Resource icon

Automatic install OpenVPN inside iocage Jail in FreeNAS all versions 2020-09-15

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
Hi all,
after i have maintained a manually step-by-step tutorial i decided to create a script to do all necessary steps for us all.

Change log: 0.4 - 2020.05.07 - Completely new script with menu
0.4 - 2020.05.07 - Completely new script with menu
0.3 - 2020.02.25 - Starting Wiki - Git-useful-commands
0.2 - 2020.02.25 - BUGFIX: Email is not read at first run
0.1 - 2020.02.18 - the first commit


What this script do:
- check for new version on each run and update itself
- create all dir structure and files on you
- store all configuration files into 'openvpn-configs'
- create iocage Jail with proper values and configurations
- build Certificate Authority
- build Server Certificates
- generate Diffie Hellman Parameters
- generate the TA key
- build Client(s) Certificate
- copy everything together and set paths to OpenVPN server config file
- creates the firewall and routing tables
- mix all certs and keys together with client(s) config files and create a single .ovpn file useful for mobile also.
- sends email with client(s) config file.


Recommended OpenVPN Clients:
Windows: OpenVPN
MacOS: Tunnelblick


What you should do:
- edit the config file
- during the installation you'll be asked to create a PASS PHRASE which you'll be using to authorize further operations like generating certificates, keys, users
- forward chosen port (default 1194) to OpenVPN iocage Jail chosen IP (default .66) on Port 1194 UDP
- keep in mind that if your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x this might create routing conflicts if you connect to the VPN server from locations that use the same subnet (work, public wi-fi, hotels, etc).


Installation steps:

SSH into Freenas

Code:
ssh your-username@your-FreeNAS-IP # Terminal for MacOS & Linux or Putty on Windows
sudo -i # we need to be root


Download installer
Code:
git clone https://github.com/Bibi40k/OpenVPN-on-FreeNAS-in-iocage.git
cd OpenVPN-on-FreeNAS-in-iocage # Enter the script dir


Start installer and follow on-screen instructions
Code:
./install.sh # run the script and enters the menu


Screenshot 2020-05-06 at 17.24.03.png


Good luck all and i'm waiting for feed-back.
 
Last edited:

Asquel

Cadet
Joined
Feb 22, 2016
Messages
4
Hi! On step 4 of insta.sh, when i need to add the users, this is happening:

Code:
New clients/users list: asquel

Building Client Certificate for 'asquel'...
/root/OpenVPN-on-FreeNAS-in-iocage/scripts/keys.sh: line 81: cd: /root/openvpn-configs/server/easy-rs                a: No such file or directory
/root/OpenVPN-on-FreeNAS-in-iocage/scripts/keys.sh: line 90: cd: /root/openvpn-configs/server/easy-rs                a: No such file or directory
cp: pki/issued/asquel.crt: No such file or directory
cp: pki/private/asquel.key: No such file or directory

OPenVPN is missing it's configuration, please destroy this jail and recreate it.
OPenVPN is missing it's configuration, please destroy this jail and recreate it.

OPenVPN is missing it's configuration, please destroy this jail and recreate it.
OPenVPN is missing it's configuration, please destroy this jail and recreate it.
OPenVPN is missing it's configuration, please destroy this jail and recreate it.
OPenVPN is missing it's configuration, please destroy this jail and recreate it.
OPenVPN is missing it's configuration, please destroy this jail and recreate it.
Installation Complete!
Log into your router and forward external port  to internal :
Log into OpenVPN iocage with 'iocage console OpenVPN'
root@freenas[~/OpenVPN-on-FreeNAS-in-iocage]#


Created jail is in "CORRUPT" state and can be deleted only when i delete whole dataset.
Any suggestions?
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
yes, it is my fault because i didn't know /root content is erased on FreeNAS restart.
i start fixing this but i don't have the time to continue.

It you start it over and don't restart it should work. Please let me know if i'm right.
 

Asquel

Cadet
Joined
Feb 22, 2016
Messages
4
I didn't restart the system due the process at all. What are you talking about exactly?
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
I thought you did because it complains it didn't find asquel.crt and asquel.key.
log during keys generating would be more helpfull. I'm thinking of typing improper password on that step.
Please rerun the script. You can use same password everytime. This is just a protection that only you, knowing the password, can generate new VPN clients
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
you don't run this inside the jail, you run it on FreeNAS terminal.

it's written on installation steps:

SSH into Freenas...
 

Thario

Dabbler
Joined
Mar 4, 2019
Messages
10
Indeed, sorry.
I sshed into freenas and compulsively entered the jail.
Works like a charm, great work!
 

mzst

Cadet
Joined
Apr 27, 2020
Messages
8
Hello, how do i install this on version 11.1-U7 ? I tried selecting 11.2 but i got a lot of errors. Thanks
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
indeed i did not have version 11.1 to test and now i'm pretty busy with this isolation period.
When i have the time i'll install it on a virtual machine and test it.

Meanwhile you could follow the manual installation guide.
 

Warie936

Cadet
Joined
Apr 30, 2020
Messages
1
Hi, I am new to all this, I completed the steps, am I suposed to get an email? I haven't gotten any and also checked in the spam.

I forwarded the port on the router. How should I connect to my nas from outside the network?

1588296161390.png
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
hi,
indeed you are supposed to receive an email with ovpn profiles you created.
You could rerun the script or you can get them manually from /root/openvpn-configs/clients
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
looks like mpack was not installed and this is rensponsible for sending emails.

Anyway, i'm completing rewriting the script these days and i hope i'll release it in few days.
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
Hi guys,
i almost finished the new script and this is how it looks like.

Actually is working and tested with 11.2 and 11.3 but i need to rewrite the guide.

openVPN-script.jpg
 

boa_thomas

Cadet
Joined
May 11, 2020
Messages
1
Hi, i'm stuck on the beginning, wondering if you could help.
this is with the default configs. I tried modifying them but it didn't work either
The log is empty
Annotation 2020-05-11 145854.png
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
Hi, look like you misspelled the ip in config file. Please check that and/or share values.
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
Hi, i'm stuck on the beginning, wondering if you could help.
this is with the default configs. I tried modifying them but it didn't work either
The log is empty View attachment 38462
I'm getting exactly the same error, have tried multiple times with custom and default settings, sounds like a bug while script edits the configuration file (openvpn.conf).

(Thanks for your awesome work!)
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
please send me output of this command
cat /root/OpenVPN-on-FreeNAS-in-iocage/openvpn-configs/ovpn-install.cfg

What IP do you see on startup screen? OpenVPN jail IP: ??
 
Top