How-To: Setting Up OpenMediaVault Remote Access with OpenVPN
By Mikeal Tadeo
Do you have a NAS running OpenMediaVault, or are you looking to build one, and want to access your files remotely? Look no further!
Before we begin, make sure you have set a static internal IP address for your NAS and that you have the port forwarded (port 1194 in this case). If you don’t set a static internal IP, you could lose access to your NAS and may have to redo steps. Setting a static internal IP varies from router to router, so look online for router-specific guides. For a static public IP address, you will need to contact your ISP, for which the price varies. Your public IP address may not change, sometimes not for years, but it is worth mentioning as we will be using the public IP address.
Another alternative is to use a Dynamic DNS service, such as DuckDNS. This allows you to use a domain that automatically updates along with your public IP address. More information on how to set up DuckDNS can be found here.
To begin, navigate to System>OMV Extras. In the search bar near the top, search for OpenVPN. Select OpenVPN and again near the top, select install. This will install the OpenVPN plugin. A reboot may be required to finish the installation.
(Hint: Right-Click on image and select "View Image" to see it in a larger size - when done, click the browser's "Back" button to return to the article)
Next, we will configure OpenVPN. Once the plugin is installed, navigate to Services>OpenVPN. In this window, make sure PAM authentication is turned on under General Settings, the Gateway Interface is set to the correct device (in my case it is eth0), and make sure that Use Compression is turned off (according to OpenVPN there is currently an exploit that gains access only if you use compression. Read more about it here). Your public address is your public IP. Make sure that you have the port forwarded in your router, port 1194 in this case, for the NAS’s IP.
After these three settings have been configured, at the top navigate to Certificates. Select Add and then select a user and give it a secondary name. This will create the access certificate. Download the certificate using the Download button. This will be used in the next step.
Next, we need to install the VPN access software. Go to OpenVPNs community download, located here (Windows version) and here (Mac version, but currently untested by me) and install the program. After you install the program, find the install folder (usually located at C:\Program Files\OpenVPN\Config) and put the items from the downloaded .rar into the Config folder. Once the certificate files are in the folder, run the OpenVPNGUI program and you should see the window below. The login will be whichever user you selected when creating the certificate and the password associated with that user (note that you will be using the OpenMediaVault users). I suggest that you create a specific certificate for each user you will be connecting.