Need help with Openvpn client and transmission

[stryk9]

So, I have searched forums and google'd without any luck. I have a paid vpn service that i use and I would like to use openvpn as a client to connect to my vpn service and have only the traffic from transmission go over the tunnel. I'm pretty impartial as to whether openvpn is installed in the jail or not as long as it accomplishes my goal. I have been trying to figure this out for a week now and can't figure it out. This is on FreeNas 9.1.1

Any help would be greatly appreciated

 

[trnelson]

I have this exact same setup and question. Any progress in finding an answer?

 

[trnelson]

Actually came across this. Might be enough info to get you up and running. Going to give it a shot myself. http://forums.freenas.org/index.php...-a-jail-so-it-only-connects-to-the-vpn.18669/

 

[Raj Rajagopal]

Actually came across this. Might be enough info to get you up and running. Going to give it a shot myself. http://forums.freenas.org/index.php...-a-jail-so-it-only-connects-to-the-vpn.18669/

That seems like a good approach, if you wish to connect to VPN directly from within the jail.

If you have multiple jails that should use VPN, this may not be the best approach. I am trying to find out how to send multiple jail traffic through the VPN client connected from freenas.

Still researching. will post if I make headway.

 

[trnelson]

Ah yes, makes sense. There's always the option of going with a DD-WRT enabled router and using your VPN through it. That would mean all traffic goes through it of course, but from what I understand you could link another router to your network which is the sole VPN one. I just came across that however and wouldn't know how to set it up.

I was able to get my Transmission plugin working via VPN with these instructions. Good luck and post back if you find anything!

 

[Raj Rajagopal]

Ah yes, makes sense. There's always the option of going with a DD-WRT enabled router and using your VPN through it. That would mean all traffic goes through it of course, but from what I understand you could link another router to your network which is the sole VPN one. I just came across that however and wouldn't know how to set it up.

I was able to get my Transmission plugin working via VPN with these instructions. Good luck and post back if you find anything!

Will do. VPN router is an option but from what I have read (and experienced some time back), throughput suffers as much as 50% as most routers do not have enough processing power.

I have VPN up and running on the freenas server itself (which is the easy part). Now, figuring out how to get the tun interface to the plugin. I am currently thinking of enabling NAT and forcing the route through PF. Will post my findings.

 

[stryk9]

I haven't really had a chance to mess with it. I did an update to the BSD PBI system and now I cant even get the transmission plugin working. I'm trying to figure out how to get it back to "stock" I might just reinstall.

 

[joelmusicman]

Will do. VPN router is an option but from what I have read (and experienced some time back), throughput suffers as much as 50% as most routers do not have enough processing power.

I have VPN up and running on the freenas server itself (which is the easy part). Now, figuring out how to get the tun interface to the plugin. I am currently thinking of enabling NAT and forcing the route through PF. Will post my findings.

I'm working on the same issue. Even running on my desktop pc, my 100mbit internet connection (Webpass.net FTW!!) slows down to anywhere between 2-8mbit when I switch on my VPN running software located on my PC. That's a limitation of the VPN encryption, little to do with router capability.

Still trying to figure out how to get it running in the jail and it's being difficult...

 

[Raj Rajagopal]

I'm working on the same issue. Even running on my desktop pc, my 100mbit internet connection (Webpass.net FTW!!) slows down to anywhere between 2-8mbit when I switch on my VPN running software located on my PC. That's a limitation of the VPN encryption, little to do with router capability.

Still trying to figure out how to get it running in the jail and it's being difficult...

Don't think that's entirely due to only VPN encryption. If you roam around the smallnetbuilder.com forums, you will notice the 50% reduction in VPN speeds in going from a good quality PC to the consumer router. I am surprised at your speed though. If you use a good VPN provider and have a reasonable PC, it shouldn't drop by 90% or more.

 

[joelmusicman]

The point I was making is that I'm seeing drastic speed reductions and I'm not even using the router's VPN. PC is running Win 7, i5-3570K, 16GB ram.

 

[Raj Rajagopal]

The point I was making is that I'm seeing drastic speed reductions and I'm not even using the router's VPN. PC is running Win 7, i5-3570K, 16GB ram.

My point is that your case is not typical. In my case, my internet drops from 50MBPS to 40MBPS (PC VPN - Q6600 CPU) and less than 15 MBPS (router VPN). Which is why started looking for reasons and noticed several similar threads in smallnetbuilder. Routers have slower, single core CPUs that can't keep up with the load demands of encryption.

 

[joelmusicman]

Ah. Maybe I just need a different provider... :)

 

[stryk9]

I thought I would add an update to this. I got the VPN running in the transmission jail using the link trnelson provided. Now I just need to figure out my firewall settings to block the traffic if the VPN goes down. So my current setup is: Couchpotato in it's own jail and then transmission and openvpn in another. It works well and when you start Openvpn it automatically routes the WAN traffic over the VPN and the LAN traffic is not routed through the tunnel. As I said, I just need to figure out my ipfw settings. I tried to follow the ones in the link and changed the addresses to my own but it didn't seem to work.

 

[trnelson]

Nice! That's exactly the same setup I have, and exactly the same point I'm at with it. I do have ipfw settings but the problem I've been having (I think) is that my VPN service doesn't publish the whitelist IPs, so I can block everything under the sun but still not sure which IPs to whitelist to allow traffic through. I did get it working once or twice with a lucky guess on the IP addresses, but overall I'm not entirely certain how to maintain it. Maybe I can just block all the ranges from my internet provider instead?

 

[Mlug]

Just looking at this from a different angle, and I'm no computer expert. I understand that if you connect from a FreeNAS box with openVPN, a tun interface is created through which all traffic goes to the openVPN server of your VPN provider. There is a setting in the openvpn.conf file which makes all traffic go through it. So wouldn't a simple solution be to only allow traffic via tun* in the firewall rules ? That way you wouldn't have to figure out IP addresses from the VPN provider, which afterall could change.

 

[JJT211]

Any luck with this guys?

 

[stryk9]

I have been running my setup now for a little over a year. I never really got the IPFW settings to work, but for whatever reason, when i lose VPN connection within the jail, It looses all internet connectivity anyhow for some reason... So I pretty much stopped messing with it, and frankly, forgot about it.

 

[JJT211]

https://forums.freenas.org/index.ph...ssion-with-openvpn-and-pia.24566/#post-166148

 

[rcdevils]

That seems like a good approach, if you wish to connect to VPN directly from within the jail.

If you have multiple jails that should use VPN, this may not be the best approach. I am trying to find out how to send multiple jail traffic through the VPN client connected from freenas.

Still researching. will post if I make headway.

Now I'm not sure if this would be possible but could one create a vpn inside a jail and also have a vpn hosted in the jail. So you would set up your other jails to connect to your vpn jail which would then forward it to the actual vpn. Would this be doable?