OpenVPN + Transmission(Jailed)

[ChromoX]

Hello everyone,

I have a VPN provider I use to route my traffic through. I am trying to get Transmission to route traffic only through the VPN.

I realized that FreeNAS does not have ipfw, and therefore I can't configure a firewall to route things correctly... So I started trying a lot of different stuff and nothing has worked thus far.

I am currently doing research on the command "setfib" to possibly trick the jail into only communicating over my OpenVPN tun.

I have OpenVPN up and running properly. I just need to figure out how to route Transmission properly.

Anyone done anything like this and got it working properly?

Thanks!

 

[ProtoSD]

What is the subnet for your VPN?

What are your network settings in the GUI for your jail?

Have you tested that DNS is working from the jail?

Have you tried pinging anything from your jail?

EDIT:

Also, are you running OpenVPN on FreeNAS? / How are you connecting your local network to the VPN?

 

[ChromoX]

I am not sure what you mean by that question. OpenVPN on my FreeNAS box is just acting as a client that connects to a VPN service and opens a tun device on my box so that I can push traffic across the VPN.

Network Settings: I have only assigned an IP to my jail of 192.168.1.21. I tried to find firewall settings and other network settings, but was unable to find something that looked like it might work.

Yes DNS is working from the jail. I can ping google.com from within the jail.

Yes I am running OpenVPN on FreeNAS(Non-jailed) and have it configured and working.

Thanks!

 

[dratcha]

Did you ever find out how to do this? I would like to do the same thing...

 

[emk2203]

+1. There's a lot of interest for this...

 

[damian]

Bump? I'm also trying to get this setup with no luck.

 

[timeo]

It could be done this way (w/o jails, though you may need to recompile your kernel to enable the support of more than 1 routing table*):

fib1_defaultrouter="192.168.0.1"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/client.conf"
openvpn_fib="1"
transmission_enable="YES"
transmission_fib="1"

*options ROUTETABLES=1..16

 

[emk2203]

It could be done this way (w/o jails, though you may need to recompile your kernel to enable the support of more than 1 routing table*):

fib1_defaultrouter="192.168.0.1"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/client.conf"
openvpn_fib="1"
transmission_enable="YES"
transmission_fib="1"

*options ROUTETABLES=1..16

What do you mean w/o jails? Transmission runs in a jail by default. So, your info in this jail should be sufficient? I probably would need to educate myself about setfib before I try this.

 

[timeo]

Ok, last I used FreeNAS probably 6-7 years ago.

First you have to determine how many routing tables can you use at the moment -

Code:

sysctl net.fibs

If the number is greater than 1, then you can proceed to the jail definition, if not -

Code:

/boot/loader.conf - net.fibs="N"

(and reboot).

Then you should locate the transmission jail in jail host's rc.conf/.local and add an entry like that:

Code:

jail_jailname_fib="N"

to it (if this is your first additional routing table, use "1").

You should also add

Code:

fibN_defaultrouter="1.1.1.1"

in order to be able to connect to the VPN server that you're going to use.

Restart the jail and you should be able to connect to the vpn server.

 

[emk2203]

Ok, last I used FreeNAS probably 6-7 years ago.

The issue is, it needs to work within the FreeNAS framework, otherwise it's impractical because of frequent system upgrades and whatnot.

You are in effect answering this question at the FreeBSD forum, is this correct? Now how to apply this to current FreeNAS, I am not sure.

First you have to determine how many routing tables can you use at the moment -

Code:

sysctl net.fibs

Which gives

Code:

net.fibs: 1

as the result.

If the number is greater than 1, then you can proceed to the jail definition, if not -

Code:

/boot/loader.conf - net.fibs="N"

(and reboot).

Is it safe to just add the

Code:

net.fibs="2"

part? Or, in other words, is a

Code:

net.fibs="x"

supposed to be there? In FreeNAS, there is no such line.

Then you should locate the transmission jail in jail host's rc.conf/.local and add an entry like that:

Code:

jail_jailname_fib="N"

to it (if this is your first additional routing table, use "1").

This looks easy enough, assuming the framework for additional fibs is there.

You should also add

Code:

fibN_defaultrouter="1.1.1.1"

in order to be able to connect to the VPN server that you're going to use.

So, as an example, my VPN provider has a server at 1.2.3.4 and it's the first additional routing table, I would use

Code:

fib1_defaultrouter="1.2.3.4"

. What happens to local access, let's say everything 192.168.x.x for my network?

 

[timeo]

1. Yes, it is safe to add it to loader.conf.
2. The framework should be there.
3. A default router needs to be added in order to be able to reach the VPN server itself (you do need Internet for that, right? :)) - so this should be your gateway. If possible, make sure that you are only able to reach the VPN server (by firewall rules or persist tun with OpenVPN).
4. These should be inherited. You could easily check the entries in the secondary routing table by executing "setfib 1 netstat -nr"

 

[emk2203]

Thanks - this looks quite promising. As soon as my VPN is working again, I let you know!

 

[Kennwood]

I wish there was a plugin to I am totally stumped, Can some one please help I have to use a vpn to download anything. the guides i found are all outdated and go abit over my head.

 

[emk2203]

It could be done this way (w/o jails, though you may need to recompile your kernel to enable the support of more than 1 routing table*):

fib1_defaultrouter="192.168.0.1"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/client.conf"
openvpn_fib="1"
transmission_enable="YES"
transmission_fib="1"

*options ROUTETABLES=1..16

Where do these go? rc.conf.local?

 

[stallione]

So, I have been using Transmission and using a VPN tunnel but with a slightly different setup. My configuration doesn't require you to add an additional routing table to the OS, but instead leverages the routing table of the vpn router. My VPN router is a DD-WRT device which is on the same subnet as the Transmission jail and I have the default route on the Transmission Jail pointed to the VPN router. On the VPN router, I have added additional routes to support the rest of the local subnets. (I have three NICS, one static and one DHCP, the third one is configured to manually get a DHCP IP after the boot process is complete)

 

[cyberjock]

I wish there was a plugin to I am totally stumped, Can some one please help I have to use a vpn to download anything. the guides i found are all outdated and go abit over my head.

Yeah, that's a tough one.

 

[icydeadpeeps]

I just set this up on my system. It was actually much easier than I had expected. I just installed OpenVPN from the ports tree inside my Transmission jail and setup the client config file and the autostart options.

I use Private Internet Access as my VPN server so what I did has some steps that are specific to that (mainly that they use username-pass auth instead of keys) but most of it should be applicable to other people. I will look into writing up a step by step guide when I have a bit of time later this week/next week.

 

[fullmetaljester]

I just set this up on my system. It was actually much easier than I had expected. I just installed OpenVPN from the ports tree inside my Transmission jail and setup the client config file and the autostart options.

I use Private Internet Access as my VPN server so what I did has some steps that are specific to that (mainly that they use username-pass auth instead of keys) but most of it should be applicable to other people. I will look into writing up a step by step guide when I have a bit of time later this week/next week.

I have this exact setup, I would really appreciate a writeup

 

[emk2203]

+1.

Also same setup.

 

[drewconner]

I just set this up on my system. It was actually much easier than I had expected. I just installed OpenVPN from the ports tree inside my Transmission jail and setup the client config file and the autostart options.

I use Private Internet Access as my VPN server so what I did has some steps that are specific to that (mainly that they use username-pass auth instead of keys) but most of it should be applicable to other people. I will look into writing up a step by step guide when I have a bit of time later this week/next week.

+1, I use PIA too and would love a writeup.