Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

How to use Openvpn & ipfw in a jail so it only connects to the VPN

Joined
Nov 4, 2014
Messages
61
Thanks
1
Curious. Had OpenVPN working perfectly with AirVPN as per this post under Transmission 2.44 (?). Last week, I upgraded to Transmission 2.92 and now downloads have mysteriously stopped. I've cheked OpenVPN and ipfw status and both appear to be working okay. Has anyone else experienced this? Unless someone has a magic fix, I'm going to try to rebuild from first principles. If that's unsuccessful, does anyone have any idea how to get back to Transmission 2.44?
Mine will disconnect occasionally and torrents will stop, which is a good thing. You don't want torrents running on your home IP anyway.

Have you used the checkmytorrentip.png torrent file to verify your vpn is working? If not, go here.
http://checkmytorrentip.upcoil.com/?hash=6851930ebbc2ea82666f25fc3c79c792a8f14ed7

Also restarting the jail should reconnect the vpn.

If that doesn't work, you'll need to reinstall transmission and run through the open vpn setup again. I've had to do it a few times too.
 

Seymour Butt

FreeNAS Experienced
Joined
Jan 4, 2014
Messages
453
Thanks
82
Mine will disconnect occasionally and torrents will stop, which is a good thing. You don't want torrents running on your home IP anyway.

Have you used the checkmytorrentip.png torrent file to verify your vpn is working? If not, go here.
http://checkmytorrentip.upcoil.com/?hash=6851930ebbc2ea82666f25fc3c79c792a8f14ed7

Also restarting the jail should reconnect the vpn.

If that doesn't work, you'll need to reinstall transmission and run through the open vpn setup again. I've had to do it a few times too.
A little patience required on my part. Torrents stopped for several days, but started working again. Fortunately, I did not have to reinstall. Thanks for your input.
 
Joined
Dec 10, 2017
Messages
9
Thanks
0
Hello all, I've been trying to get openvpn in my transmission jail to work for some time.. I have a giganews act which includes vipervpn. How ever I cannot get this to work at all
Code:
[root@transmission_1 /usr/local/etc/openvpn]# service openvpn start
Starting openvpn.
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn


Code:
[root@transmission_1 /usr/local/etc/rc.d]# openvpn start
Options error: In [CMD-LINE]:1: Error opening configuration file: start
Use --help for more information.


rc.conf
Code:
portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="transmission_1"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
transmission_conf_dir="/var/db/transmission"
transmission_download_dir=""
transmission_enable="YES"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"


openvpn.conf

Code:
client
dev tun
proto udp
remote us6.vpn.giganews.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-IP
ca /usr/local/etc/openvpn/ca.vyprvpn.com.crt
tls-remote us6.vpn.giganews.com
auth-user-pass
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA

<ca>
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIJANd2Uwt7SabsMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD
VQQGEwJLWTEUMBIGA1UECBMLR3JhbmRDYXltYW4xEzARBgNVBAcTCkdlb3JnZVRv
d24xFzAVBgNVBAoTDkdvbGRlbkZyb2ctSW5jMRowGAYDVQQDExFHb2xkZW5Gcm9n
LUluYyBDQTEjMCEGCSqGSIb3DQEJARYUYWRtaW5AZ29sZGVuZnJvZy5jb20wHhcN
MTAwNDA5MjExOTIxWhcNMjAwNDA2MjExOTIxWjCBkjELMAkGA1UEBhMCS1kxFDAS
BgNVBAgTC0dyYW5kQ2F5bWFuMRMwEQYDVQQHEwpHZW9yZ2VUb3duMRcwFQYDVQQK
Ew5Hb2xkZW5Gcm9nLUluYzEaMBgGA1UEAxMRR29sZGVuRnJvZy1JbmMgQ0ExIzAh
BgkqhkiG9w0BCQEWFGFkbWluQGdvbGRlbmZyb2cuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA37JesfCwOj69el0AmqwXyiUJ2Bm+q0+eR9hYZEk7
pVoj5dF9RrKirZyCM/9zEvON5z4pZMYjhpzrq6eiLu3j1xV6lX73Hg0dcflweM5i
qxFAHCwEFIiMpPwOgLV399sfHCuda11boIPE4SRooxUPEju908AGg/i+egntvvR2
d7pnZl2SCJ1sxlbeAAkYjX6EXmIBFyJdmry1y05BtpdTgPmTlJ0cMj7DlU+2gehP


open vpn dir

Code:
[root@transmission_1 /usr/local/etc/openvpn]# ls
-					   IP					  openvpn.conf
ca.vyprvpn.com.crt	  keys					pass.txt
 
Joined
Dec 10, 2017
Messages
9
Thanks
0
So, I gave up trying to do this through the jail.. I [don't even know how I did it] managed to get vipervpn running on my pfsense appliance. I then [not sure what I did] forced specific IPs that I aliased to go through the vpn. I think I will make a nifty new forum posts with all steps I did to acomplish this.. but proof of concept.
 
Last edited:
Joined
Sep 27, 2016
Messages
48
Thanks
1
Hi there,

I thought I did everything correctly like shown in the first post of this thread, but I can't get it to work. And I really don't know why?
Maybe someone could have a look at my configuration and telle me what is wrong?

OpenVPN is up and running, I have checked with
Code:
curl icanhazip.com

rc.conf
Code:
portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="OpenVPN"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"

firewall_enable="YES"
firewall_type="/media/openvpn/ipfw_rules"

openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/media/openvpn/vpn.conf"
openvpn_dir="/media/openvpn"
cloned_interfaces="tun"

gateway_enable="YES"

ipfw list
Code:
[root@OpenVPN /]# ipfw list
65535 allow IP from any to any

sysctl net.inet.IP.forwarding
Code:
net.inet.IP.forwarding: 1

netstat -nr
Code:
Routing tables

Internet:
Destination		Gateway			Flags	  Netif Expire
0.0.0.0/1		  10.54.2.145		UGS		tun0
default			192.168.178.1	  UGS	 epair0b
10.54.0.1/32	   10.54.2.145		UGS		tun0
10.54.2.145		link#3			 UH		 tun0
10.54.2.146		link#3			 UHS		 lo0
127.0.0.1		  link#1			 UH		  lo0
128.0.0.0/1		10.54.2.145		UGS		tun0
136.0.0.108/32	 192.168.178.1	  UGS	 epair0b
192.168.178.0/24   link#2			 U	   epair0b
192.168.178.10	 link#2			 UHS		 lo0


But my clients (this is the gateway) can't access the Internet via the Gateway. I had a liekwise Configuration runnung for years on a raspberry and, now that i want to switch to a jail, i had a working jail for 2 days until I tempered with the NAT udn VIMAGE-Settings in the WebGUI and so killed the then working Jail. I thought it would be ne Problem to set it up again, but i can't get it to work for hours now and maybe i'm now "snowblind" to see the problem?

Please Help.
 
Joined
Jan 23, 2016
Messages
1
Thanks
0
I can successfully ping google with the vpn on, but I can also ping google with the vpn off. I have set everything up as described but this is a BIG problem for me.

Here are my firewall rules.

Code:
root@transmission_1:~ # ipfw list
00100 allow IP from any to any via lo0
00200 deny IP from any to 127.0.0.0/8
00300 deny IP from 127.0.0.0/8 to any
00400 deny IP from any to ::1
00500 deny IP from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
01000 allow log udp from 10.69.0.0/16 to 10.69.0.3 dst-port 53 keep-state
01002 allow log udp from 10.69.0.0/16 to 10.69.0.1 dst-port 53 keep-state
01004 allow log udp from 10.69.0.0/16 to 208.67.222.222 dst-port 53 keep-state
01006 allow IP from 10.69.0.0/16 to 10.69.0.0/16 keep-state
02000 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
02002 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
02004 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
02006 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
04000 allow IP from 127.0.0.1 to any
05000 allow IP from 10.0.0.0/8 to any
05003 allow IP from any to 10.0.0.0/8
65534 deny IP from any to any
65535 allow IP from any to any


Why does the firewall have rules that I did not specify? I think the last line is causing the traffic to get through. How to get rid of this line?

Here is a cat from the file /media/ipfw_rules

Code:
root@transmission_1:~ # cat /media/ipfw_rules
add 01000 allow log udp from 10.69.0.0/16 to 10.69.0.3 dst-port 53 keep-state
add 01002 allow log udp from 10.69.0.0/16 to 10.69.0.1 dst-port 53 keep-state
add 01004 allow log udp from 10.69.0.0/16 to 208.67.222.222 dst-port 53 keep-state
add 01006 allow IP from 10.69.0.0/16 to 10.69.0.0/16 keep-state
add 02000 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
add 02002 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
add 02004 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
add 02006 allow IP from 10.69.0.0/16 to xxx.xxx.xxx.xxx keep-state
add 04000 allow IP from 127.0.0.1 to any
add 05000 allow IP from 10.0.0.0/8 to any
add 05003 allow IP from any to 10.0.0.0/8
add 65534 deny IP from any to any


If anyone has any suggestions I would appreciate it.

EDIT: After doing some research if the kernel is compiled with IPFIREWALL_DEFAULT_TO_ACCEPT then the last rule is created. Is this what FreeNAS does by default in their kernel config? If so how do I change it?

Did you ever figure this out? I am having the same problem.
 

Glorious1

FreeNAS Guru
Joined
Nov 23, 2014
Messages
896
Thanks
163
The final rule 65535 in ipfw list is not the problem. I have that also and my system works as expected.
FYI, I have only these simple rules in my ipfw_rules file. Transmission halts communication if the vpn is interrupted.
Code:
add 00010 allow all from any to any via tun0 uid tranny
add 00101 allow all from me to 192.168.0.0/24 via epair* uid tranny
add 00102 allow all from 192.168.0.0/24 to me via epair* uid tranny
add 00107 deny all from any to any uid tranny

tranny is the user in my jail who owns and runs things; I set that up to have the same UID as my user in FreeNAS to avoid permission issues. But you could leave that off or substitute the default user.

The first rule allows comms with tranny over tun0, which I think the vpn sets up. 101 and 102 allow me to communicate with transmission on the local network. The last one prohibits anything else. I'm no expert, but this works for me.
 
Joined
Jan 11, 2018
Messages
14
Thanks
2
The final rule 65535 in ipfw list is not the problem. I have that also and my system works as expected.
FYI, I have only these simple rules in my ipfw_rules file. Transmission halts communication if the vpn is interrupted.
Code:
add 00010 allow all from any to any via tun0 uid tranny
add 00101 allow all from me to 192.168.0.0/24 via epair* uid tranny
add 00102 allow all from 192.168.0.0/24 to me via epair* uid tranny
add 00107 deny all from any to any uid tranny

tranny is the user in my jail who owns and runs things; I set that up to have the same UID as my user in FreeNAS to avoid permission issues. But you could leave that off or substitute the default user.

The first rule allows comms with tranny over tun0, which I think the vpn sets up. 101 and 102 allow me to communicate with transmission on the local network. The last one prohibits anything else. I'm no expert, but this works for me.
With a completely similar set of rules, the killswitch doesn't work for me. I'm using NordVPN, if that's at all relevant.

ipfw list
Code:
00001 allow IP from any to any via lo0
00010 allow IP from any to any via tun0
00101 allow IP from me to 192.168.2.0/24 via epair0b uid transmission
00102 allow IP from 192.168.2.0/24 to me via epair0b uid transmission
00199 deny IP from any to any via epair0b uid transmission
65535 allow IP from any to any


With VPN off:
su -m transmission -c 'traceroute www.google.com'
Code:
traceroute: Warning: www.google.com has multiple addresses; using 209.85.203.99
traceroute to www.google.com (209.85.203.99), 64 hops max, 40 byte packets
 1  Gargoyle (192.168.2.1)  0.540 ms  0.461 ms  0.445 ms


The first hop is to my gateway and the traceroute completes

With VPN on:
su -m transmission -c 'traceroute www.google.com'
Code:
traceroute: Warning: www.google.com has multiple addresses; using 209.85.203.103
traceroute to www.google.com (209.85.203.103), 64 hops max, 40 byte packets
 1  10.8.8.1 (10.8.8.1)  7.663 ms  7.459 ms  7.448 ms
 2  185.178.49.129 (185.178.49.129)  7.767 ms  7.895 ms  7.926 ms


If I add rules to explicitly deny connection to my gateway to transmission
ipfw list
Code:
00001 allow IP from any to any via lo0
00010 allow IP from any to any via tun0
00021 deny IP from me to 192.168.2.1 uid transmission
00022 deny IP from 192.168.2.1 to me uid transmission
00101 allow IP from me to 192.168.2.0/24 via epair0b uid transmission
00102 allow IP from 192.168.2.0/24 to me via epair0b uid transmission
00199 deny IP from any to any via epair0b uid transmission
65535 allow IP from any to any


Then vpn on or off traceroute doesn't work for transmission by domain name
su -m transmission -c 'traceroute www.google.com'
Code:
traceroute: unknown host www.google.com


But still works fine by IP address even with VPN off
su -m transmission -c 'traceroute 209.85.203.147'
Code:
traceroute to 209.85.203.147 (209.85.203.147), 64 hops max, 40 byte packets
 1  192.168.2.1 (192.168.2.1)  0.597 ms  0.429 ms  0.576 ms


My ifconfig looks like this:
ifconfig
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
		options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
		inet6 ::1 prefixlen 128
		inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
		inet 127.0.0.1 netmask 0xff000000
		nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
		groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=8<VLAN_MTU>
		ether 02:ff:60:03:aa:47
		hwaddr 02:07:e0:00:0d:0b
		inet 192.168.2.66 netmask 0xffffff00 broadcast 192.168.2.255
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
		status: active
		groups: epair
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
		options=80000<LINKSTATE>
		inet 10.8.8.145 --> 10.8.8.1  netmask 0xffffff00
		nd6 options=1<PERFORMNUD>
		groups: tun
		Opened by PID 10452
 

Glorious1

FreeNAS Guru
Joined
Nov 23, 2014
Messages
896
Thanks
163
Sorry, I don't understand any of what you posted except the first two sentences. Hopefully someone who knows this stuff better will spot something amiss.
 
Joined
May 19, 2015
Messages
4
Thanks
0
I have this sort of configuration and when I try to start the service I get this error:
Jul 13 13:28:24 transmission_1 openvpn[17541]: /etc/openvpn/update-resolv-conf tun1 1500 1553 10.8.0.25 255.255.0.0 init
Jul 13 13:28:24 transmission_1 openvpn[17541]: WARNING: Failed running command (--up/--down): could not execute external program
Jul 13 13:28:24 transmission_1 openvpn[17541]: Exiting due to fatal error

I have deleted and rebuilt a brand new jail with the same result. I've searched all over and see some reference to the warning, but not particularly about OPENVPN.
System is running on Freenas 9.10.2.U6 .
 

ric

FreeNAS Experienced
Joined
Dec 22, 2013
Messages
162
Thanks
2
I went ahead and downgraded my freenas build from 11.1 to 9.10 because is much less complicated I had thought and people have had success to make it work using the 9.10 build but Im still having issues starting openvpn as shown below:

[root@customplugin_2 /etc]# cp /media/ca.crt /usr/local/etc/openvpn/keys/ca.crt
[root@customplugin_2 /etc]# cp /media/ta.key /usr/local/etc/openvpn/keys/ta.key
[root@customplugin_2 /etc]# /usr/local/etc/rc.d/openvpn start
Starting openvpn.
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn
[root@customplugin_2 /etc]#

Also, I am able to find ca.crt and ta.key but not sure where to find my user.key (or does it matter if I don't have a user.key?)
 

ric

FreeNAS Experienced
Joined
Dec 22, 2013
Messages
162
Thanks
2
Wow thanks

:eek: :embarrased:

I mv'd ca.cert to ca.crt.
ca.crt is in /usr/local/etc/openvpn/keys with 777 permissions now

Starting still gave me:
Code:
[root@sabnzbd_1 /usr/local/etc/openvpn]# /usr/local/etc/rc.d/openvpn start
Starting openvpn.
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn
 
tail /var/log/messages
 
Mar  7 07:33:06 sabnzbd_1 openvpn[46824]: Options error: --ca fails with 'ca.crt': No such file or directory
Mar  7 07:33:06 sabnzbd_1 openvpn[46824]: Options error: Please correct these errors.
Mar  7 07:33:06 sabnzbd_1 openvpn[46824]: Use --help for more information.
Mar  7 07:33:06 sabnzbd_1 tornado: /usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn


So I hard coded the path to ca.crt and it now works, albeit with me logging in with name and password.

However it doesn't work with the
auth-user-pass /usr/local/etc/openvpn/VPN-user_password.txt
as trnelson pointed out. It looks like you have to recompile openvpn with

./configure --enable-password-save

enabled. I haven't done that yet. trnelson have you tried that already?
How did you hard code the path to ca.crt?

Can you post here how you did it?

Thanks!
 

Glorious1

FreeNAS Guru
Joined
Nov 23, 2014
Messages
896
Thanks
163
somehow got duplicated - see next msg
 

Glorious1

FreeNAS Guru
Joined
Nov 23, 2014
Messages
896
Thanks
163
Im still having issues starting openvpn
It's hard to know what the problem might be with so little information, but I see a couple of differences between your setup and mine. These could be version differences.

1. My ca.crt is called ca.rsa.2048.crt
2. It is in the openvpen folder; there is no 'keys' subfolder.
3. I don't have anything like ta.key
4. Don't have any user.key, never heard of it.

Is your chosen server file set up to point to a file with your username and password, your ca.crt, and your crl.[rsa.2048.]pem file?, and file copied to openvpn.conf?

The path to ca.crt needs to be in openvpn.conf. If you just put it in the openvpn folder, all you need is the file name. It goes in the last line of the file. In mine it looks like this:
Code:
ca ca.rsa.2048.crt


By the way, an easier command to start it without remembering any path is service openvpn start
 

ric

FreeNAS Experienced
Joined
Dec 22, 2013
Messages
162
Thanks
2
While icmp echo request is running (pinging google.com) on other window, I've opened up another window and tried to stop openvpn by typing the command below, but icmp echo request is still running on google.com, it didn't interrupt. Please see tail log below:

[root@transmission_1 /etc]# /usr/local/etc/rc.d/openvpn stop

[root@transmission_1 /etc]# tail /var/log/messages
Jul 28 09:48:38 transmission_1 openvpn[15258]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jul 28 09:48:38 transmission_1 openvpn[15258]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1558'
Jul 28 09:48:38 transmission_1 openvpn[15258]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Jul 28 09:48:38 transmission_1 openvpn[15258]: WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher AES-256-CBC'
Jul 28 09:48:38 transmission_1 openvpn[15258]: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Jul 28 09:48:38 transmission_1 openvpn[15258]: [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]167.99.109.166:995
Jul 28 09:48:40 transmission_1 openvpn[15258]: TUN/TAP device /dev/tun0 opened
Jul 28 09:48:40 transmission_1 openvpn[15258]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jul 28 09:48:40 transmission_1 openvpn[15258]: /sbin/ifconfig tun0 10.24.0.18 10.24.0.17 mtu 1500 netmask 255.255.255.255 up
Jul 28 09:48:40 transmission_1 openvpn[15258]: Initialization Sequence Completed
 

Glorious1

FreeNAS Guru
Joined
Nov 23, 2014
Messages
896
Thanks
163
While icmp echo request is running (pinging google.com) on other window, I've opened up another window and tried to stop openvpn by typing the command below, but icmp echo request is still running on google.com, it didn't interrupt. Please see tail log below:

[root@transmission_1 /etc]# /usr/local/etc/rc.d/openvpn stop
I'm confused. I thought the problem was openvpn wouldn't start. Is it running when you give the stop command?
 

ric

FreeNAS Experienced
Joined
Dec 22, 2013
Messages
162
Thanks
2
At first, openvpn didnt start because of an incorrect openvpn credentials. Now openvpn is running successfully after using the right username and password, but as i've said earlier when I give the stop command, openvpn will not run but icmp echo requests (pinging google.com) doesn't interrupt.
As you can see above tail log there are some warning messages it may be an openvpn config parameter causing not to stop pinging?
 
Last edited:

Glorious1

FreeNAS Guru
Joined
Nov 23, 2014
Messages
896
Thanks
163
Seems that would likely be a problem with your ipfw rules or related configuration.
 

ric

FreeNAS Experienced
Joined
Dec 22, 2013
Messages
162
Thanks
2
Killing openvpn is killing VPN not killing internet, therefore icmp echo request will be continuously running.
 
Joined
Feb 24, 2012
Messages
53
Thanks
2
So transmission was able to download something without going through the vpn because somehow the tunnel device didn't get properly intialized. I'm a bit stumped as to how transmission got out to the internet:

/var/log/messages
Code:
Sep 12 14:06:40 transmission openvpn[6084]: Data Channel: using negotiated cipher 'AES-256-GCM'
Sep 12 14:06:40 transmission openvpn[6084]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 12 14:06:40 transmission openvpn[6084]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sep 12 14:06:40 transmission openvpn[6084]: Cannot allocate TUN/TAP dev dynamically
Sep 12 14:06:40 transmission openvpn[6084]: Exiting due to fatal error


ipfw.rules:
Code:
add 00010 allow IP from any to any via tun0

add 00101 allow IP from me to 10.10.1.0/24 uid transmission
add 00102 allow IP from 10.10.1.0/24 to me uid transmission
add 00103 deny IP from any to any uid transmission

add 65534 allow all from any to any


Thoughts? Fixes?
 
Top