Thanks for the quick reply. I have the jail IP addresses and I believe my LAN network. All my IP addresses at my location are 192.168.0.XXX with my router specifically 192.168.0.1, so that would make my network 192.168.0.0 correct? How do I figure out the netmask? Would they both be /24?
In the Buffered VPN ovpn file it doesn't list an IP address. It has the server hostname and netmask I believe.
This is what my ipfw_rules looks like but I'm not sure on the /24 or us-east-coast.servers.buffered.com/443
Code:
# Allow internal traffic
add 03000 allow IP from 192.168.0.143/24 to 192.168.0.0/24 keep-state
add 03000 allow IP from 192.168.0.0/24 to 192.168.0.143/24 keep-state
# Allow access to Entrace IP for VPN
add 04000 allow IP from 192.168.0.143/24 to us-east-coast.servers.buffered.com/443 keep-state
# Allow any traffic over the VPN interface
add 05000 allow IP from any to any via tun*
# Deny any other traffic
add 65534 deny IP from any to any
And here's the readout from the jail when I update the firewall rules.
Code:
root@freenas:~ # iocage exec transmission service ipfw start
Flushed all rules.
00100 allow IP from any to any via lo0
00200 deny IP from any to 127.0.0.0/8
00300 deny IP from 127.0.0.0/8 to any
00400 deny IP from any to ::1
00500 deny IP from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
03000 allow IP from 192.168.0.0/24 to 192.168.0.0/24 keep-state :default
03000 allow IP from 192.168.0.0/24 to 192.168.0.0/24 keep-state :default
Line 6: bad width ``443''
Firewall rules loaded.
So it seems like it isn't taking my LAN network settings and definitely doesn't look like my VPN "IP" is working.
The top of my ovpn file is below with the rest of the file being certificate and key info.
Code:
client
remote-cert-tls server
dev tun
proto udp
ping 5
ping-restart 30
sndbuf 640000
rcvbuf 640000
resolv-retry infinite
nobind
explicit-exit-notify 3
comp-lzo yes
verb 2
route-gateway dhcp
redirect-gateway def1
remote us-east-coast.servers.buffered.com 443