FreeNAS and jails are not accessible through VPN

[Tom M]

I'm having trouble connecting to my owncloud jail and FreeNAS 9.1.2.8 webGUI over VPN. Owncloud and VPN are running as jails on FreeNAS.

I have tried two VPN solutions while struggling to get remote lan access: OpenVPN and Softether VPN.

I prefer Softether VPN, as I find it easier to work with. Softether gives me access to the LAN; no problem logging in to my DDWRT router, and my Buffalo Linkstation NAS. But I cannot connect to my owncloud jail, nor any other jails, or the FreeNAS GUI.

Softether VPN gives clients an IP address with help from the network DHCP server, ie. on the same subnet. Softether appears to be treating requests appropriately to allow LAN access, but FreeNAS must be preventing specifically VPN connections:

- Owncloud works fine with straight port forwarding to the owncloud IP address without the VPN.
- And it works fine with VPN on the home LAN, but not remotely.
- FreeNAS firewall is disabled.

ipfw list:

65535 allow ip from any to any

This is quite strange, and I have tried on a separate test FreeNAS machine fresh install. Still the same…

There must something I have overlooked on FreeNAS. I would be grateful for Any suggestions?

Edit: I have also tried pinging the FreeNAS IP and jail IPs and get : destination unreachable/timeout. Any other machine on the lan is able to reply to pings.

 

[Tom M]

Netstat -rn on freenas

Internet:

Destination Gateway Flags Refs Use Netif Expire

default 192.168.111.1 UGS 0 2914 bge0
127.0.0.1 link#11 UH 0 211253 lo0
192.168.111.0/24 link#5 U 0 5208 bge0
192.168.111.16 link#5 UHS 0 0 lo0
192.168.111.225 link#5 UHS 0 104 lo0

Internet6:

Destination Gateway Flags Netif

Expire
::/96 ::1 UGRS lo0
::1 link#11 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#11 U lo0
fe80::1%lo0 link#11 UHS lo0
ff01::%lo0/32 ::1 U lo0
ff02::/16 ::1 UGRS lo0
ff02::%lo0/32 ::1 U lo0

 

[dlavigne]

Were you able to figure this out?

 

[Tom M]

Thanks for replying.

Sort of...well, not really. But I found a drastic solution!

I took a screenless thinkpad (x200), installed FreeNAS on it together with SoftEther VPN server (in a jail). This gives access to any jail on other physical FreeNAS machines...it works really well, but it is one more machine running. I would have preferred it on the same machine as Owncloud, leaving me with one server only.

I guess a Raspberry micro pc could do the job too for a small network.

Would you have any explanation of the problem I described? Must VPNs really run on their own physical server? Why this limitation?

(Now, differently, I am experiencing other problems with mysql credentials in owncloud so that is messed up right now. Don't quite get how I should configure a freenas user for mysql access in the owncloud jail...)

 

[ethanmcdonald]

I'm running into the same issue on my FreeNAS 9.1.2.7 server.

While OpenVPNed from a remote location, I am unable to access any jailed sites that reside on the same FreeNAS server as my OpenVPN connection.
The main FreeNas site and LAN systems can be accessed, but not Jail sites like Transmission or BTSync.
My guess is this is because the Jailed IPs use the same NIC as the OpenVPN.

Is there and alias or bridge that could to be configured to enable internal routing between OpenVPN and the Jailed sites?

I am however, as stated early, able to my FreeNAS management web site.
This may be because OpenVPN was not installed as a Jailed service, see link below.
http://joepaetzel.com/2013/09/22/openvpn-on-freenas-9-1/#comment-1306

 

[dlavigne]

While they share the same NIC, they are automatically bridged. See the NOTE below Table 13.2a: http://doc.freenas.org/9.3/freenas_jails.html#adding-jails.

Does explicitly setting the bridged address fix the issue?