Resource icon

Automatic install OpenVPN inside iocage Jail in FreeNAS all versions 2020-09-15

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
We can also try solve this remotely via TeamViewer (also helps me to understand and fix this bug). I used it on 3 different FreeNAS servers with both 11.2 and 11.3 version without any error.
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
Here you can see the Jail and Gateway IP, seems fine to me:
putty_2020-05-15_11-54-07.png


As for the ovpn-install.cfg it's untouched now, previously I changed username and port, but I don't think that makes any difference at current state. As mentioned I get the same error with or without changes in the cfg file.
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
indeed, looks perfect.
Please rerun the script (i hope i fixed showing error to logfile)

run "the cleaner"
run install again

please output the result
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
indeed, looks perfect.
Please rerun the script (i hope i fixed showing error to logfile)

run "the cleaner"
run install again

please output the result
Code:
[..] adjust values in 'openvpn.conf' file...

Something went wrong, exiting.
[info] Display error(s) in a sec.

Log file: /root/OpenVPN-on-FreeNAS-in-iocage/openvpn-configs/ovpn-install.log
No default gateway found for ipv6.
sed: 1: "s|{IP_RANGE}|172.16.0.0 ...": unescaped newline inside substitute pattern

Interesting... I have ipv6 disabled on my router, maybe it's trying to make an ipv6 connection without any luck?
Thanks for the quick fix in log!
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
run these 2 commands
cat /root/OpenVPN-on-FreeNAS-in-iocage/openvpn-configs/server/openvpn.conf

netstat -rn | grep -E "U[^A-Z]" | grep -v lo0 | awk '{print $1;}' | sed "s/\/.*//g"
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
run these 2 commands
cat /root/OpenVPN-on-FreeNAS-in-iocage/openvpn-configs/server/openvpn.conf

netstat -rn | grep -E "U[^A-Z]" | grep -v lo0 | awk '{print $1;}' | sed "s/\/.*//g"

Code:
root@freenas[~/OpenVPN-on-FreeNAS-in-iocage]# cat /root/OpenVPN-on-FreeNAS-in-iocage/openvpn-configs/server/openvpn.conf
port 1194
proto udp4
dev tun
ca {DKEYS}/ca.crt
cert {DKEYS}/openvpn-server.crt
key {DKEYS}/openvpn-server.key
dh {DKEYS}/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist {DSERVER}/ipp.txt
push "route {IP_RANGE} 255.255.255.0"
keepalive 10 120
tls-auth {DKEYS}/ta.key 0
remote-cert-tls client
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1

Code:
root@freenas[~/OpenVPN-on-FreeNAS-in-iocage]# netstat -rn | grep -E "U[^A-Z]" | grep -v lo0 | awk '{print $1;}' | sed "s/\/.*//g"
172.16.0.0
172.16.0.4
172.16.0.8
192.168.72.0

I think the first 3 are vnet on freenas and the last one is my physical network adapter. Not sure what the 3 first should look like...
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
bingo, this is the problem.
172.16.0.0
172.16.0.4
172.16.0.8
192.168.72.0
it shoould return only "192.168.72.0". trying to find a solution
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
bingo, this is the problem.
172.16.0.0
172.16.0.4
172.16.0.8
192.168.72.0
it shoould return only "192.168.72.0". trying to find a solution
Is that right? I mean I'm running the command as root on freenas, not in the OpenVPN jail itself, so vnets of other running jails/VMs should show up as well...
I'll turn off other jails & VM's and report back the output.
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
Is that right? I mean I'm running the command as root on freenas, not in the OpenVPN jail itself, so vnets of other running jails/VMs should show up as well...
I'll turn off other jails & VM's and report back the output.
Followup on that, after disabling every other running jail & VM, I do indeed get only "192.168.72.0":
Code:
root@freenas[~/OpenVPN-on-FreeNAS-in-iocage]# netstat -rn | grep -E "U[^A-Z]" | grep -v lo0 | awk '{print $1;}' | sed "s/\/.*//g"
192.168.72.0

Tried cleaning and installing, I'm doing the setup now and it passed that point of failure.
Not sure if there will be any concequences if after the installation I turn on those jails / VMs...
Will report back!
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
i fixed that detection, please rerun the script and it will update with my changes.
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
no there is no consequence, that error was in a moment of find and replace values.

Anyway, please run the cleaner, enable all jails like before and rerun the install. This helps me to know if i fixed that issue
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
I see, thanks a lot for the quick fixes!
I did a clean install again with the jails/VM's enabled and installation run smoothly!
I can't currently reboot my router in order to open the set port, I'll do that later today and post the results.

Also I noticed a couple minor "issues", first is that after the "Re-Enter New CA Key Passphrase:" step, it expects another "enter" from user to continue. Also I could not make the email work, that might be an issue on my part, I have never used the sendmail module, maybe I need to set something in order for it to send the email successfully.
 

spgrvl

Dabbler
Joined
May 15, 2020
Messages
15
I just configured everything, I had to also edit the server's openvpn.conf in order to get dns from my router and be able to access devices by hostname like "freenas.my-lan", etc.
It works great now, thanks again @Bibi40k for the fast personalized help and for your contribution to the freenas community!

Also I would like to make a suggestion for future version if I may: I think it would be practical to have an option to set DDNS in ovpn-install.cfg so that people without static IPs can set their ddns without having to edit the .ovpn files manually and include it.
 
Last edited:

frunkAf

Cadet
Joined
May 19, 2020
Messages
8
Flawless and quick install. Thank you so much for this.

I tried my hand at doing it manually with your guide but I could not get the service to start. One of these days I will succesfully perform an OpenVPN manual install but today I used this script.
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
The only difference between manual and script is the time it takes because the script is nothing more than successive commands you should type manually :)
 

cewjr9842

Cadet
Joined
Jun 3, 2020
Messages
5
@Bibi40k Thank you for your work on this guide. I have been trying to place my freenas behind a VPN and was having issues.
I was able to run steps 1 and 2 , however when i get to step 3 I get this below:
2020-06-03 23_26_07-192.168.1.201 - PuTTY.png


and it just goes to the install menu again. Am I doing something wrong?
 

cewjr9842

Cadet
Joined
Jun 3, 2020
Messages
5
@Bibi40k Thank you for your work on this guide. I have been trying to place my freenas behind a VPN and was having issues.
I was able to run steps 1 and 2 , however when i get to step 3 I get this below:
View attachment 38995

and it just goes to the install menu again. Am I doing something wrong?
Also here is my config
 

Attachments

  • ovpn-install.cfg.zip
    1.5 KB · Views: 391

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
@Bibi40k Thank you for your work on this guide. I have been trying to place my freenas behind a VPN and was having issues.
I was able to run steps 1 and 2 , however when i get to step 3 I get this below:
View attachment 38995

and it just goes to the install menu again. Am I doing something wrong?

Hi, as it said, that feature is not yet implemented. 1-9 are menu options not steps to follow in that order.
Actually the proper order is 8 (where you customise settings including profiles) and then 1 and that's it. Once in a while rerun the script with option 2 to check for updates. Also backing up settings with "The Keeper" is a good idea because you can import them anywhere else if needed.

So if you already run 1 and 2 what is the problem because your server is already running ?
 

cewjr9842

Cadet
Joined
Jun 3, 2020
Messages
5
Hi, as it said, that feature is not yet implemented. 1-9 are menu options not steps to follow in that order.
Actually the proper order is 8 (where you customise settings including profiles) and then 1 and that's it. Once in a while rerun the script with option 2 to check for updates. Also backing up settings with "The Keeper" is a good idea because you can import them anywhere else if needed.

So if you already run 1 and 2 what is the problem because your server is already running ?


I am a noob to openvpn on freenas thats all, but its well needed for my setup. I am not sure how to determine if it is already running? Also Am I supposed to edit anything in the openvpn-install.cfg at this point
 

Bibi40k

Contributor
Joined
Jan 26, 2018
Messages
136
running "the watcher" will show what you need.
also if you can connect, it means is running :)
 
Top