Setting up a DDNS client

[djdwosk97]

You're already root. You don't sudo

For lines 8, 10, and 11 what should the IP's be?
Should I replace the ip in line 8 with the internal IP of the server? The IP in line 11 with the IP of the openvpn jail? And line 10 with?

Code:

port 10011
proto udp
dev tun
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/openvpn-server.crt
key /mnt/openvpn/keys/openvpn-server.key
dh /mnt/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.0" #Yellow network
route 10.0.0.14 255.255.255.0 10.8.0.1 #Routes traffic from the Yellow network side (10.0.0.14/24)
                                       to the Purple network side (10.8.0.1/24)
#tls-auth /mnt/openvpn/keys/auth.key 0
#crl-verify /mnt/openvpn/keys/crl.pem
keepalive 10 120
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3

 

[djdwosk97]

No, jail root is where all the jails live, and each jail has a directory under that. In your case, the jail root would be /mnt/RAID1/jails, and when you create the openvpn jail, that directory will be created for you.

As to whether to add storage, it's not something that's required for the jail to work, but I believe the guide I linked to tells you to do so. Check back with it to be sure, though. Again, I have no experience with that guide, so I can't help much with that procedure.

You're already root. You don't sudo

Would it be worthwhile to just try and find a cheap network firewall and then doing what I had originally planned -- which was to simply virtualize a static IP through a DDNS client? and port forward to the server?

 

[pirateghost]

Would it be worthwhile to just try and find a cheap network firewall and then doing what I had originally planned -- which was to simply virtualize a static IP through a DDNS client?

I don't even know what you mean by virtualizing an IP...

 

[djdwosk97]

I don't even know what you mean by virtualizing an IP...

Using DDNS to keep track of the public IP and forward a domain to it.

 

[pirateghost]

Using DDNS to keep track of the public IP and forward a domain to it.

That's not virtualizing anything.

You can use the ddns built into FreeNAS if you like or on nearly any consumer router. What exactly is the issue here?

 

[ovizii]

You can use the ddns built into FreeNAS if you like or on nearly any consumer router. What exactly is the issue here?

I don't get it either, I gave him the link to his freenas DDNS admin panel and the link to the freenas guide where that is all explained. Just looks like he never read it...

 

[danb35]

which was to simply virtualize a static IP through a DDNS client?

I really have no idea what you're saying here. In any event, though, DNS is only one piece of being able to safely access your server from outside your LAN.

DNS is the service that matches hostnames (like forums.freenas.org) with IP addresses (like 64.62.136.54). Dynamic DNS is simply DNS that's configured in such a way that it can be easily updated with a new IP address for a given host. DNS (including dynamic DNS) doesn't virtualize anything, nor does it forward anything. It just creates a record that lists your host name (something like yourserver.no-ip.com) and gives its IP address. Thus, rather than needing to remember IP addresses, you can use hostnames. DNS isn't mandatory to use the Internet, but it makes things much more convenient. As @pirateghost mentions, most consumer routers can be configured to do dynamic DNS, or FreeNAS can do it instead.

The point I've been trying to make is that DNS is only a small piece of what you'll need to be able to remotely access your server in a secure way. OpenVPN and SSH tunneling have nothing to do with DNS--they're methods of securely accessing your server from outside your LAN.

 

[djdwosk97]

I don't get it either, I gave him the link to his freenas DDNS admin panel and the link to the freenas guide where that is all explained. Just looks like he never read it...

No, you linked a guide which really isn't all that helpful, I've found it and already read it, and it's really not that helpful. But that's okay, you can act like an asshole rather than being helpful, that's cool too.

I really have no idea what you're saying here. In any event, though, DNS is only one piece of being able to safely access your server from outside your LAN.

DNS is the service that matches hostnames (like forums.freenas.org) with IP addresses (like 64.62.136.54). Dynamic DNS is simply DNS that's configured in such a way that it can be easily updated with a new IP address for a given host. DNS (including dynamic DNS) doesn't virtualize anything, nor does it forward anything. It just creates a record that lists your host name (something like yourserver.no-ip.com) and gives its IP address. Thus, rather than needing to remember IP addresses, you can use hostnames. DNS isn't mandatory to use the Internet, but it makes things much more convenient. As @pirateghost mentions, most consumer routers can be configured to do dynamic DNS, or FreeNAS can do it instead.

The point I've been trying to make is that DNS is only a small piece of what you'll need to be able to remotely access your server in a secure way. OpenVPN and SSH tunneling have nothing to do with DNS--they're methods of securely accessing your server from outside your LAN.

Assuming your FreeNAS is behind your router, there are three basic methods that I know of to access services on it from outside your LAN:

• Set up port forwarding on your router to forward to the appropriate ports for whatever services you want to use
• Set up a VPN connection
• Use SSH tunneling

The first is terribly insecure--the entire Internet can see your services and hammer away at whatever authentication mechanism you have set up. If you use this option for anything other than SSH or OpenVPN, or perhaps to a well-hardened web server in a jail, expect @RussianMafia to pay you an electronic visit.
.....

It should be fairly obvious what I'm referring to seeing as only one of those three methods would even really benefit from the use of a firewall (technically any network would benefit from a firewall, just not to the same degree).

 

[danb35]

No, you linked a guide which really isn't all that helpful, I've found it and already read it, and it's really not that helpful. But that's okay, you can act like an asshole rather than being helpful, that's cool too.

The link that @ovizii provided describes exactly how to configure dynamic DNS on FreeNAS. It doesn't describe how to configure it on the provider's end, since that would be a subject for the dynamic DNS provider's documentation. If any part of it was unclear, you could ask about the part that was confusing you, but you haven't done that. He linked you to the manual, not a FAQ. There's no general need to set up a resource record. The bottom line, as far as I (and he, apparently) can see, is that he answered your question and you ignored it. It's entirely possible, though, that the question you asked wasn't really the question you meant.

It should be fairly obvious what I'm referring to seeing as only one of those three methods would even really benefit from the use of a firewall (technically any network would benefit from a firewall, just not to the same degree).

If you want what you're referring to to be obvious, describe it correctly. When you use word salad like "virtualize a static IP through a DDNS client," nobody understands what you're talking about, so we either (1) guess, likely incorrectly, or (2) ask WTF you mean.

Nobody here is trying to be mean for the sake of being mean. We're trying to help you the best we can, but you're not giving us much to work with. If you want to set up a hostname to point to your external, dynamic IP, register on one of the supported services (the ones listed in the drop-down in FreeNAS), and configure the DDNS service appropriately following the manual. If a part of that is unclear, ask specifically and with detail and someone can probably help you. Accessing your content is an orthogonal issue.

 

[djdwosk97]

Nobody here is trying to be mean for the sake of being mean. We're trying to help you the best we can, but you're not giving us much to work with. If you want to set up a hostname to point to your external, dynamic IP, register on one of the supported services (the ones listed in the drop-down in FreeNAS), and configure the DDNS service appropriately following the manual. If a part of that is unclear, ask specifically and with detail and someone can probably help you. Accessing your content is an orthogonal issue.

For lines 8, 10, and 11 what should the IP's be?
Should I replace the ip in line 8 with the internal IP of the server? The IP in line 11 with the IP of the openvpn jail? And line 10 with?

Code:

port 10011
proto udp
dev tun
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/openvpn-server.crt
key /mnt/openvpn/keys/openvpn-server.key
dh /mnt/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 10.0.0.0 255.255.255.0" #Yellow network
route 10.0.0.14 255.255.255.0 10.8.0.1 #Routes traffic from the Yellow network side (10.0.0.14/24)
                                       to the Purple network side (10.8.0.1/24)
#tls-auth /mnt/openvpn/keys/auth.key 0
#crl-verify /mnt/openvpn/keys/crl.pem
keepalive 10 120
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3

 

[danb35]

Questions about the OpenVPN configuration should be raised in that thread, if the other posts there don't answer them already.

 

[zoomzoom]

Well, in the process of getting DD-WRT on the router it looks like I bricked it since after 30+ minutes of waiting after updating the firmware it hadn't turned green, so I reset it and tried again....with no luck.

To unbrick the router, use a USB-TTL cable to flash the firmware via TFTP. You should be able to find the proper instructions for your router model on My Open Router's forum or DD-WRT's