Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

OpenVPN setup guide for FreeNAS 11.2

Havie

Newbie
Joined
Aug 16, 2018
Messages
44
Hi,

I am having trouble getting openvpn working in 11.2.
It was running in 11.1, but after the upgrade - it stopped, and now I cannot reinstall it again.

This is a guide I am trying to put together (from many different sources), if I should need to do it once again - and hopefully after I have this working - it will also be shared here.

Step 1:
Create new jail:
openvpn
IP: xx.xx.xx.xx
LAGG0
Select "Autostart"

Step 2:
Add mount point:
Source: /mnt/nas/backup/openvpn #This is a SMB share that allows me to upload the downloaded files from my VPN provider and store them on my NAS
Destination: /mnt/nas/iocage/jails/openvpn/root/usr/local/etc/openvpn

Step 3:
Enter jail and update & install
pkg update && pkg upgrade && pkg install bash openvpn unzip curl

Step 4:
Exit and re-enter jail

Step 5:
Enable auto start
echo 'openvpn_enable="YES"' >> /etc/rc.conf
echo 'openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"' >> /etc/rc.conf

Step 6:
Download the configuration from your VPN provider and extract all files to the openvpn folder (SMB share)
/usr/local/etc/openvpn/

Step 7:
echo "CHANGE TO YOUR PASSWORD" >> /usr/local/etc/openvpn/credentials
echo "askpass /usr/local/etc/openvpn/credentials" >> /usr/local/etc/openvpn/openvpn.conf

Replace the "openvpn.conf" with the actual server .ovpn filename from the zip that you want to connect to.

Step 8:
Start OpenVPN and see that everything works
/usr/local/etc/rc.d/openvpn start


Step 9:
Verify that the connection was successful
Wait about 30 seconds and then run:

curl https://ipinfo.io
You should see something like:

{
"IP": "168.1.66.228",
"hostname": "e4.42.01a8.ip4.static.sl-reverse.com",
"city": "Melbourne",
"region": "Victoria",
"country": "AU",
"loc": "-37.8103,144.9544",
"org": "AS36351 SoftLayer Technologies Inc.",
"postal": "3000"
}

or type
curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
to see current IP

Step 10:
Done!


This is not working for me - I seem to be missing a step somewhere.
It simply does not start the service.

I am using the following command to test:

# service openvpn start
# = starting openvpn

# service openvpn status
# = not running

I have tried to rename one of the servers I would like to connect to, to openvpn.conf but without luck.


Now I have also tried to create an entire new jail, using the command
openvpn-client "CLIENT TO CONNECT TO".ovpn

And now I only getting the following message:

upload_2018-11-11_20-41-9.png


I have also tried to follow: https://forums.freenas.org/index.php?threads/openvpn-issues-in-new-jails-after-11-1.59828/
but with VNET checked in the Jail creation, it does not have access to the internet at all.

I hope someone would be able to assist, in order for me to finish this setup guide and get my vpn working again.
 

Havie

Newbie
Joined
Aug 16, 2018
Messages
44
Unfortunately I have read that a bug in 11.2 might be the problem, therefor I must wait and try again once I have updated it to the latest version. (11.2 R2)
I will update this thread once I have found a solution. If someone else finds one before me, please let me know.
 

Baenwort

Newbie
Joined
Feb 19, 2015
Messages
49
I wasn't getting the same problem of starting the service but the tun creation problem on 11.2-RC2 was solved for me by following up to step 5 from: https://ftp.freenas.org/issues/40872#note-44 after that I was able to get openVPN working again (this was a 11.1-u6 iocage jail that had a working OpenVPN setup before moving to 11.2)
 

Havie

Newbie
Joined
Aug 16, 2018
Messages
44
Sounds great. I will update mine this weekend, and try again to get it to work. Thanks for the update!
 

Havie

Newbie
Joined
Aug 16, 2018
Messages
44
I have now updated to the latest version, but still without luck. I hope someone else has some luck in getting it to work...
 

WookieCookie

Newbie
Joined
Nov 22, 2017
Messages
10
@Havie , you said you updated to the latest version I'm assuming you mean 11.2-RC2. But have you tried the following?

  1. Remove any existing OpenVPN support hacks, such as the devfs pre-init command.
  2. Stop all of the jails that are using OpenVPN
    iocage stop <jail-name>

  3. Update your openvpn jail(s) to include the allow_tun=1 setting.
    iocage set allow_tun=1 <jail-name>

  4. Reboot your NAS, to clear any resident state from previous hack(s).
  5. Start the jail again.
    iocage start <jail-name>
source: https://ftp.freenas.org/issues/40872#note-44
 

Havie

Newbie
Joined
Aug 16, 2018
Messages
44
Yes, you are correct, it is 11.2-RC2 i have installed.
Unfortunately I have tried this as well, but without luck.
I think I will be waiting until someone else confirms that it works, and once I have had confirmation, I will add this to the installation description here as well.
 

WookieCookie

Newbie
Joined
Nov 22, 2017
Messages
10
@Havie is the jail setup as DHCP or Static IP? I had a lot of trouble getting an iocage jail to work with a static ipv4 address and finally left it as DHCP and set a static route via MAC on my router in conjunction with that tunable set for the jail in question. I've tried it on two different FreeNAS boxes running 11.2-RC2 and both have worked like a charm.
 
Joined
Aug 5, 2018
Messages
1
Hello. I am attempting to configure Transmission to use PIA via OpenVPN in connecting to the internet. I followed the guide in the post by @Havie and have an openvpn jail running on FreeNAS version 11.2-RELEASE. I still needed to run the following command to get openvpn running: iocage set allow_tun=1 <jail-name>

I have attempted to use the guide linked by @JTBTek, but the "pkg" command returns an error when attempting to install openvpn in the transmission jail itself, so I currently have openvpn and transmission configured as separate jails.

curl https://ipinfo.io shows the PIA network info in the openvpn jail, but this command still shows my own address for the transmission jail. I assume I need to use ifconfig or something to force the traffic for transmission to go through the openvpn jail. Does anyone have an idea of how to do this? Thank you.

P.S. If it wasn't already obvious I am completely clueless when it comes to freebsd / freenas / networking / etc.
 

JTBTek

Newbie
Joined
Dec 1, 2018
Messages
32
I forgot there is one step that guide was missing that I had to add in myself after a little searching. pkg is limited when installing plugins. To enable the full pkg inside your transmission plugin jail, follow these few steps.

Allow full pkg installs:
Run the following command in your FreeNAS shell.

ee /usr/local/etc/pkg/repos/FreeBSD.conf

Change the line to FreeBSD: { enabled: yes }

Then update pkg:
pkg update

As for checking your public IP address, I prefer the following command. Run it in your FreeNAS shell, then again in you transmission shell, make sure the result is different. If they are indeed different, your PIA is active in your transmission jail.

wget http://ipinfo.io/IP -qO -
(You would need to install wget, after doing the steps above to allow for full pkg support.)

Don't forget your kill-switch.

Hope these steps help.
 

JTBTek

Newbie
Joined
Dec 1, 2018
Messages
32
Oh, one more thing, once you have openvpn in your transmission jail, the traffic through the vpn will happen without any other configuration, minus the kill switch setup.
 

VolumeTank

Newbie
Joined
Dec 23, 2018
Messages
37
Oh, one more thing, once you have openvpn in your transmission jail, the traffic through the vpn will happen without any other configuration, minus the kill switch setup.
I forgot there is one step that guide was missing that I had to add in myself after a little searching. pkg is limited when installing plugins. To enable the full pkg inside your transmission plugin jail, follow these few steps.

Allow full pkg installs:
Run the following command in your FreeNAS shell.

ee /usr/local/etc/pkg/repos/FreeBSD.conf

Change the line to FreeBSD: { enabled: yes }

Then update pkg:
pkg update

As for checking your public IP address, I prefer the following command. Run it in your FreeNAS shell, then again in you transmission shell, make sure the result is different. If they are indeed different, your PIA is active in your transmission jail.

wget http://ipinfo.io/IP -qO -
(You would need to install wget, after doing the steps above to allow for full pkg support.)

Don't forget your kill-switch.

Hope these steps help.
Hi, I was looking into access FreeNAS throut OpenVPN found this but I can't even install pkg nano or pkg openvpn it saids No packages available to install matching either or. I did this
ee /usr/local/etc/pkg/repos/FreeBSD.conf
but still no luck there is more than 10 Forum that exlplain how to install openvpn but not 1 work and most of them is the same reason NO SUCH DIRECTORY OR FILE/NO PACKAGES AVAILABLE.

It most be a bug in FreeNAS 11.2 because not even nextcloud works properly!
 

JTBTek

Newbie
Joined
Dec 1, 2018
Messages
32
I didn't mention it but did you reboot FreeNAS after making the change? This has worked for myself and at least 3 other users I know of for sure.

From what I have read in the documentation for FreeNAS and here in the forum, plug-ins are meant to be stand alone, so additional "pkg"'s are not included in the jails repo (to reduce the size of the jail). The above change allows for additional packages to be included in the repo. If it were a bug, there would be more widespread reports of issues (many users group packages in plugins). But if this still doesn't meet your needs, setup an advanced jail, this feature allows full control and access to the full repo and you can install any package.
 

VolumeTank

Newbie
Joined
Dec 23, 2018
Messages
37
I didn't mention it but did you reboot FreeNAS after making the change? This has worked for myself and at least 3 other users I know of for sure.

From what I have read in the documentation for FreeNAS and here in the forum, plug-ins are meant to be stand alone, so additional "pkg"'s are not included in the jails repo (to reduce the size of the jail). The above change allows for additional packages to be included in the repo. If it were a bug, there would be more widespread reports of issues (many users group packages in plugins). But if this still doesn't meet your needs, setup an advanced jail, this feature allows full control and access to the full repo and you can install any package.

I will give it a try I didn't reboot after the changes that's for sure. I was already trying a different way by installing the OpenVPN on my router with DD-WRT. So far I have configure successfully DD-WRT on my router. Just a matter of installing OpenVPN on my router and any other step... Thanks for thncalrification!
 

VolumeTank

Newbie
Joined
Dec 23, 2018
Messages
37
I will give it a try I didn't reboot after the changes that's for sure. I was already trying a different way by installing the OpenVPN on my router with DD-WRT. So far I have configure successfully DD-WRT on my router. Just a matter of installing OpenVPN on my router and any other step... Thanks for thncalrification!

Still no luck at all this what I get every time I try:


root@FreeNAS[~]# jexec 1 tcsh

root@transmission:/ # pkg update

Updating iocage-plugins repository catalogue...

iocage-plugins repository is up to date.

All repositories are up to date.

root@transmission:/ # pkg install nano

Updating iocage-plugins repository catalogue...

iocage-plugins repository is up to date.

All repositories are up to date.

pkg: No packages available to install matching 'nano' have been found in the repositories

root@transmission:/ # pkg install nano

Updating iocage-plugins repository catalogue...

iocage-plugins repository is up to date.

All repositories are up to date.

pkg: No packages available to install matching 'nano' have been found in the repositories

root@transmission:/ # pkg install openvpn

Updating iocage-plugins repository catalogue...

iocage-plugins repository is up to date.

All repositories are up to date.

pkg: No packages available to install matching 'openvpn' have been found in the repositories

root@transmission:/ #




Another situation I found is the when I change the the line FreeBSD: { enabled: no} to yes I double check once I save en exit and it still FreeBSD: {enabled: yes} But when I reboot and check again is back to FreeBSD: { enable: no}


^[ (escape) menu ^y search prompt ^k delete line ^p prev li ^g prev page
^o ascii code ^x search ^l undelete line ^n next li ^v next page
^u end of file ^a begin of line ^w delete word ^b back 1 char ^z next word
^t top of text ^e end of line ^r restore word ^f forward char
^c command ^d delete char ^j undelete char ESC-Enter: exit
=====line 1 col 0 lines from top 1 ============================================
FreeBSD: {
enabled: no
}
 
Last edited:

fmdx

Newbie
Joined
Jan 24, 2015
Messages
50
I'm watching with curiosity if a solution pans out. I'd like to get OpenVPN installed in a jail, but so far I haven't come across explicit directions.
 

JTBTek

Newbie
Joined
Dec 1, 2018
Messages
32
So I just tested these steps in 11.2-RELEASE-U1, It does still work.

Maybe I didn't type it clear. These steps need to be performed inside the transmission jail.

Navigate to freenas shell

iocage console transmission

ee /usr/local/etc/pkg/repos/FreeBSD.conf

Change no to yes

Esc and save

pkg update

Now you can install your packages

Edit-Also verified the reboot is not necessary.
 
Last edited:

fmdx

Newbie
Joined
Jan 24, 2015
Messages
50
I've followed this and get:

"starting openvpn.
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn"

When it comes to starting it.
 
Top