OpenVPN installation (not in jail?)

Status
Not open for further replies.
Joined
Oct 6, 2016
Messages
6
Hi everybody,
I'm new here and new to FreeNAS which I installed some days ago.
I need to set up an openvpn client on my NAS box to be able to access its web interface from my home based vpn network.

I managed to start the client manually, but I can't do it automatically on boot.
I learned how to make persistent changes in rc.conf (although it will be overwritten on system update, right?), but I'm stuck with the directory
/usr/local/etc/openvpn which gets lost over a reboot.

I read that usually you install openvpn in a jail, but this would prevent me to access the FreeNAS web interface, right? And I for sure don't want to expose my http port to the world to access FreeNAS remotely.

So, what can I do to make conf dir persistent?
I already have
openvpn_enable="YES"
and
openvpn_configfile="/etc/openvpn/blackbox.conf"
in my rc.conf, but the openvpn startup script always looks for file in /usr/local/etc/openvpn

Any help is really appreciated.
 
Joined
Oct 6, 2016
Messages
6
Thanks @m0nkey_
I read about Tunables during my setup, but it's not clear to me which variables are exposed to OpenVPN upon startup.
If I can tell to the openvpn startup script to find configuration files elsewhere I'd be good.
Now I'm away from home but I'm quite sure that the
Openvpn_config entry in rc.conf does not have any effect. I will check later.

Anyone has already tried to start an openvpn client on boot outside a jail?
 

m0nkey_

MVP
Joined
Oct 27, 2015
Messages
2,739
You could also try running a post-init command to bring up the OpenVPN interface.
 
Joined
Oct 6, 2016
Messages
6
Ok. I thought about that, but I'm a Linux person and still don't know so much about FreeBSD.
Can you point me to the right point in the FreeNAS doc to try this?

Thanks.
 

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
A VPN puts you on the same network subnet that all your devices are on.

You can absolutely access the web GUI of the FreeNAS box by connecting to a VPN running in a jail. Otherwise, the VPN wouldn't really be any good for anyone.

You really shouldn't be running software directly on the FreeNAS, and it should be done in a jail.
 
Joined
Oct 6, 2016
Messages
6
A VPN puts you on the same network subnet that all your devices are on.

You can absolutely access the web GUI of the FreeNAS box by connecting to a VPN running in a jail. Otherwise, the VPN wouldn't really be any good for anyone.

You really shouldn't be running software directly on the FreeNAS, and it should be done in a jail.

I thought thai a jail creates a different machine with a different IP address than the main FreeNAS box. Am I wrong?
If I'm right and I run the VPN client in the jail to connect to my VPN server I will be able to contact the jail ip but not the web gui ip.
 

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
I thought thai a jail creates a different machine with a different IP address than the main FreeNAS box. Am I wrong?
If I'm right and I run the VPN client in the jail to connect to my VPN server I will be able to contact the jail ip but not the web gui ip.

A jail has a different IP address on the same subnet as your FreeNAS box.

Why would you use FreeNAS as the client to connect to a VPN server in your home? Is the FreeNAS box not in your home?

Aside from not understanding what your actual configuration is, or what the goal of all this is, you can indeed route traffic or use SSH tunnels to get to the web GUI of the FreeNAS box from another machine/VM/jail.
 
Joined
Oct 6, 2016
Messages
6
A jail has a different IP address on the same subnet as your FreeNAS box.

Why would you use FreeNAS as the client to connect to a VPN server in your home? Is the FreeNAS box not in your home?

Aside from not understanding what your actual configuration is, or what the goal of all this is, you can indeed route traffic or use SSH tunnels to get to the web GUI of the FreeNAS box from another machine/VM/jail.

Yes, you're right: my FreeNAS box is outside my home (my wife's office) and I would like to access it in case of need. I already have a working VPN running at my house and the easiest way to connect to the FreeNAS box is to attach it to my VPN as a client like I did with the actual Linux server.

I understand that reversing the client/server configuration in would slow me to connect to the freeNAS subnet, but I'd rather prefer to use my existing VPN network.

I hope I had made my situation clearer.
Thanks again to everybody.
 

pirateghost

Unintelligible Geek
Joined
Feb 29, 2012
Messages
4,219
Yes, you're right: my FreeNAS box is outside my home (my wife's office) and I would like to access it in case of need. I already have a working VPN running at my house and the easiest way to connect to the FreeNAS box is to attach it to my VPN as a client like I did with the actual Linux server.

I understand that reversing the client/server configuration in would slow me to connect to the freeNAS subnet, but I'd rather prefer to use my existing VPN network.

I hope I had made my situation clearer.
Thanks again to everybody.
Makes it much clearer.

Although, yes you can indeed use SSH tunneling(easiest solution), and simply use your jail as a 'jump server' to gain access to the rest of the network. Or you can configure some routing on the jail to allow you to access the server GUI.

I prefer to not run ANYTHING on my FreeNAS box, and let the jails run the services I need outside of actual file storage.
 
Status
Not open for further replies.
Top