Hey guys, I am trying to setup an OpenVPN client within Freenas. This will be my backup server that I store at my parents house. I have my main server at my house and a pfsense firewall running an OpenVPN server. I want to be able to have my backup server stay connected to my house's PFsense Openvpn server. That way, i can move files between them and use that as a backup. I couldn't find a sort of walk through anywhere. New to Linux and trying to get things configured, any help or direction would be so much appreciated.
-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Setting up an OpenVPN client on FreeNAS, not server
- Thread starter xman111
- Start date
made a little progress. ssh into the box and just ran openVPN - - home.ovpn (my config file from pfsense). it looks like it starts, asks for my username and password. goes a little further and fatal errors about cannot create tun dynamically?
anyone able to help at all?
anyone able to help at all?
everytime I try, it gives different errors. freenas was simple to setup, and get some shares, but struggling on the more complicated stuff.
I didn't realize FreeBSD was different, I thought it was just a version of Linux. I am running pfsense too which I think is the same.
I didn't realize FreeBSD was different, I thought it was just a version of Linux. I am running pfsense too which I think is the same.
- Joined
- Aug 19, 2017
- Messages
- 1,556
pschatz100
Guru
- Joined
- Mar 30, 2014
- Messages
- 1,184
I think you need to be a little more patient when asking for advice. We try to help as much as we can, but not everybody can live on the forums 24/7.
That said, did you try searching for help? I did a quick internet search and found the following link: https://www.ovpn.com/en/guides/freenas. One issue with these instructions, however, is that they describe setting up a Warden jail - which has been end-of-lifed. You didn't say anything about what version of FreeNAS you are using, but if it is a recent one, I would suggest using an iocage jail. If you don't know how create and configure an iocage jail from the command line (don't use the FreeNAS GUI for this) now would be a great time to learn. It is not difficult.
I don't use OpenVPN on FreeNAS myself, so I can't comment on the information provided, but it looks pretty straightforward.
Also, I'm pretty certain OpenVPN has been discussed in the forums.
Good luck.
Thewiruz
Dabbler
- Joined
- Apr 8, 2012
- Messages
- 14
Maybe this is something?
https://www.ovpn.com/en/guides/freenas
You must be logged on to see some code
https://www.ovpn.com/en/guides/freenas
You must be logged on to see some code
I'm trying to do the exact same thing as OP and when you google "FreeNAS openvpn client" this is the FIRST thing to come up, so I read it, and garm's responses made me so mad I had to make an account just to post the *CORRECT* answer.
This is the first thing when you google it, so might as well have the freaking CORRECT answer in here.... and for F sake garm, NO the difference between BSD and linux is NOT important for *this* question, get off your high horse.
This was literally the most unhelpful response in all of the internet.
FreeNAS 11 has the openvpn client built in with the base install, don't make a jail, that sounds like a freaking nightmare for what you are actually trying to do.
To get the client to auto start simply move the ovpn config somewhere on the box and test it out with, if there are any errors don't forget to check the SERVER logs for hints as to why it's not working.
once you get this working go to Tasks -> Init/Shutdown Scripts and add a new startup command. Everything here needs to be absolute paths, so the command will look something like
and that trailing & is important because the openvpn command line client doesn't return once the VPN tunnel is established and will halt your boot process when the command executes.
This is the first thing when you google it, so might as well have the freaking CORRECT answer in here.... and for F sake garm, NO the difference between BSD and linux is NOT important for *this* question, get off your high horse.
This was literally the most unhelpful response in all of the internet.
FreeNAS 11 has the openvpn client built in with the base install, don't make a jail, that sounds like a freaking nightmare for what you are actually trying to do.
To get the client to auto start simply move the ovpn config somewhere on the box and test it out with, if there are any errors don't forget to check the SERVER logs for hints as to why it's not working.
Code:
openvpn --config your_config_file.ovpn
once you get this working go to Tasks -> Init/Shutdown Scripts and add a new startup command. Everything here needs to be absolute paths, so the command will look something like
Code:
/usr/local/sbin/openvpn --config /absolute/path/to/config.ovpn&
and that trailing & is important because the openvpn command line client doesn't return once the VPN tunnel is established and will halt your boot process when the command executes.
garm, common buddy, OP (and me) are making an off-site backup
The off-site backup is (almost always) going to be on a foreign network. Obviously you firewall the inbound/outbound connection through the VPN. But the box itself is not in your physical control (for the most part) and not your network. Setting up a jail does literally nothing if you are concerned about security AND you don't have physical control of the box.
OP's setup:
Main FreeNAS <-> pFsense router (VPN server) <-> internet <-> FreeNAS backup at parent's house
The only exposure of the main freenas server is through the VPN and firewall, the primary freenas box isn't being exposed to the internet. You make good firewall rules, you mildly trust the physical location you're putting the box, encrypt the drives, but you do need to watch out for your L33T H4x0rz parents.
The off-site backup is (almost always) going to be on a foreign network. Obviously you firewall the inbound/outbound connection through the VPN. But the box itself is not in your physical control (for the most part) and not your network. Setting up a jail does literally nothing if you are concerned about security AND you don't have physical control of the box.
OP's setup:
Main FreeNAS <-> pFsense router (VPN server) <-> internet <-> FreeNAS backup at parent's house
The only exposure of the main freenas server is through the VPN and firewall, the primary freenas box isn't being exposed to the internet. You make good firewall rules, you mildly trust the physical location you're putting the box, encrypt the drives, but you do need to watch out for your L33T H4x0rz parents.
MrKrok
Cadet
- Joined
- Sep 28, 2019
- Messages
- 3
I know this thread is a year old and the OP will already have a solution, but as I'm trying to do something similar and, like @badgarm also landed here via web search, I feel the need to add some thoughts:
I would definitely choose the jail route. I have several jails running (syncthing, OpenHAB etc. ) on my freenas box and the process to create an iocage jail in the new UI is not too complicated for me as a freebsd noob and linux user. Just take your time and read the docs ;-)
I choose jails not for security but for safety (read: to protect me from myself):
With a jail I don't mess with the system's configuration. If I did something dumb, I just destroy the jail, create a new one and start over.
Additionally, my jail's configuration is not in danger to be overwritten by a future FreeNAS upgrade. I don't know how likely this is for openvpn, but if I use it from a jail I don't need to worry about that.
just my 2 sats..
Markus
I would definitely choose the jail route. I have several jails running (syncthing, OpenHAB etc. ) on my freenas box and the process to create an iocage jail in the new UI is not too complicated for me as a freebsd noob and linux user. Just take your time and read the docs ;-)
I choose jails not for security but for safety (read: to protect me from myself):
With a jail I don't mess with the system's configuration. If I did something dumb, I just destroy the jail, create a new one and start over.
Additionally, my jail's configuration is not in danger to be overwritten by a future FreeNAS upgrade. I don't know how likely this is for openvpn, but if I use it from a jail I don't need to worry about that.
just my 2 sats..
Markus
Similar threads
