OpenVPN

[Whattteva]

So, I've done some searching and it doesn't seem like anyone's asked this before.

I've set up OpenVPN on my FreeNAS box (8.3.0-RELEASE-p1-x64).
I've already pushed the 192.168.1.0 route to the client and added 10.8.0.0 route with gateway set to the IP of the NAS box to my router.

I can login to the VPN (10.8.0.0), obtain VPN IP, ping the VPN server both using the LAN IP and the VPN IP, access SAMBA share, SSH, etc.
Basically, the client can access anything on the FreeNAS box itself, but nothing else on the remote network (192.168.1.0), not even a simple ping.

After some googling around, I found this article. Going from that article, the only thing that I could possibly be missing is enabling IP forwarding on the NAS box. How do I go about doing that? Does anyone know?
Am I missing something else? Anyone else having this issue?

 

[cyberjock]

No clue how to solve your problem. But reading other threads of people that try to use VPNs in the FreeNAS jail the common advice given is "put the VPN on your router".

If you aren't installing to the jail, then you are making bigger mistakes because nothing should be installed on the USB stick aside from FreeNAS. The few megabytes of space available are necessary for the system and not other packages.

 

[Whattteva]

I'm pretty sure OpenVPN comes standard on it. I never installed any package or port. I just modified some config files and that's it. Unfortunately, installing on router is also not an option since it's a pretty basic router.

 

[gpsguy]

Hopefully, you're not using 192.168.1.x on both networks. If so, that would be a problem.

 

[Whattteva]

No, the other network has a real public IP, so there's no possible chance of a conflict.

 

[pirateghost]

No, the other network has a real public IP, so there's no possible chance of a conflict.

the internal side of the other network has public IP?

 

[Whattteva]

the internal side of the other network has public IP?

The other side doesn't have an "internal network" in the sense that it has 192.168.x.x or 10.x.x.x or any of the other internal IP ranges is what I meant. In other words, there's no NAT or any kind of IP masquerading going on the other side. Just to be clear, I'm not really trying to make the client's side network accessible through the VPN. I only care about the VPN server side.

In any case, this thread is starting to get off track. It'd be much appreciated if everyone focuses more on the original post rather than these later ones.

 

[pirateghost]

so your VPN server and the pushed subnet is 10.8.0.0
your internal network is 192.168.1.0/24

the only thing i can think of is make sure the client config has the push route statement also. i dont think you need any ip forwarding, but i do not have any experience with setting up a VPN on a FreeNAS box. i always set up my VPN servers on the routers themselves.


Also, I think it is quite rude to tell us we are getting Off Track, as we were simply working through all the troubleshooting steps. We have no idea how much you actually know about networking, so just because you said the other side has a public IP, that doesnt absolve the need to clarify. Read some of the threads around here and you would become quite aware of the retardation that occurs.

 

[Whattteva]

It was never my intention to be rude. I apologize if it came across as such. Thank you for all of the help so far.

The reason why I think the problem is IP forwarding is due to the fact I can only ping the NAS box itself, but nothing else (not even the router). This leads me to believe that the NAS box is not forwarding any traffic that is destined to the internal network besides itself.

I found another article here on adding gateway_enable directive to make IP forwarding work, but I'm not sure if that requires having anything installed.

 

[pirateghost]

sounds like basic routing then, not necessarily ip forwarding.

maybe try adding a static route in FreeNAS for the network?

network/static routes/add static route/
destination 192.168.1.0/24
gateway <gateway/router ip here>

 

[Whattteva]

I've figured out! Thanks for all the inputs!

What I needed to do was 2 things, one on the VPN server, and one on the client:
Server: add the gateway_enable="YES" directive to /etc/rc.conf
Client: add 10.8.0.1 as default gateway to the VPN connection setting.

For some reason, the DHCP server doesn't automatically populate that default gateway field for the VPN connection on the client.
Anyone has any ideas why or how to make that the default option?

 

[interpeix]

I'm in the same situation as you. Could you please be more specific about your steps?.

Thanks in advance :D

 

[ShinobiX9X]

Hello,

I'm have no experience with openvpn at all, even freenas is quite new to me, but that part is working for me.
now i would be really interested in openvpn for file access remotely.

Ive been to http://joepaetzel.wordpress.com/2012/07/24/openvpn-on-freenas-8-2/ and then http://www.unix-heaven.org/node/46

but when i do # cp /usr/local/share/doc/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn i get cp: /usr/local/share/doc/openvpn/sample-config-files/server.conf: No such file or directory


Does that mean openvpn doesn't come with freenas 8.3.1 anymore, or did i need to install or download something first?

step by step help would be much appreciated.

Shino

 

[Whattteva]

I'm in the same situation as you. Could you please be more specific about your steps?.

Thanks in advance :D

By same situation, do you mean being able to login and access the FreeNAS, but not all the other machines on the internal network?

- - - Updated - - -

Hello,

I'm have no experience with openvpn at all, even freenas is quite new to me, but that part is working for me.
now i would be really interested in openvpn for file access remotely.

Ive been to http://joepaetzel.wordpress.com/2012/07/24/openvpn-on-freenas-8-2/ and then http://www.unix-heaven.org/node/46

but when i do # cp /usr/local/share/doc/openvpn/sample-config-files/server.conf /usr/local/etc/openvpn i get cp: /usr/local/share/doc/openvpn/sample-config-files/server.conf: No such file or directory


Does that mean openvpn doesn't come with freenas 8.3.1 anymore, or did i need to install or download something first?

step by step help would be much appreciated.

Shino

OpenVPN does come by default. It just doesn't have those sample files by default. I had to make my own config files using examples I found elsewhere online.

Sorry for the delayed replies.

 

[ShinobiX9X]

Yes, it was the sample files, all works fine now, thanks :D

 

[interpeix]

For me, my issue was solved! Thanks for the reply.

 

[EscapeVelocit3y]

I've figured out! Thanks for all the inputs!

What I needed to do was 2 things, one on the VPN server, and one on the client:
Server: add the gateway_enable="YES" directive to /etc/rc.conf
Client: add 10.8.0.1 as default gateway to the VPN connection setting.

For some reason, the DHCP server doesn't automatically populate that default gateway field for the VPN connection on the client.
Anyone has any ideas why or how to make that the default option?

Can you please be specific about what you changed on the client side? I made the change to the server files rc.conf, but your steps were not clear on what files and what command you wrote in the client file.

 

[Whattteva]

Can you please be specific about what you changed on the client side? I made the change to the server files rc.conf, but your steps were not clear on what files and what command you wrote in the client file.

Basically, I manually added a Default Gateway for the client machine. I didn't specify the exact steps because that varies from OS to OS (depending on what OS the client is running). Sorry if that wasn't immediately clear.
There is a way to automate this using push "redirect-gateway def1" directive on your openvpn server config file. However, the downside with going this route is that ALL your traffic, not just traffic for the VPN subnet gets routed through your tunnel (which may or may not be what you want).

 

[diskdiddler]

Has anyone here managed to get OpenVPN working in a jail? I'd love to route ALL my jail internet traffic through a VPN to be honest.

 

[rumdr19]

Has anyone here managed to get OpenVPN working in a jail? I'd love to route ALL my jail internet traffic through a VPN to be honest.

There is a really good guide HERE. I've got mine working in a short period of time. I am really happy with it.