Notice that the location is sbin. the add-on defaults to /usr/bin/openvpn, so you’ll need to change it.

Also, the add-on requires access to the openVPN management interface. You can enable this by adding the line to your client.conf or client.ovpn files.

management localhost 1337

1337 is the default port used by the add-on.

I owe Brian Hornsby beer. Cheers :sunglasses:


VPN add-on for OSMC
VPN Interface for future releases
ExpressVPN Anyone?
ConnMan VPN support in OSMC
VPN Interface for future releases
Vero 4k and pure vpn
Express VPN - Open VPN on Vero 4K
Vpn manager fails after osmc upgrade
New user needing basic help
Before I receive my Vero 4K - looking for info
#2

stim,
thanks for this, it is just what I was looking for.
Quick question: where in the ovpn files should this go?

Thanks


#3

Anywhere in your client.ovpn/client.conf file should do the trick.


#4

Thanks Stim, I’lll give that a try.
I tried to follow Brian Hornby’s guide too and after doing
apt-get update

and then

apt-get install openvpn

seemingly successfully, when I come to set up the addon there is no openvpn in the sbin folder

Looking back at my terminal session - it seems like it should have installed ok:

root@osmc:/home/osmc# apt-get install openvpn
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following extra packages will be installed:
iproute2 libpkcs11-helper1
Suggested packages:
iproute2-doc resolvconf
Recommended packages:
libatm1 easy-rsa
The following NEW packages will be installed:
iproute2 libpkcs11-helper1 openvpn
0 upgraded, 3 newly installed, 0 to remove and 20 not upgraded.
Need to get 867 kB of archives.
After this operation, 1925 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.debian.org/debian/ jessie/main libpkcs11-helper1 armhf 1.11-2 [40.5 kB]
Get:2 http://ftp.debian.org/debian/ jessie/main iproute2 armhf 3.16.0-2 [386 kB]
Get:3 http://ftp.debian.org/debian/ jessie/main openvpn armhf 2.3.4-5 [441 kB]
Fetched 867 kB in 2s (304 kB/s)
Preconfiguring packages …
Selecting previously unselected package libpkcs11-helper1:armhf.
(Reading database … 21234 files and directories currently installed.)
Preparing to unpack …/libpkcs11-helper1_1.11-2_armhf.deb …
Unpacking libpkcs11-helper1:armhf (1.11-2) …
Selecting previously unselected package iproute2.
Preparing to unpack …/iproute2_3.16.0-2_armhf.deb …
Unpacking iproute2 (3.16.0-2) …
Selecting previously unselected package openvpn.
Preparing to unpack …/openvpn_2.3.4-5_armhf.deb …
Unpacking openvpn (2.3.4-5) …
Setting up libpkcs11-helper1:armhf (1.11-2) …
Setting up iproute2 (3.16.0-2) …
Setting up openvpn (2.3.4-5) …
Restarting virtual private network daemon.:.
Processing triggers for libc-bin (2.19-15) …

what could’ve happened? Do I just “install openvpn” again?
Thanks again for any help.


#5

I did…

sudo apt-get install openvpn

and went from there…

Maybe check the bin folder as well, but it should be sbin.


#6

So I just re-read the guide & realized I was looking in the wrong place for openvpn!!

I was looking in sbin/openvpn when I should’ve been looking in usr/sbin/openvpn
Anyway, I got that straight & chose my preferred connection configs
but each time I try to connect an alert pops up which says

“an error has occurred while trying to connect OpenVPN
unable to connect to OpenVPN management interface”

Any idea what I might be doing wrong?
My preferered config file contains the following:

client
management localhost 1337
dev tun
proto udp
remote us-east.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /home/pi/vpn-config/ca.crt
tls-client
remote-cert-tls server
auth-user-pass /home/pi/vpn-config/pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify /home/pi/vpn-config/crl.pem

Thanks again, Stim. Sorry to bug you mate.


#7

OK I’m glad I pasted that because I saw my mistake.
In following the instructions for Rasbmc I copied the file paths which are home/pi/vpn-config…
They should, of course, be home/osmc/vpn-config… for OSMC!!
Connection seems to be working now.

Now I have figure out which connection is best for my fave addons.
Thank you, Ontario!
I hope that helped somebody.
XBMC Hub have a handy maintenance tool for checking your external IP address.


#8

Glad you got it working!

:wink:


#9

Thanks mate.
For anyone else checking this thread who uses PIA for their VPN service here are the config(ovpn) files with all the necessary changes made to them already. (minus the pass.txt file with my user/pass in it!!)
That should save you some time.
One quick note if you use these files:
I made these on a Mac so when you come to copy them over in OSMC you’ll see a duplicate of every file starting with “._” - just ignore these and copy all the other files
(google “Appledouble” if you’re interested)
Other than that, if you use these just remember the ‘Thanks’ button!
Loop


#10

Works nicely! Standard openVPN installation is controlled by root, so if you don’t want to type a sudo password each time you connect you will need to modify you sudoers file with the entry…

ALL ALL =NOPASSWD: /usr/sbin/openvpn

Stim,
quick question: how would I go about modifying the sudoers file? is there a particular part of the file to add this line?

Thanks mate,
Loop


#11
sudo visudo

#12

Thanks mate!
So do I put that anywhere, or substitute that for something?

Also, did you just alter the original file or add ‘local content’ like the Terminal recommends?

Please consider adding local content in /etc/sudoers.d/ instead of
directly modifying this file.

Thanks again for the help - sorry I’m such a noob at this Linux stuff!!


#13

Hmm, not sure why you are doing it like so. Was it not working for you already?
The sudoers file should only be edited vis the visudo command.

sudo visudo

Place the text under the section named: ‘User privilege specification’.

Save and close.


#14

Thanks again Stim.
Messing around with the addon tonight I realized there is a setting for this in the addon settings.

OpenVPN addon (click contextual menu) > Addon settings > Script > Use Password (on/off)

by setting this to ‘off’ I am no longer asked for password :smile:


#15

Thanks Stim, I have managed to get the Addon working without requiring a password each time. I have also managed to get OpenVpn to start when booting up. Ideally the Home screen would show an indication as to whether the VPN is active or not. I have had an idea as to how to implement this but I am unsure if it’s possible. I would value your feedback and advice.

On startup, before VPN is started, obtain external IP address.
Start OpenVPN.

The Following needs to happen everytime the home screen is loaded.
Obtain external IP address.
Compare against IP address at startup.
If they are the same then the VPN is not active, If they are different then it is.
Update control on Home screen with VPN status.

I have added a control to Home.xml directly beneath the system date and I have tested it using the Info Label IP Address but alas the is only the Internal IP address.

So in a nutshell I need to get the pre VPN external IP address and store the value, and then every time the Home screen is displayed check the current external IP address against it and display if the VPN is active on the Home screen.

Any ideas, suggestions?


#16

@ ianw

I also thought it would be nice to have a visual indication (flag) of the currently connected country, and this was on my ‘things to hack’ list. TBH, right now I wouldn’t know where to begin with the OSMC skin. Thankfully, the existing addon is very easy to use re: connection stopping and starting.

To find external ip address I use:

curl ipv4.icanhazip.com

Sorry I couldn’t be of more use.


#17

@ianw

Hi, you were saying you managed to start openvpn and get it connected at system startup?

I’m trying to get openvpn working on my Rasp Pi Model B+ running OSMC for days now and while just doing it in command-line (where I’d now how to start it at startup) I always get stucked:

I try to connect to the vpn-server…

with

sudo openvpn --config /path to conf

it says:
Mon May 4 15:37:39 2015 /sbin/ip route add 0.0.0.0/0 via (IP of VPN)
RTNETLINK answers: File exists
Mon May 4 15:37:39 2015 ERROR: Linux route add command failed: external program exited with error status: 2
Mon May 4 15:37:39 2015 Initialization Sequence Completed

and is staying with this output (theres no prompt coming)

with

sudo openvpn --daemon --config /path to conf

it need a sec and then shows a prompt

In both ways I can see the active openvpn connection in my VPN-Providers Overview.

But when I type in

wget -q -O - http://checkip.dyndns.com

it shows my real IP not the VPN-IP!!

any ideas?

When I did it with the Brian Hornsby Addon it connects as normal but I dont get it to start and connect automaticly after rebooting…

Thanks in advance!!


#19

I have the same problem with seedhost.eu. When I use the ovpn file from private tunnel it works out of the box.


#20

had the same problem for weeks, but now it works.

i installed raspbmc on another sd card and openvpn aswell.
i configured it and it worked.

then i copied the whole network section /etc/network/ to my computer

changed the sd card to the one with osmc on it.
installed openvpn via ssh

copied the /etc/network section to the osmc card.

restarted openvpn.
it worked.

i dont know why osmc developers decided to use this shitty network manager, as a vpn/proxy is essential on a streaming platform…


#21

Did you manage to sort this out…If you automatically want to connect to a chosen location each time Kodi boots up the easiest way to do this is to create a autoexec.py script.
http://kodi.wiki/view/Autoexec.py

This can be created using your chosen editor and placed in the userdata folder.
As a example if I wanted Kodi to connect to my France server everytime it boots my autoexec.py would look like this.

[Code]import xbmc

xbmc.executebuiltin(‘XBMC.RunScript(script.openvpn,France)’)[/code]
IMPORTANT the script should be written over 2 lines like the page on the Kodi.wiki page, (forum code box’s mess up the formatting sometimes) “France” is the name given when imported into Brians addon and not the name of the actual Ovpn file.