Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Home Media Server Behind VPN (help?)

Joined
May 30, 2019
Messages
7
What I want seems straightforward, but I've been working on it for weeks with no success. I want my FreeNAS server to run plex, sabnbz, nbzhydra2, sonarr, and a movie downloading service yet to be decided. I want all my devices on my local network to be able to access any of these services. I don't want anyone or anything to ever be able to access this server from outside my local network. I want all internet communication from this server to be routed through my paid VPN. It seems like this would be the most vanilla home server setup imaginable, but I can't get it to work for the life of me.

I've been working with technology since I was practically a kid, several decades now. I can code in a dozen languages, configure LANs, all the basic stuff. I have not, however, devoted years of my life specifically to Linux, iocage, freenas, or the other software involved. That means you may as well treat me like a noob. An instruction to just configure my XYZ service to use QHU plugin with LHG support won't mean a thing to me. I need 'type in this specific command'.

I have FreeNAS 11.2-U3 installed. I have added a raid array and configured permissions. I installed the Plex plugin, configured the permissions for it, and am able to stream my media library from it. I am able to ping google from my FreeNAS terminal and my Plex terminal. Before I install the rest of the plugins, I want to ensure that all communications between this server and the internet go through my VPN. That's where I'm stuck and don't seem to be able to move forward.

I have been through a dozen guides for setting up OpenVPN. They invariably require me to use the pkg command, which always fails. From the FreeNAS terminal running any pkg command, such as:

Code:
pkg update


gives me a list of errors that various files don't exist. From inside my Plex jail I am slightly more successful. pkg update seems to work, and says that everything is up-to-date. However, when I try to install something such as

Code:
pkg install nano


I am told that there are no packages available for install matching 'nano', or any other package I try to install.

Some threads have hinted at the problem, saying that I am not allowed to install packages in the base FreeNAS install or in any jail that comes from a plugin. Some of those suggest setting up my jails manually, without information on how that would work or how to achieve it. Other guides suggest creating a dedicated jail for OpenVPN, but don't say how I would configure everything else to only connect to the internet through that jail.

Any help is appreciated. It seems like this use case should be a standard out-of-the-box configuration, but it has taken painstaking effort to take every step in the process. At this point, if a forum post can't get this sorted, I'll be forced to abandon FreeNAS entirely and look for another solution. Thanks and regards,

Ben
 

eldo

FreeNAS Aware
Joined
Dec 18, 2014
Messages
99
I don't have time to provide a more in-depth answer right now, but I believe everything you're trying to do is detailed somewhere on the forums. In many places.

As far as FN is concerned, it is a storage appliance, VPN server, jails, VMs are gravy, but not the designed use of the system.

There are many, many, guides and how-to's on jail creation and configuration, starting with the manual: https://www.ixsystems.com/documentation/freenas/11.2-U4.1/jails.html

More jail information that should be relevant, found through a very quick search on the forum:
The FreeNAS jail/plugin specific forum: https://www.ixsystems.com/community/forums/jails-plugins-and-bhyve.34/
A thread I find highly useful: https://www.ixsystems.com/community/resources/fn11-2-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-transmission-organizr.58/
A step-by-step guide to literally installing OpenVPN in a jail. https://www.ixsystems.com/community/threads/step-by-step-to-install-openvpn-inside-a-jail-in-freenas-11-1-u1.61681/
 
Joined
May 30, 2019
Messages
7
Thank you!

Based on some of the comments I'm seeing around, and your choice of links, I am starting to think that if I want to use a VPN then I can't use the plugin jails, that I need to create my jails manually in order to do this. Is that correct?

I had not seen that guide by Pentaflake. I'll try to walk through it and update here.
 
Joined
May 30, 2019
Messages
7
I'm trying to follow the guides you provided. It was surprisingly easy to get a new plex jail setup using the manual jail creation commands in pentaflake's tutorial. What I'm stuck on is still the VPN. Pentaflake has a ipfw_rules file, but doesn't say what we are supposed to put into it. I read through the entire discussion board but no one has explained that. If anyone knows, you might want to answer in that thread so it can help others following that guide.

Thanks!
 
Joined
May 30, 2019
Messages
7
I also tried to follow the guide for setting up OpenVPN in a jail, and am stuck there as well. There is no discussion of what values you are supposed to put in your easy-rsa configuration. Any help is appriciated, and should probably go into that thread. Thanks,
 

garm

FreeNAS Expert
Joined
Aug 19, 2017
Messages
1,282
Don’t try to install things in the Plugins.. if you want to manually maintain a jail, go for a standard jail.

Routing traffic with FreeNAS can be done but I wouldn’t. What I did was to set up FreeNAS with a series of jails in different VLANs depending on their needs. I then manage internet access for each VLAN in pfSense.
 

danb35

FreeNAS Wizard
Joined
Aug 16, 2011
Messages
10,801
Joined
Jun 3, 2019
Messages
1
Maybe someone suitable program VeePN, works well, quickly and in different languages
 

eldo

FreeNAS Aware
Joined
Dec 18, 2014
Messages
99
Glad you're making progress. Personally, I don't like the idea of my FN acting in a routing/edge networking capacity.
I'd look at going down the route with a pfsense (or whatever your solution might be. I like pfsense) install doing what it does best.
 
Top