Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

One VPN, multiple jails

Joined
Oct 20, 2019
Messages
3
Dear all,

I'm looking for a solution to achieve a situation where my jails can use the same VPN connection.

The current situation:
My system is running on version FreeNAS-11.1-U7.
I've installed OpenVPN on the host, configured with the following Tunables in the GUI:

cloned_interfaces="tun"
gateway_enable="YES"
openvpn_configfile="/mnt/vpn/openvpn.conf"
openvpn_dir="/mnt/vpn"
openvpn_enable="YES"
openvpn_if="tun"

There are two jails installed on my FreeNAS, Sabnzbd and Transmission. They're both configured through the GUI.
My goal now is, to get these jails network access to the outside by using the VPN on the host.

I've read numerous threads about this, yet although some similarties can be found amongst them, each solution is very different in its approach.
Some of the things I tried:
- install VPN in one jail with ipfw rules (actually got this working fine and is my solution for just one jail)
- editing the "/etc/rc.conf" file in my jail to somehow make it use the cloned tunnel interface
- creating a "jail.conf" in the "var/run" folder for my jail
- configuring pfsense and routing tables

To make things worse, Windows has always been more of my thing and networking isn't something I'm particulary good at as well.
So at this moment I'm at a loss of where to begin.

A fresh start now provides me with the basics that are in place.
VPN runs on the host, my jails are running without any adjustments.
An "ifconfig" command shows the following tunnel interface:

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.4.96.244 --> 10.4.96.1 netmask 0xffffff00
nd6 options=1<PERFORMNUD>
groups: tun
Opened by PID 1824

Also the "wget" command on the host shows my VPN address (yay).
But how do I get my jails to use the host VPN connection?

Some sidenotes:
Instead of using Tunables, is it possible to put this directly into a config file?
I tried editing the "/tmp/rc.conf.freenas" file, but I believe this wasn't working properly.

With this I realise I'm asking a lot and probably the same many before me have asked.
Also I really have read many posts and threads about how to achieve a similar setup, but the sheer amount of different suggestions only adds up to the confusion.
If someone is willing to provide me with some feedback and hopefully some help with this, that would be greatly appreciated.

Thank you in the least for reading this and regards,

BM
 
Joined
Oct 20, 2019
Messages
3
For what it's worth, I managed to get it all working the way I wanted to.
Allow me to give a brief description of my actions.

First of all, I upgraded to Freenas 11.2 and started fresh. This seemed to have helped a lot.
a lot of bugs I encountered with jails and the previous version(s) of FreeNAS, did not appear this time.
Second, I build one jail for SABNZBD, Transmission and OpenVPN and tried to do most on the command interface, instead of the GUI.
I'll leave out the part of configuring the SABNZBD/Transmission plugins, because it's already been documented by others.

My internal network is in the range of 192.168.1.0/24 .
The account used for the jail applications is the same as the jail name: sabtrans

My jail was build like this:

Jail Name: sabtrans
Release: 11.2-RELEASE
Auto-start: X
IPv4 Address: 192.168.1.106

Mount points:
Source: /mnt/FreeNAS/Downloads
Destination: /mnt/FreeNAS/iocage/jails/sabtrans/root/mnt/Downloads

## EDIT THE JAIL
DHCP Autoconfigure IPv4: X
VNET: X
Berkeley Packet Filter: X
allow_tun: X

## FREENAS CLI COMMANDS
## The commands used in the commandline are shown by $

## UPDATE JAIL
$ iocage list
$ iocage console sabtrans
$ pkg update
$ pkg upgrade -y

## INSTALL PACKAGES
$ pkg install -y nano openvpn sabnzbdplus transmission wget

## CONFIGURE OPENVPN
$ mkdir /usr/local/etc/openvpn

# Copy your openvpn.conf to this directory.
# In my case it's from AirVPN, so all the settings are already in the .conf file
$ cp whateverpath/openvpn.conf /usr/local/etc/openvpn/openvpn.conf
$ chmod 777 /usr/local/etc/openvpn/openvpn.conf
$ echo 'openvpn_enable="YES"' >> /etc/rc.conf
$ echo 'openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"' >> /etc/rc.conf

## CHECK IP BEFORE AND AFTER STARTING OPENVPN
$ wget -qO - http://wtfismyip.com/text
$ service openvpn start
$ wget -qO - http://wtfismyip.com/text

Now the firewall part is a dodgy one. I believe there are a lot of wrong guides on how to set the firewall settings for FreeNAS.
In fact, I haven't found one that works and suits my needs. So I decided not to use IPFW.
For those interested, this is how you can enable it.

## CONFIGURE FIREWALL
# Copy your firewall settings to this path, or simply use nano to edit a new file called '/etc/ipfw.rules'
$ cp whateverpath/ipfw.rules.txt /etc/ipfw.rules
$ echo 'firewall_enable="YES"' >> /etc/rc.conf
$ echo 'firewall_type="/etc/ipfw.rules"' >> /etc/rc.conf

## START FIREWALL
$ service ipfw start

## CHECK FIREWALL
$ ipfw list

Maybe someone can find some use to any of this this.
Thanks for your time anyway!

Regards,

BM
 
Top