How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT

[Scareh]

I have given up. I am running 9.3 FreeNAS. I have went though this tutorial about I don't know how many time. I always get the same error, which is:

Code:

Starting openvpn.
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn

I know some one asked this question and no one answered his question. So can some one please help me. I would be sooooooooo happy. Thanks

try and starting your openvpn service like this:

Code:

openvpn --config /mnt/openvpn/openvpn.conf

if you followed the guide, the config file is in that path (/mnt/openvpn/openvpn.conf) if not change the path.
You'll get a more detailed error message if you change the last line of your openvpn.conf from verbose 3 to verbose 5 or something.
Your errormessage as it is now is to generic to troubleshoot.

 

[Scareh]

After following the guide for the xx"th time, after pulling about half my hair, i'd figured comming over here:

first something to add to the guide: the "/mnt/openvpn/openvpn.conf" file needs to be adapted, more speficly in this line:

Code:

dh /mnt/openvpn/keys/dh2048.pem

that instead of the dh1024.pem

now my error:

Code:

root@openvpn:/ # openvpn --config /mnt/openvpn/openvpn.conf
Tue Jul 21 19:34:05 2015 us=894515 Current Parameter Settings:
Tue Jul 21 19:34:05 2015 us=894749   config = '/mnt/openvpn/openvpn.conf'
Tue Jul 21 19:34:05 2015 us=894756   mode = 1
Tue Jul 21 19:34:05 2015 us=894763   show_ciphers = DISABLED
Tue Jul 21 19:34:05 2015 us=894768   show_digests = DISABLED
Tue Jul 21 19:34:05 2015 us=894774   show_engines = DISABLED
Tue Jul 21 19:34:05 2015 us=894780   genkey = DISABLED
Tue Jul 21 19:34:05 2015 us=894786   key_pass_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894792   show_tls_ciphers = DISABLED
Tue Jul 21 19:34:05 2015 us=894798 Connection profiles [default]:
Tue Jul 21 19:34:05 2015 us=894804   proto = udp
Tue Jul 21 19:34:05 2015 us=894810   local = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894816   local_port = 10011
Tue Jul 21 19:34:05 2015 us=894822   remote = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894828   remote_port = 10011
Tue Jul 21 19:34:05 2015 us=894834   remote_float = DISABLED
Tue Jul 21 19:34:05 2015 us=894840   bind_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=894845   bind_local = ENABLED
Tue Jul 21 19:34:05 2015 us=894851   connect_retry_seconds = 5
Tue Jul 21 19:34:05 2015 us=894857   connect_timeout = 10
Tue Jul 21 19:34:05 2015 us=894863   connect_retry_max = 0
Tue Jul 21 19:34:05 2015 us=894869   socks_proxy_server = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894875   socks_proxy_port = 0
Tue Jul 21 19:34:05 2015 us=894881   socks_proxy_retry = DISABLED
Tue Jul 21 19:34:05 2015 us=894887   tun_mtu = 1500
Tue Jul 21 19:34:05 2015 us=894902   tun_mtu_defined = ENABLED
Tue Jul 21 19:34:05 2015 us=894909   link_mtu = 1500
Tue Jul 21 19:34:05 2015 us=894915   link_mtu_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=894921   tun_mtu_extra = 0
Tue Jul 21 19:34:05 2015 us=894927   tun_mtu_extra_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=894933   mtu_discover_type = -1
Tue Jul 21 19:34:05 2015 us=894939   fragment = 0
Tue Jul 21 19:34:05 2015 us=894945   mssfix = 1450
Tue Jul 21 19:34:05 2015 us=894951   explicit_exit_notification = 0
Tue Jul 21 19:34:05 2015 us=894957 Connection profiles END
Tue Jul 21 19:34:05 2015 us=894962   remote_random = DISABLED
Tue Jul 21 19:34:05 2015 us=894968   ipchange = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894974   dev = 'tun'
Tue Jul 21 19:34:05 2015 us=894980   dev_type = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894986   dev_node = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894992   lladdr = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=894998   topology = 1
Tue Jul 21 19:34:05 2015 us=895004   tun_ipv6 = DISABLED
Tue Jul 21 19:34:05 2015 us=895010   ifconfig_local = '10.8.0.1'
Tue Jul 21 19:34:05 2015 us=895016   ifconfig_remote_netmask = '10.8.0.2'
Tue Jul 21 19:34:05 2015 us=895040   ifconfig_noexec = DISABLED
Tue Jul 21 19:34:05 2015 us=895047   ifconfig_nowarn = DISABLED
Tue Jul 21 19:34:05 2015 us=895053   ifconfig_ipv6_local = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895059   ifconfig_ipv6_netbits = 0
Tue Jul 21 19:34:05 2015 us=895065   ifconfig_ipv6_remote = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895071   shaper = 0
Tue Jul 21 19:34:05 2015 us=895077   mtu_test = 0
Tue Jul 21 19:34:05 2015 us=895083   mlock = DISABLED
Tue Jul 21 19:34:05 2015 us=895089   keepalive_ping = 10
Tue Jul 21 19:34:05 2015 us=895095   keepalive_timeout = 120
Tue Jul 21 19:34:05 2015 us=895101   inactivity_timeout = 0
Tue Jul 21 19:34:05 2015 us=895114   ping_send_timeout = 10
Tue Jul 21 19:34:05 2015 us=895120   ping_rec_timeout = 240
Tue Jul 21 19:34:05 2015 us=895126   ping_rec_timeout_action = 2
Tue Jul 21 19:34:05 2015 us=895132   ping_timer_remote = DISABLED
Tue Jul 21 19:34:05 2015 us=895138   remap_sigusr1 = 0
Tue Jul 21 19:34:05 2015 us=895151   persist_tun = ENABLED
Tue Jul 21 19:34:05 2015 us=895158   persist_local_ip = DISABLED
Tue Jul 21 19:34:05 2015 us=895164   persist_remote_ip = DISABLED
Tue Jul 21 19:34:05 2015 us=895170   persist_key = ENABLED
Tue Jul 21 19:34:05 2015 us=895175   passtos = DISABLED
Tue Jul 21 19:34:05 2015 us=895181   resolve_retry_seconds = 1000000000
Tue Jul 21 19:34:05 2015 us=895188   username = 'nobody'
Tue Jul 21 19:34:05 2015 us=895193   groupname = 'nobody'
Tue Jul 21 19:34:05 2015 us=895199   chroot_dir = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895206   cd_dir = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895212   writepid = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895218   up_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895224   down_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895230   down_pre = DISABLED
Tue Jul 21 19:34:05 2015 us=895235   up_restart = DISABLED
Tue Jul 21 19:34:05 2015 us=895241   up_delay = DISABLED
Tue Jul 21 19:34:05 2015 us=895247   daemon = DISABLED
Tue Jul 21 19:34:05 2015 us=895253   inetd = 0
Tue Jul 21 19:34:05 2015 us=895259   log = DISABLED
Tue Jul 21 19:34:05 2015 us=895265   suppress_timestamps = DISABLED
Tue Jul 21 19:34:05 2015 us=895278   nice = 0
Tue Jul 21 19:34:05 2015 us=895285   verbosity = 10
Tue Jul 21 19:34:05 2015 us=895291   mute = 0
Tue Jul 21 19:34:05 2015 us=895297   gremlin = 0
Tue Jul 21 19:34:05 2015 us=895302   status_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895308   status_file_version = 1
Tue Jul 21 19:34:05 2015 us=895314   status_file_update_freq = 60
Tue Jul 21 19:34:05 2015 us=895320   occ = ENABLED
Tue Jul 21 19:34:05 2015 us=895326   rcvbuf = 65536
Tue Jul 21 19:34:05 2015 us=895332   sndbuf = 65536
Tue Jul 21 19:34:05 2015 us=895337   sockflags = 0
Tue Jul 21 19:34:05 2015 us=895343   fast_io = DISABLED
Tue Jul 21 19:34:05 2015 us=895349   lzo = 7
Tue Jul 21 19:34:05 2015 us=895355   route_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895361   route_default_gateway = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895367   route_default_metric = 0
Tue Jul 21 19:34:05 2015 us=895373   route_noexec = DISABLED
Tue Jul 21 19:34:05 2015 us=895378   route_delay = 0
Tue Jul 21 19:34:05 2015 us=895384   route_delay_window = 30
Tue Jul 21 19:34:05 2015 us=895390   route_delay_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=895404   route_nopull = DISABLED
Tue Jul 21 19:34:05 2015 us=895410   route_gateway_via_dhcp = DISABLED
Tue Jul 21 19:34:05 2015 us=895417   max_routes = 100
Tue Jul 21 19:34:05 2015 us=895423   allow_pull_fqdn = DISABLED
Tue Jul 21 19:34:05 2015 us=895429   route 192.168.0.180/255.255.255.0/10.8.0.1
Tue Jul 21 19:34:05 2015 us=895436   route 10.8.0.0/255.255.255.0/nil/nil
Tue Jul 21 19:34:05 2015 us=895442   management_addr = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895448   management_port = 0
Tue Jul 21 19:34:05 2015 us=895454   management_user_pass = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895460   management_log_history_cache = 250
Tue Jul 21 19:34:05 2015 us=895466   management_echo_buffer_size = 100
Tue Jul 21 19:34:05 2015 us=895472   management_write_peer_info_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895478   management_client_user = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895484   management_client_group = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895490   management_flags = 0
Tue Jul 21 19:34:05 2015 us=895496   shared_secret_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895501   key_direction = 0
Tue Jul 21 19:34:05 2015 us=895507   ciphername_defined = ENABLED
Tue Jul 21 19:34:05 2015 us=895513   ciphername = 'BF-CBC'
Tue Jul 21 19:34:05 2015 us=895526   authname_defined = ENABLED
Tue Jul 21 19:34:05 2015 us=895533   authname = 'SHA1'
Tue Jul 21 19:34:05 2015 us=895540   prng_hash = 'SHA1'
Tue Jul 21 19:34:05 2015 us=895546   prng_nonce_secret_len = 16
Tue Jul 21 19:34:05 2015 us=895551   keysize = 0
Tue Jul 21 19:34:05 2015 us=895557   engine = DISABLED
Tue Jul 21 19:34:05 2015 us=895563   replay = ENABLED
Tue Jul 21 19:34:05 2015 us=895569   mute_replay_warnings = DISABLED
Tue Jul 21 19:34:05 2015 us=895575   replay_window = 64
Tue Jul 21 19:34:05 2015 us=895581   replay_time = 15
Tue Jul 21 19:34:05 2015 us=895587   packet_id_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895593   use_iv = ENABLED
Tue Jul 21 19:34:05 2015 us=895599   test_crypto = DISABLED
Tue Jul 21 19:34:05 2015 us=895605   tls_server = ENABLED
Tue Jul 21 19:34:05 2015 us=895611   tls_client = DISABLED
Tue Jul 21 19:34:05 2015 us=895616   key_method = 2
Tue Jul 21 19:34:05 2015 us=895622   ca_file = '/mnt/openvpn/keys/ca.crt'
Tue Jul 21 19:34:05 2015 us=895628   ca_path = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895634   dh_file = '/mnt/openvpn/keys/dh2048.pem'
Tue Jul 21 19:34:05 2015 us=895640   cert_file = '/mnt/openvpn/keys/openvpn-server.crt'
Tue Jul 21 19:34:05 2015 us=895661   priv_key_file = '/mnt/openvpn/keys/openvpn-server.key'
Tue Jul 21 19:34:05 2015 us=895668   pkcs12_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895674   cipher_list = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895680   tls_verify = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895686   tls_export_cert = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895692   verify_x509_type = 0
Tue Jul 21 19:34:05 2015 us=895698   verify_x509_name = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895704   crl_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895709   ns_cert_type = 0
Tue Jul 21 19:34:05 2015 us=895715   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895721   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895727   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895733   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895738   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895744   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895750   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895756   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895761   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895774   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895782   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895787   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895793   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895799   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895805   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895811   remote_cert_ku = 0
Tue Jul 21 19:34:05 2015 us=895816   remote_cert_eku = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895822   ssl_flags = 0
Tue Jul 21 19:34:05 2015 us=895828   tls_timeout = 2
Tue Jul 21 19:34:05 2015 us=895834   renegotiate_bytes = 0
Tue Jul 21 19:34:05 2015 us=895840   renegotiate_packets = 0
Tue Jul 21 19:34:05 2015 us=895846   renegotiate_seconds = 3600
Tue Jul 21 19:34:05 2015 us=895852   handshake_window = 60
Tue Jul 21 19:34:05 2015 us=895858   transition_window = 3600
Tue Jul 21 19:34:05 2015 us=895863   single_session = DISABLED
Tue Jul 21 19:34:05 2015 us=895869   push_peer_info = DISABLED
Tue Jul 21 19:34:05 2015 us=895875   tls_exit = DISABLED
Tue Jul 21 19:34:05 2015 us=895881   tls_auth_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=895888   server_network = 10.8.0.0
Tue Jul 21 19:34:05 2015 us=895903   server_netmask = 255.255.255.0
Tue Jul 21 19:34:05 2015 us=895912   server_network_ipv6 = ::
Tue Jul 21 19:34:05 2015 us=895918   server_netbits_ipv6 = 0
Tue Jul 21 19:34:05 2015 us=895925   server_bridge_ip = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=895932   server_bridge_netmask = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=895939   server_bridge_pool_start = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=895945   server_bridge_pool_end = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=895951   push_entry = 'route 192.168.0.0 255.255.255.0'
Tue Jul 21 19:34:05 2015 us=895958   push_entry = 'route 10.8.0.1'
Tue Jul 21 19:34:05 2015 us=895963   push_entry = 'topology net30'
Tue Jul 21 19:34:05 2015 us=895969   push_entry = 'ping 10'
Tue Jul 21 19:34:05 2015 us=895975   push_entry = 'ping-restart 120'
Tue Jul 21 19:34:05 2015 us=895981   ifconfig_pool_defined = ENABLED
Tue Jul 21 19:34:05 2015 us=895988   ifconfig_pool_start = 10.8.0.4
Tue Jul 21 19:34:05 2015 us=895995   ifconfig_pool_end = 10.8.0.251
Tue Jul 21 19:34:05 2015 us=896002   ifconfig_pool_netmask = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=896008   ifconfig_pool_persist_filename = 'ipp.txt'
Tue Jul 21 19:34:05 2015 us=896014   ifconfig_pool_persist_refresh_freq = 600
Tue Jul 21 19:34:05 2015 us=896027   ifconfig_ipv6_pool_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=896034   ifconfig_ipv6_pool_base = ::
Tue Jul 21 19:34:05 2015 us=896040   ifconfig_ipv6_pool_netbits = 0
Tue Jul 21 19:34:05 2015 us=896046   n_bcast_buf = 256
Tue Jul 21 19:34:05 2015 us=896052   tcp_queue_limit = 64
Tue Jul 21 19:34:05 2015 us=896058   real_hash_size = 256
Tue Jul 21 19:34:05 2015 us=896064   virtual_hash_size = 256
Tue Jul 21 19:34:05 2015 us=896070   client_connect_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896076   learn_address_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896082   client_disconnect_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896088   client_config_dir = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896094   ccd_exclusive = DISABLED
Tue Jul 21 19:34:05 2015 us=896100   tmp_dir = '/tmp'
Tue Jul 21 19:34:05 2015 us=896111   push_ifconfig_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=896119   push_ifconfig_local = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=896126   push_ifconfig_remote_netmask = 0.0.0.0
Tue Jul 21 19:34:05 2015 us=896132   push_ifconfig_ipv6_defined = DISABLED
Tue Jul 21 19:34:05 2015 us=896139   push_ifconfig_ipv6_local = ::/0
Tue Jul 21 19:34:05 2015 us=896160   push_ifconfig_ipv6_remote = ::
Tue Jul 21 19:34:05 2015 us=896167   enable_c2c = DISABLED
Tue Jul 21 19:34:05 2015 us=896173   duplicate_cn = DISABLED
Tue Jul 21 19:34:05 2015 us=896179   cf_max = 0
Tue Jul 21 19:34:05 2015 us=896185   cf_per = 0
Tue Jul 21 19:34:05 2015 us=896191   max_clients = 1024
Tue Jul 21 19:34:05 2015 us=896197   max_routes_per_client = 256
Tue Jul 21 19:34:05 2015 us=896203   auth_user_pass_verify_script = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896209   auth_user_pass_verify_script_via_file = DISABLED
Tue Jul 21 19:34:05 2015 us=896215   port_share_host = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896221   port_share_port = 0
Tue Jul 21 19:34:05 2015 us=896227   client = DISABLED
Tue Jul 21 19:34:05 2015 us=896233   pull = DISABLED
Tue Jul 21 19:34:05 2015 us=896239   auth_user_pass_file = '[UNDEF]'
Tue Jul 21 19:34:05 2015 us=896249 OpenVPN 2.3.7 amd64-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jul  9 2015
Tue Jul 21 19:34:05 2015 us=896259 library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.09
Tue Jul 21 19:34:05 2015 us=909446 Diffie-Hellman initialized with 2048 bit key
Tue Jul 21 19:34:05 2015 us=909806 PRNG init md=SHA1 size=36
Tue Jul 21 19:34:05 2015 us=909824 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes
Tue Jul 21 19:34:05 2015 us=909833 MTU DYNAMIC mtu=0, flags=1, 0 -> 138
Tue Jul 21 19:34:05 2015 us=909841 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0ET:0 EL:3 ]
Tue Jul 21 19:34:05 2015 us=909848 MTU DYNAMIC mtu=1450, flags=2, 1542 -> 1450
Tue Jul 21 19:34:05 2015 us=909864 Socket Buffers: R=[42080->65536] S=[9216->65536]
Tue Jul 21 19:34:05 2015 us=909907 ROUTE_GATEWAY 192.168.0.1
Tue Jul 21 19:34:05 2015 us=909964 TUN/TAP device /dev/tun0 opened
Tue Jul 21 19:34:05 2015 us=909977 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv 6_setup=0
Tue Jul 21 19:34:05 2015 us=909995 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.255 up
Tue Jul 21 19:34:05 2015 us=911374 /sbin/route add -net 192.168.0.180 10.8.0.1 255.255.255.0
route: writing to routing socket: File exists
add net 192.168.0.180: gateway 10.8.0.1 fib 0: route already in table
Tue Jul 21 19:34:05 2015 us=912276 ERROR: FreeBSD route add command failed: external program exited with error status: 1
Tue Jul 21 19:34:05 2015 us=912312 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
Tue Jul 21 19:34:05 2015 us=913149 Data Channel MTU parms [ L:1542 D:1450 EF:42EB:143 ET:0 EL:3 AF:3/1 ]
Tue Jul 21 19:34:05 2015 us=913736 GID set to nobody
Tue Jul 21 19:34:05 2015 us=913751 UID set to nobody
Tue Jul 21 19:34:05 2015 us=913761 UDPv4 link local (bound): [undef]
Tue Jul 21 19:34:05 2015 us=913767 UDPv4 link remote: [undef]
Tue Jul 21 19:34:05 2015 us=913779 MULTI: multi_init called, r=256 v=256
Tue Jul 21 19:34:05 2015 us=913810 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Tue Jul 21 19:34:05 2015 us=913822 IFCONFIG POOL LIST
Tue Jul 21 19:34:05 2015 us=913834 PO_INIT maxevents=4 flags=0x00000002
Tue Jul 21 19:34:05 2015 us=913850 Initialization Sequence Completed
Tue Jul 21 19:34:05 2015 us=913856 SCHEDULE: schedule_find_least NULL
Tue Jul 21 19:34:05 2015 us=913864 PO_CTL rwflags=0x0001 ev=5 arg=0x00692618
Tue Jul 21 19:34:05 2015 us=913870 PO_CTL rwflags=0x0001 ev=6 arg=0x00691468
Tue Jul 21 19:34:05 2015 us=913880 I/O WAIT TR|Tw|SR|Sw [10/0]
^CTue Jul 21 19:34:08 2015 us=395590  event_wait returned -1
Tue Jul 21 19:34:08 2015 us=395632 event_wait : Interrupted system call (code=4)
Tue Jul 21 19:34:08 2015 us=395642 I/O WAIT status=0x0010
Tue Jul 21 19:34:08 2015 us=395697 MULTI: REAP range 0 -> 256
Tue Jul 21 19:34:08 2015 us=395829 TCP/UDP: Closing socket
Tue Jul 21 19:34:08 2015 us=395869 /sbin/route delete -net 10.8.0.0 10.8.0.2 255.255.255.0
route: must be root to alter routing table
Tue Jul 21 19:34:08 2015 us=396949 ERROR: FreeBSD route delete command failed: external program exited with error status: 77
Tue Jul 21 19:34:08 2015 us=396975 Closing TUN/TAP interface
Tue Jul 21 19:34:08 2015 us=397009 /sbin/ifconfig tun0 destroy
ifconfig: SIOCIFDESTROY: Operation not permitted
Tue Jul 21 19:34:08 2015 us=398277 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1
Tue Jul 21 19:34:08 2015 us=398312 PID packet_id_free
Tue Jul 21 19:34:08 2015 us=398333 SIGINT[hard,] received, process exiting

some additional info:

192.168.0.180 is the jail's ip
10.8.0.0 is the other side of the jail's entrance



so in short, i don't manage to start the openvpn service.
some extra info:

ifconfig:

Code:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair5b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:65:2a:00:13:0b
        inet 192.168.0.180 netmask 0xffffff00 broadcast 192.168.0.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffffff
        nd6 options=9<PERFORMNUD,IFDISABLED>

ipfw list:

Code:

root@openvpn:/ # ipfw list
00100 nat 1 ip from 10.8.0.0/24 to any out via epair5b
00200 nat 1 ip from any to any in via epair5b
65535 allow ip from any to any

openvpn.conf

Code:

port 10011
proto udp
dev tun
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/openvpn-server.crt
key /mnt/openvpn/keys/openvpn-server.key
dh /mnt/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0" #Yellow network
route 192.168.0.180 255.255.255.0 10.8.0.1
#tls-auth /mnt/openvpn/keys/auth.key 0
#crl-verify /mnt/openvpn/keys/crl.pem
keepalive 10 120
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 10

scratch all that, after a server reboot it all off a sudden magically worked. Consider me confusseled..
Only thing not working is the actual routing between the jail and the rest of the network. As in i get a 10.8.X.X address, can ping the jail's ip, but nothing else from inside my lan network.
Guess i'm going to look after that now ;-)

 

[navleen]

try and starting your openvpn service like this:

Code:

openvpn --config /mnt/openvpn/openvpn.conf

if you followed the guide, the config file is in that path (/mnt/openvpn/openvpn.conf) if not change the path.
You'll get a more detailed error message if you change the last line of your openvpn.conf from verbose 3 to verbose 5 or something.
Your errormessage as it is now is to generic to troubleshoot.

I LOVE YOU SO MUCH IT WORKED THANK YOU.

 

[JJT211]

scratch all that, after a server reboot it all off a sudden magically worked. Consider me confusseled..
Only thing not working is the actual routing between the jail and the rest of the network. As in i get a 10.8.X.X address, can ping the jail's ip, but nothing else from inside my lan network.
Guess i'm going to look after that now ;-)

Read a few pages back (8 or 9 i think), I and many others got stuck at this part for a while

 

[robles]

I added the following lines of code to the bottom of /usr/local/etc/ipfw.rules

Code:

TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0

Now when the service (re)starts, the static route always uses the correct epair and there is always always a tun0.

Just updated the guide with my epair script and this, thanks!

 

[nanopete]

Just updated the guide with my epair script and this, thanks!

Working great

 

[ResentedPoet]

Hi,

I followed the instructions and have OpenVPN working (or, at least it says connected, lol). Anyways, the main reason I did this was to be able to access my home automation server, Domoticz on my local network. I set up the IP Range of the VPN to be 10.8.0.* and the local IP range I would like it to access (items connected to my router) is 192.168.86.*

Could someone please explain to me how I would do this?

Thanks,

 

[SnorreSelmer]

Confirmed working! Just set this up today and after spotting a minor flaw in my server config file (the DH path was on the same line as the KEY path) everything works great! Setting up the client-side .ovpn file (for my phone) took a few tries but that has also been sorted out now.

 

[robles]

Hi,

I followed the instructions and have OpenVPN working (or, at least it says connected, lol). Anyways, the main reason I did this was to be able to access my home automation server, Domoticz on my local network. I set up the IP Range of the VPN to be 10.8.0.* and the local IP range I would like it to access (items connected to my router) is 192.168.86.*

Could someone please explain to me how I would do this?

Thanks,

The next line in the configuration tells the remote client about the yellow network, in your case 192.168.86.0/24

Code:

push "route 10.0.0.0 255.255.255.0" #Yellow network

Replace this line with your network and you'll be able to talk to your local clients. Also remember to edit line 11 to suit your network.

Confirmed working! Just set this up today and after spotting a minor flaw in my server config file (the DH path was on the same line as the KEY path) everything works great! Setting up the client-side .ovpn file (for my phone) took a few tries but that has also been sorted out now.

This is a problem with the forum's formatting, I still don't know how to avoid this as it seems it depends on the client browser's width. I've added a comment to the tutorial to avoid mindless copy-and-pasting.

 

[nightshade00013]

Thank you very much, I have another reason to love FreeNAS even more. Tried multiple times to get DDwrt to do this and work. After a little tweaking and a restart or two this is up and running.

 

[Jason D Giancono]

I hope this helps reduce the time it took me to originally figure out how to do everything without messing with static routes in the gateway router, firewall configurations and NAT issues.

I've been trying to get this setup working for ages, but only just managed to connect to other devices on my LAN after adding 10.8.0.0 255.255.255.0 10.1.1.3 as a static route in my gateway (which is my internet modem/router). Where abouts have I messed up if this was supposed to work without adding a static route to the gateway.

 

[robles]

I've been trying to get this setup working for ages, but only just managed to connect to other devices on my LAN after adding 10.8.0.0 255.255.255.0 10.1.1.3 as a static route in my gateway (which is my internet modem/router). Where abouts have I messed up if this was supposed to work without adding a static route to the gateway.

It seems like OpenVPN is working but your jail isn't doing any NAT translation.

NAT provides an address inside the yellow network in which every device inside it can talk to each other, so you don't have to create a static route in your router and perform inter-lan routing. Check your ipfw.rules file and compare your output from ipfw list with the tutorial.

 

[Nirmal]

I am able to connect to the VPN, but cant ping anything on the other side. I get assigned a IP address 10.8.0.6. My jail is 192.168.1.4 and "yellow" network is 192.168.1.0 255.255.255.0

Here is my openvpn.conf file...

port 10011
proto udp
dev tun
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/openvpn-server.crt #Server key created previously
key /mnt/openvpn/keys/openvpn-server.key
dh /mnt/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
route 192.168.1.4 255.255.255.0 10.8.0.1
#tls-auth /mnt/openvpn/keys/auth.key 0
#crl-verify /mnt/openvpn/keys/crl.pem
keepalive 10 120
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3

This is my ipfw.rules file...

#!/bin/sh

EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}

TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0


I am not sure what I am doing wrong, because the "ipfw list" and "sockstat -4 -l" commands results are like the tutorial. But cannot ping anything.

I have been pulling my hair out! can someone help?

 

[roblorduk]

I am able to connect to the VPN, but cant ping anything on the other side. I get assigned a IP address 10.8.0.6. My jail is 192.168.1.4 and "yellow" network is 192.168.1.0 255.255.255.0

Here is my openvpn.conf file...

port 10011
proto udp
dev tun
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/openvpn-server.crt #Server key created previously
key /mnt/openvpn/keys/openvpn-server.key
dh /mnt/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
route 192.168.1.4 255.255.255.0 10.8.0.1
#tls-auth /mnt/openvpn/keys/auth.key 0
#crl-verify /mnt/openvpn/keys/crl.pem
keepalive 10 120
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3

This is my ipfw.rules file...

#!/bin/sh

EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}

TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0


I am not sure what I am doing wrong, because the "ipfw list" and "sockstat -4 -l" commands results are like the tutorial. But cannot ping anything.

I have been pulling my hair out! can someone help?

Are you normally able to ping things, also what is the local network that you are on before connecting to your VPN, is there an overlap? A lot of places use 192.168.1.0/24. Might be worth using a different subnet on your home/remote LAN.

 

[roblorduk]

Many thanks for this guide, I had a bit of an issue with getting bash to work. I was getting these errors: -

root@OpenVPN:/ # cd /usr/local/share/easy-rsa/

root@OpenVPN:/usr/local/share/easy-rsa # source ./vars

export: Command not found.

export: Command not found.

export: Command not found.

export: Command not found.

EASY_RSA: Undefined variable.

export: Command not found.

EASY_RSA: Undefined variable.

I had to run the below from outside the jail whilst it was off. Afterwards I could use bash.

mount -t fdescfs fdesc /mnt/NFS-FREENAS01/jails/OpenVPN/dev/fd

 

[Nirmal]

Are you normally able to ping things, also what is the local network that you are on before connecting to your VPN, is there an overlap? A lot of places use 192.168.1.0/24. Might be worth using a different subnet on your home/remote LAN.

Thanks for the reply. I am usually able to ping everything when I am on the local network. My local network is 192.168.1.x, subnet mask 255.255.255.0 and router 192.168.1.1. Not sure what I am doing wrong. I cannot change the subnet for home/work because it affects other systems. What else can I do to troubleshoot?

 

[jspcto]

Followed the guide but the openvpn service doesn't seem to start properly. I'm getting a "WARNING: failed to start openvpn" message. Also notice that sockstat doesn't list port 443 as expected. Can anyone think of any reasons why this could be happening?

UPDATE 11/17/15: Well, I tried removing and re-installing OpenVPN and re-creating all the keys/configs per the guide, but... I'm getting the same behavior. Running sockstat still doesn't list port 443 (see output below). I am new to FreeNAS and OpenVPN, but I think I've followed the steps verbatim. Any help would be appreciated on helping to troubleshoot this.

Code:

login as: admin
admin@192.168.1.200's password:
Last login: Mon Nov 16 23:25:12 2015 from 192.168.1.108
FreeBSD 9.3-RELEASE-p28 (FREENAS.amd64) #0 r288272+a23e16d: Wed Nov  4 00:20:46                  PST 2015

        FreeNAS (c) 2009-2015, The FreeNAS Development Team
        All rights reserved.
        FreeNAS is released under the modified BSD license.

        For more information, documentation, help or support, go here:
        http://freenas.org
Welcome to FreeNAS
admin@freenas:~ % jls
   JID  IP Address      Hostname                      Path
     1  -               OpenVPN                       /mnt/vol1/Jails/OpenVPN
     2  -               Plex                          /mnt/vol1/Jails/Plex
     3  -               VirtualBox                    /mnt/vol1/Jails/VirtualBox
admin@freenas:~ % sudo jexec 1 bash
Password:
[root@OpenVPN /]# ipfw list
00100 nat 1 ip from 10.8.0.0/24 to any out via epair0b
00200 nat 1 ip from any to any in via epair0b
65535 allow ip from any to any
[root@OpenVPN /]# sockstat -4 -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
root     syslogd    4839  7  udp4   *:514                 *:*
[root@OpenVPN /]# service openvpn start
Starting openvpn.
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn
[root@OpenVPN /]#

 

[adrianwi]

I've posted this a few times in this thread, but whenever I've rebuilt this jail and got frustrated that it wasn't working, a server reboot miraculously solved things. Have you tried this?

 

[jspcto]

I've posted this a few times in this thread, but whenever I've rebuilt this jail and got frustrated that it wasn't working, a server reboot miraculously solved things. Have you tried this?

Thanks for the feedback. I was able to troubleshoot the issue by changing the verbosity level to 5 in the config file. As it turned out, my copy-paste operation from this thread caused a "wrap" in the config file that inserted an additional line in the code that wasn't supposed to be there. After fixing that and restarting the FreeNAS server, it seems to be working correctly.

Thanks for the support and thanks to @robles for the excellent guide!

 

[Nirmal]

for some reason the first restart didnt fix it. But I restarted the server yesterday, and voila! It started working.

Thank you for all your help!