I'm gonna set up OpenVPN only. Specifically for Private Internet Access (which uses user/pass auth).
Transmission is a plug-in there are lots of threads on it.
Lets get started:
I created a dataset for my jail. Named openvpn.
I shared it just to make things dead simple.
Configure jails: point to your dataset. /mnt/tank/openvpn
I added a jail named 'openvpn'. All defaults except uncheck vanilla.
I set the IP to 192.168.1.180, but use whatever works on your local subnet.
View attachment 5045
View attachment 5046
Now we need to jump into the jail and get started. ssh to your freenas box.
Grab a list of your jails.
Code:
Welcome to FreeNAS
[root@freenas] ~# jls
Get a command prompt from your jail (N) is the JID of your jail:
Code:
[root@freenas] ~# jexec (N) tcsh
We'll install bash and nano to keep things dead simple.
Code:
root@openvpn:/ # pkg install bash
root@openvpn:/ # pkg install nano
root@openvpn:/ # bash
Now comes the work. We need to get and update ports in our jail. These can take a while.
Code:
[root@openvpn /]# portsnap fetch
[root@openvpn /]# portsnap extract
First gotcha: We need to update pkg, force the delete, make clean pkg-1.3.8 or openvpn build will fail. Be patient there is lots of work going on here.
Code:
[root@openvpn /]# pkg delete -f pkg
[root@openvpn /]# cd /usr/ports/ports-mgmt/pkg
[root@openvpn /]# make clean install
On to compiling openvpn with our PW_SAVE flag. Let it work.
Code:
[root@openvpn /]# cd /usr/ports/security/openvpn
[root@openvpn /]# make clean install
** Select PW_SAVE option. Click OK / Enter.
We are now fully installed and just need to configure openvpn to use PIA.
Edit /etc/rc.conf to include (or used attached rc.conf):
Code:
[root@openvpn /]# nano /etc/rc.conf
** add**
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
Build our directory and add the certificates, conf, and password file.
Code:
[root@openvpn /]# mkdir /usr/local/etc/openvpn
Extract the contents of pia_ovpn.zip to /usr/local/etc/openvpn
You will have 6 files: ca.crt, crl.pem, openvpn.conf, pswd.txt, rc.conf, README.txt
If you cheated like me. You can just drag and drop to the share. ;)
YOU MUST ADD YOUR OWN USER NAME AND PASSWORD IN THE 'pswd.txt' file.
Code:
[root@openvpn /]# nano /usr/local/etc/openvpn/pswd.txt
That's it. You are ready to start the service. Or reboot the jail.
Code:
[root@openvpn /]# /usr/local/etc/rc.d/openvpn start
Lets test:
Code:
[root@openvpn /etc]# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:8c:75:00:06:0b
inet 192.168.1.180 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.150.1.6 --> 10.150.1.5 netmask 0xffffffff
nd6 options=1<PERFORMNUD>
Opened by PID 40682
You should have a tun0 interface with a valid internal PIA IP address.
Confirm your vpn is working correctly by hitting a site that will echo your ip back.
Code:
[root@openvpn /etc]# wget http://smart-ip.net/myip -O - -q ; echo
50.23.131.244
If it looks anything like this you have done it!
Set up your firewall rules if you need a killswitch and/or transmission. User/pass auth is kind of poor security at the end of day... but it is what we get. You can encrypt and worry about that on your own.
You can select your server by changing 'remote us-seattle.privateinternetaccess.com 1194'
in /usr/local/etc/openvpn/openvpn.conf
Good luck. This is really derivative of other works around here. I just navigated a few new hurdles. Enjoy.