I've been attempting to get a OpenVPN server configured on my TrueNAS server, and following the directions from here, it's up and running and properly routing traffic to both my internal network and the external Internet.
However, my Windows VM (running in the standard TrueNAS VM manner) loses its connection to the network (thank goodness for noVNC) once the following tunables are enabled:
(note: natd_interface edited from tutorial to match system's main interface)
TrueNAS version: TrueNAS-12.0-U6.1
Windows VM version: 21H1 19043.1165
Windows VM typically gets IP 192.168.1.239/24; currently has IP 169.254.57.193/16. OpenVPN is configured to use the 192.168.2.0/24 subnet.
I suspect that my tunable natd configurations are overwriting some hidden natd configurations necessary for the VM to pass traffic, but I don't know enough of the inner workings to even know where to begin investigating this.
I'm not the only person I've encountered with this issue it seems (including in the comments of the linked video above), and it seems like a non-trivial use-case combination (using the same server to have an OpenVPN host and a VM host), so finding a resolution to this could be beneficial for the larger community, too.
So, my questions are two-fold:
Other potentially useful info:
However, my Windows VM (running in the standard TrueNAS VM manner) loses its connection to the network (thank goodness for noVNC) once the following tunables are enabled:
Code:
natd_enable [yes] natd_interface [igb0] natd_flags [-dynamic -m]
(note: natd_interface edited from tutorial to match system's main interface)
TrueNAS version: TrueNAS-12.0-U6.1
Windows VM version: 21H1 19043.1165
Windows VM typically gets IP 192.168.1.239/24; currently has IP 169.254.57.193/16. OpenVPN is configured to use the 192.168.2.0/24 subnet.
I suspect that my tunable natd configurations are overwriting some hidden natd configurations necessary for the VM to pass traffic, but I don't know enough of the inner workings to even know where to begin investigating this.
I'm not the only person I've encountered with this issue it seems (including in the comments of the linked video above), and it seems like a non-trivial use-case combination (using the same server to have an OpenVPN host and a VM host), so finding a resolution to this could be beneficial for the larger community, too.
So, my questions are two-fold:
- Is there a way to fix this, either through routing settings or natd flags or something else entirely?
- If my suspicion above is correct, is there a way to find these configurations so they can manually added back?
Other potentially useful info:
Code:
root@(server):~ # ipfw list 00050 divert 8668 ip4 from any to any via igb0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any icmp6types 1 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 65000 allow ip from any to any 65535 allow ip from any to any
Code:
root@(server):~ # ifconfig em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER> ether 00:25:90:b5:62:93 media: Ethernet autoselect status: no carrier nd6 options=1<PERFORMNUD> igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: GigNIC options=a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6> ether 00:25:90:b5:62:92 inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=9<PERFORMNUD,IFDISABLED> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> pflog0: flags=0<> metric 0 mtu 33160 groups: pflog mlxen0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000 description: 10GigNIC options=ed07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> ether e4:1d:2d:dc:43:e0 inet 192.168.7.2 netmask 0xffffff00 broadcast 192.168.7.255 media: Ethernet autoselect (10Gbase-CX4 <full-duplex,rxpause,txpause>) status: active nd6 options=9<PERFORMNUD,IFDISABLED> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffff00 groups: tun nd6 options=1<PERFORMNUD> Opened by PID 1646 bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 02:06:1d:02:71:00 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 9 priority 128 path cost 2000000 member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 8 priority 128 path cost 2000 member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 2 priority 128 path cost 20000 groups: bridge nd6 options=1<PERFORMNUD> vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: associated with jail: Plex as nic: epair0b options=8<VLAN_MTU> ether 02:25:90:31:41:ea hwaddr 02:77:b8:03:a5:0a groups: epair media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) status: active nd6 options=1<PERFORMNUD> vnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> ether fe:a0:98:65:44:79 hwaddr 58:9c:fc:10:e8:47 groups: tap media: Ethernet autoselect status: active nd6 options=1<PERFORMNUD> Opened by PID 2145
Code:
root@(server):~ # netstat -r Routing tables Internet: Destination Gateway Flags Netif Expire default RackGateway UGS igb0 localhost link#3 UH lo0 192.168.1.0/24 link#2 U igb0 192.168.1.2 link#2 UHS lo0 192.168.2.0/24 192.168.1.2 UGS igb0 192.168.2.1 link#6 UHS lo0 192.168.2.2 link#6 UH tun0 192.168.7.0/24 link#5 U mlxen0 192.168.7.2 link#5 UHS lo0 Internet6: Destination Gateway Flags Netif Expire ::/96 localhost UGRS lo0 localhost link#3 UH lo0 ::ffff:0.0.0.0/96 localhost UGRS lo0 fe80::/10 localhost UGRS lo0 fe80::%lo0/64 link#3 U lo0 fe80::1%lo0 link#3 UHS lo0 ff02::/16 localhost UGRS lo0