[GUIDE] Teamspeak3 on FreeNAS 9.10!

Status
Not open for further replies.

rafadavidc

Dabbler
Joined
Mar 26, 2016
Messages
38
Edit 18 Jan 2017:

This method works on releases up to 9.10.1-U4. If you have 9.10.2 or later, the VirtualBox template is not available to you by default. However, you can create custom jail templates, as outlined in the documentation here. Alternatively, you can stick with the default FreeBSD jail and install a FreeBSD version of the TS3 server directly into the jail and skip a layer of virtualization.

End Edit


Using Windows 10 to install TeamSpeak3 Server on CentOS 7 inside a FreeNAS 9.10 VirtualBox 4.3 jail

With FreeNAS 9.10 using a new method to run jails, it now becomes viable to install and run TeamSpeak Server on FreeNAS, whereas before, sometime since 9.2, it has been broken, according to this guide. In my first contribution to the Linux community EVER, I have decided to document how I got TS3 running on my FreeNAS box.


GETTING STARTED


First of all, you’ll need VNC Viewer and PuTTY to accomplish this. Get them here and install them:

https://www.realvnc.com/download/

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Secondly, you’re installing the following software on your server:

- A Linux distribution. This guide uses CentOS, and I chose Minimal for its light impact on system resources. https://www.centos.org/download/

- TeamSpeak3 Server for 64bit systems: go here and copy to an open notepad the download location for what you’ll be installing. For me it was:
http://dl.4players.de/ts/releases/3.0.12.3/teamspeak3-server_linux_amd64-3.0.12.3.tar.bz2


CREATE THE JAIL


In the FreeNAS GUI, create a new jail. Call it whatever you want; mine is TS3. Use the VirtualBox template. Make sure it’s going to have a static IP here by unchecking the IPv4 DHCP box and configuring that portion. Most of you will use 192.168.1.x with a /24 netmask. If you’re using anything else, you likely know it. At the bottom, make sure NAT is off. Everything else is fine as default. Click OK and the system will create the jail.

Before getting into things, we need to add storage so that VirtualBox can see your CentOS iso. At the bottom of the Jails window, click the Add Storage button. Your source path is wherever you’re keeping that iso; you’ll have to navigate to it. For destination, I used /usr/local/iso, but you can use whatever you want.


GET INTO VIRTUALBOX



In a new browser tab, navigate to the IP address you just assigned your new jail. You’ll be prompted with the phpVirtualBox Log In. The default is admin/admin. SECURITY, AW YISS. It is possible that you’re met with an error. If so, click OK and reload the page. You’ll end up at a blank VirtualBox dashboard.


SET UP THE CENTOS VM



In the upper left corner, click the button labeled New. Name this VM whatever you wish; I called mine TS3. This will be a Linux box, version Red Hat (64 bit) since CentOS is built from Red Hat Enterprise Linux.

Next, assign some RAM. I gave mine 512MB. I don’t really know what’s appropriate here, but CentOS is rather lightweight, and the TeamSpeak3 Server is not demanding in the least. You might even be able to get away with less here, but I didn’t want to risk it.

Next is the hard drive. Create a virtual hard drive now. Click Create. Keep the VDI default selection and click Next. Use a dynamically allocated volume, since we don’t care about disk performance on this server, and it’ll help keep our ZFS pool consumption down. Next you’ll set the size for this disk. I used 20GB, since we don’t care how big it is because of dynamic allocation, but we don’t want to underprovision it and end up freezing the VM. Click create, and you’re back at the dashboard.


CONFIGURE THE VM



In the left-hand pane, you’ll see your new VM. Click it, and its current configuration shows up in the main window. We need to change a few things before we fire it up. Click any one of those headings and a configuration window pops up on top.

In display, slide the memory allocation back to 8MB. We aren’t doing anything substantial here, why waste anything? Also, in the Remote Display tab, add a password; VNC doesn’t like blank ones. I just used asdf.

Under storage, click the empty CD drive. Over on the right, there’s a disc icon to the right of the IDE Secondary Master drop-down. Click it, pick “Choose a virtual CD/DVD disk file…” and navigate to your CentOS iso destination location from when you added storage to the jail. Select it and click OK.

In Network, switch from NAT to Bridged Adapter. You’ll need to choose which adapter you’re using in the Name drop-down.

That’s it for configuration; click OK.


INSTALLING CENTOS



In the upper-left corner, click the Start button. This fires up your VM. Note in the Display section of the configuration that there’s a Remote Desktop Server Port listed. You’ll need this to connect to your VM via VNC. Launch that now and maximize it.

Hit the I (i) key then Enter to trigger installation. The installer has a GUI, and VNC’s sharing of the mouse is super weird. If you can’t travel all the way to the edge, just come all the way back to the other one to reset. Once you see the coincidence between VNC’s cursor and the installer’s, you’ll get the hang of it.

First thing is network, all the way at the bottom. You might need to scroll. In the network section, in the upper-right, click the toggle to enable the adapter. Then, in the lower right, click configure. Go to IPv4 Settings and change the Method to Manual. Click the Add button, and enter an IP address for your server. (I just incremented one from my jail, so if you’re using, say, 192.168.1.201 for the jail, use .202 for this VM for easy tracking.) Netmask is, in the vast majority of cases, going to be 255.255.255.0, and you’ll know if it isn’t. Gateway is the IP address for your router. For DNS servers, I just use Google’s: 8.8.8.8 and 8.8.4.4. Click Save, then in the upper left, Done.

Now we can start from the top.

In Date & Time, click on the map in the approximate area in which you live, make sure the Network Time toggle in the upper right is on, and click Done.

Language and Keyboard can be changed as needed.

In Security Policy, choose Common Profile for General-Purpose Systems and click Select Profile, then Done.

For Installation Destination, click the virtual hard disk and then Done.

At this point, the installer is ready to proceed. Click Begin Installation.

While the installer runs, you can set your root password and create a new user. Do both of these.

For the root password, make something stupidly strong that you’ll remember. Hell, it doesn’t even hurt to write this down and keep it on your desk or wallet. THIS IS ROOT ON AN INTERNET-FACING SERVER, DO NOT FUCK THIS UP.

For User Creation, make an unprivileged user for running the server. Here also choose a crazy-strong password. The purpose of the unprivileged user is so that if there is some undisclosed vulnerability in TeamSpeak Server which allows an attacker to gain control of your environment, there’s only so much they can do with a non-admin account.

And…. Wait.


BOOTING INTO THE CENTOS INSTALL



Before you click Reboot when the installer is done, you need to dismount the iso from the CD drive, or else the installer will boot again. Do that by clicking the icon and selecting Remove disk from virtual drive, then reboot the installer.


PREPARING CENTOS FOR TEAMSPEAK



At the login prompt, log in as root. We need to install a couple things before we install TeamSpeak.

At the root prompt, run these commands (and keep saying y at the prompts until done):

Code:
yum install wget

yum install bzip2

yum install vim

yum install system-config-firewall-tui

system-config-firewall-tui


After the firewall config is done installing, we need to configure it. That last command launches it.

In the firewall config, you select things with the space bar and move around with the tab key. Here are the options for each screen:

Firewall Configuration: Enable, choose Customize.

Trusted Services: Nothing to select, go Forward.

Other Ports: Add the following ports: 9987 udp, 10011 tcp, 30033 tcp. Go forward.

Trusted Interfaces: Nothing to select, go Forward.

Masquerading: Nothing to select, go Forward.

Port Fowarding: Nothing to add, go Forward.

ICMP Filter: Select everything; why tell an attacker anything is here at all? Go Forward.

Custom Rules: Nothing to add, Close.

Back at the main screen: OK. It’ll ask you to confirm. Say Yes.

Per the confirmation, let’s make sure that the iptables service is running. Type the following command:

Code:
service iptables status


You’re looking for “Loaded: loaded” and “Active: active” in that small dump.


OH GOD HERE WE GO IT’S TIME TO INSTALL TEAMSPEAK



Now we’re ready. Type exit, and that takes you back to the login prompt. Log in as the TS3 admin user you set up during the installation.

At this point, you’ll follow 13lackHawk’s excellent guide here over on the TeamSpeak forums, with a few exceptions:

- You’ve already created a user, so you can skip that.

- Substitute your download location and file name in place of his. They’ll be largely similar.

- Where he says “tar xvfz” you will type “tar –jxvf”

At the end, before you move on, you need to add your PC to the whitelist. In the installed directory, type this:

Code:
vim query_ip_whitelist.txt


Hit I (i) to go into Insert mode and type in your PC’s IP address under the loopback address. Press escape, then type this:

Code:
:wq


Once the server is installed and running, and after you’ve set the cron job and the whitelist, it’s time to set the vm to auto-start with the jail. Back in the FreeNAS Gui, select the TS3 jail and click the shell button at the bottom. Type the following command:

Code:
ee /etc/rc.conf


This opens a text editor editing rc.conf. Add these lines. If you did NOT name your VM “TS3,” then replace your VM name where I have TS3. To be clear, there are five appearances of your VM name in these lines.

Code:
vboxnet_enable="YES”

vboxheadless_enable="YES"

vboxheadless_machines="TS3"

vboxheadless_TS3_name="TS3"

vboxheadless_TS3_user="vbox"

vboxheadless_TS3_stop="poweroff" 


When done, hit Esc+Enter (like Alt+Tab or Ctrl+C, but Esc+Enter instead) and save your file.


TAKING CARE OF THE INTERNET



You now need to forward the same ports in your router that you did in the firewall config. Again, those ports are UDP 9987, TCP 10011, and TCP 30033. Go to portforward.com to find your router’s method of port forwarding. While you’re administering your router, it’s time to stop living a life of convenience at the cost of security. You’re running a server, after all. This is the big ask:

Turn off UPnP. It just has too many security compromises. If you have any applications that rely on it, you’re going to have to set up port forwarding or port triggering on a case-by-case basis.

Next, you need to secure your TS3 Server itself a bit. Launch PuTTY. For the Host Name, enter the IP address of the TS3 server. Use port 10011 and the Telnet connection type. Open the connection.

In the telnet window, use these commands:

(ServerQuery username and password were given to you at the very end of the server install process before you set up the cron job. You wrote them down, right?)

Code:
login <serveradmin> <adminpassword>

serveredit virtualserver_weblist_enable=0

instanceedit serverinstance_serverquery_flood_commands=1 serverinstance_serverquery_flood_time=1


The "weblist_enable=0" command removes your server from public visibility in the weblist. Security through obscurity.

The last command is all one line. It limits ServerQuery commands to one per second.

Lastly, if you have any automation of ServerQuery, it’s going to fail the flood control. You need to whitelist the machine it’s running from. Use the same process you used to whitelist your PC.


AT THIS POINT, YOUR SERVER IS LIVE AND READY FOR USE



But what fun is sharing the numbers you find at whatsmyip.com? Register a domain name, install a DNS IP tracker somewhere on your network (my router has one built in that can report to DNSomatic, No-IP, and a bunch of others), have that DNS tracker update a nameserver somewhere, and voilà! Your friends can now connect using just a domain name! My setup is the following:

Router reports to DNSomatic.com

DNSomatic reports to CloudFlare

CloudFlare updates their nameservers

My domain name always points to my public IP, even though I have a dynamic one from my ISP.
 
Last edited:

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
this isn't a plugin, would be better in the How-To section
 

rafadavidc

Dabbler
Joined
Mar 26, 2016
Messages
38
You are correct, but I don't have permissions to that section. Further, that section says to post guides in a "relevant" section, and a moderator will move it if they decide to.
 

Joshua Parker Ruehlig

Hall of Famer
Joined
Dec 5, 2011
Messages
5,949
ohh, I didn't even know there were restrictions to there
 

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
Moved to guides! If memory serves me right we already have a Teamspeak guide (maybe it was written by me.. I don't know) but two is fine. :)
 

Ske

Cadet
Joined
Mar 30, 2015
Messages
1
On my FreeNAS-9.10.2-U1 (86c7ef5) I can't find "VirtualBox template" anymore. It seems to be gone.
 

rafadavidc

Dabbler
Joined
Mar 26, 2016
Messages
38
From here, it looks like there's only one template in 9.10.2. Anything else, you'll have to create a custom template.

They've been making steps toward 10's bhyve method with each release since 9.10 came out. I guess this doesn't surprise me.

I have edited the OP.
 
Last edited:
Status
Not open for further replies.
Top