ethanmcdonald
Dabbler
- Joined
- Dec 4, 2012
- Messages
- 10
I've setup FreeNAS with a number of Plugins/Jails and installed OpenVPN as a service.
The FreeNAS main LAN IP is 192.168.1.65/24 on Interface "bge0" and a default gateway of 192.168.1.254.
The OpenVPN service also uses the 192.168.1.65 IP to listen on port 1194, this is not in jail.
There are Four Jails bridged on to the "bge0" Interface with LAN IPs of 192.168.1.50, 51, 52 & 53.
Just for the sake of completion the separate jailed FreeNAS services are BTSync, Transmission, SickRage and Plex.
Remote Desktop to a PC, while OpenVPN'd to from the WAN to my LAN, works.
Then I can connect to the different Jailed WebUI, because I'm then on that system.
The same is true of coarse if I use my PC or my Smart Phone directly connected via Ethernet or WiFi to the my LAN.
The issue is when connecting to my LAN network remotely via an OpenVPN session I can access all of my separate systems.
This includes my gateway 192.168.1.254 and the FreeNAS WebUI at 192.168.1.65 .
However I cannot access the Jailed Plugins at the IPs of 192.168.1.50, 51, 52 & 53.
I suspect this because of a hairpin routing issue from sending and receiving the (tun0) tunneled data via the same "bge0" Interface.
To recap the problem I'm encountering.
While connected to my OpenVPN session on the FreeNAS server I cannot access any of the hosted FreeNAS plugins/Jails.
I can however access my LAN of 192.168.1.x/24.
I'm open to any suggestions and/or changes that might let me have my cake and eat to over OpenVPN. :)
Below are some of the configs for my FreeNAS server.
The FreeNAS main LAN IP is 192.168.1.65/24 on Interface "bge0" and a default gateway of 192.168.1.254.
The OpenVPN service also uses the 192.168.1.65 IP to listen on port 1194, this is not in jail.
There are Four Jails bridged on to the "bge0" Interface with LAN IPs of 192.168.1.50, 51, 52 & 53.
Just for the sake of completion the separate jailed FreeNAS services are BTSync, Transmission, SickRage and Plex.
Remote Desktop to a PC, while OpenVPN'd to from the WAN to my LAN, works.
Then I can connect to the different Jailed WebUI, because I'm then on that system.
The same is true of coarse if I use my PC or my Smart Phone directly connected via Ethernet or WiFi to the my LAN.
The issue is when connecting to my LAN network remotely via an OpenVPN session I can access all of my separate systems.
This includes my gateway 192.168.1.254 and the FreeNAS WebUI at 192.168.1.65 .
However I cannot access the Jailed Plugins at the IPs of 192.168.1.50, 51, 52 & 53.
I suspect this because of a hairpin routing issue from sending and receiving the (tun0) tunneled data via the same "bge0" Interface.
To recap the problem I'm encountering.
While connected to my OpenVPN session on the FreeNAS server I cannot access any of the hosted FreeNAS plugins/Jails.
I can however access my LAN of 192.168.1.x/24.
I'm open to any suggestions and/or changes that might let me have my cake and eat to over OpenVPN. :)
Below are some of the configs for my FreeNAS server.
Code:
ifconfig bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE> ether 00:22:19:24:7d:c1 inet 192.168.1.65 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=9<PERFORMNUD,IFDISABLED> media: Ethernet autoselect (1000baseT <full-duplex>) status: active ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536 nd6 options=9<PERFORMNUD,IFDISABLED> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xc inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff nd6 options=1<PERFORMNUD> Opened by PID 2664 bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 02:fb:13:48:01:00 nd6 options=1<PERFORMNUD> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair3a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 18 priority 128 path cost 2000 member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 17 priority 128 path cost 2000 member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 16 priority 128 path cost 2000 member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 15 priority 128 path cost 2000 member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 5 priority 128 path cost 20000 epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 02:88:ea:00:0f:0a nd6 options=1<PERFORMNUD> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active epair1a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 02:ea:64:00:10:0a nd6 options=1<PERFORMNUD> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active epair2a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 02:00:da:00:11:0a nd6 options=1<PERFORMNUD> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active epair3a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> ether 02:79:5f:00:12:0a nd6 options=1<PERFORMNUD> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active
Code:
ipfw show 00100 24291 1778973 nat 1 ip from 10.8.0.0/24 to any out via bge0 00200 98422092 17282282298 nat 1 ip from any to any in via bge0 65535 1139024414 1590259250407 allow ip from any to any
Code:
# Sample OpenVPN 2.0 config file for # multi-client server. # replace x.x.x.x with freenas ip local 192.168.1.65 port 1194 proto udp # mssfix 1400 dev tun ca /mnt/NAS/openvpn/keys/ca.crt cert /mnt/NAS/openvpn/keys/server.crt key /mnt/NAS/openvpn/keys/server.key dh /mnt/NAS/openvpn/keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt #change x.x.x.x to match your network ip range #ie 192.168.1.0 or 10.0.0.0 push "route 192.168.1.0 255.255.255.0" push "route 10.8.0.0 255.255.255.0" push "dhcp-option DOMAIN attlocal.net" push "dhcp-option DNS 192.168.1.254" #replace x.x.x.x with freenas ip route 192.168.1.65 255.255.255.0 10.8.0.1 keepalive 10 120 comp-lzo persist-key persist-tun verb 3
Code:
rc.conf ... # OpenVPN settings gateway_enable="YES" openvpn_enable="YES" openvpn_if="tun" openvpn_configfile="/mnt/NAS/openvpn/openvpn.conf" openvpn_dir="/mnt/NAS/openvpn"
Last edited: