OpenVPN Client with No Jail for Remote Replication Target

Status
Not open for further replies.
Joined
Apr 19, 2017
Messages
8
After struggling with an overly complicated setup, decided to try and simplify my configuration. Basically, I have a home network and two FreeNAS server with an OpenVPN server on the gateway to the internet. I also have at a remote location another FreeNAS box that I wanted as a Replication target from the two home servers.

Initial configuration had me playing with using an OpenVPN client in a jail, but I ran into issues with packet routing. Next I tried a virtualized PFSense router at the remote site and a site to site VPN.

My final configuration requires only a few tuneables and a directory on the primary ZFS volume, which is persistent across reboots and FreeNAS versions.

RC.CONF
Code:
openvpn_enable="YES"
openvpn_configfile="/mnt/tank1/ovpnc/openvpn.conf"
openvpn_dir="/mnt/tank1/ovpnc"


OpenVPN Client Configuration
Code:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote {REDACTED} 1195 udp
setenv opt block-outside-dns
lport 0
verify-x509-name "{REDACTED}" name
pkcs12 gateway-UDP4-1195-cube.p12
tls-auth gateway-UDP4-1195-cube-tls.key 1
remote-cert-tls server
comp-lzo adaptive


I would welcome any feedback on this configuration.
 
Status
Not open for further replies.
Top