Installing OpenVPN broke my TrueNAS login

[jordanthompson]

I was reinstalling Open VPN following these instructions:

How to Configure OpenVPN on TrueNas 12 - Setup your own Home VPN - Part 1

I got to where the RC tuneables are created and then I rebooted my TrueNAS.

Now I cannot web into it (I get a white screen). I can ping and ssh to it, so I could undue my settings if I knew where to go.

 

[jordanthompson]

I was able to change the tunables from the command line with this method:
https://www.truenas.com/community/threads/how-to-disable-an-rc-conf-tunable-from-cli.39717/

 

[Samuel Tai]

Post in thread 'Fat fingered/bad tunable, lost web UI'
https://www.truenas.com/community/threads/fat-fingered-bad-tunable-lost-web-ui.102360/post-704174

 

[jordanthompson]

@Samuel Tai I am trying to get OpenVPN working following the instructions I mentioned earlier in this thread (which I had working following the same instructions at one point without doing anything with the firewall -- other than turning on "firewall_enable" -> "yes" in tunables -- before I added my 4-port GB NIC card).

1. With "firewall_enable" -> "yes"enabled:
   1. When on the same network:
      1. I am NOT able to http or https to trueNAS (this is a show-stopper)
      2. Plex does not work
      3. Curiously, I AM able to successfully connect with telnet on both 80 and 443
   2. When OpenVPN'ed in:
      1. I am able to http/https to trueNAS
      2. the IP addresses changes as to the router's outside IP address as expected
      3. I cannot ping by hostname (I can work around this with the hosts table)
2. With "firewall_enable" -> "yes" not enabled:
   1. When on the same network:
      1. Everything works fine
   2. When OpenVPN'ed in:
      1. I am able to http/https to trueNAS
      2. I don't change IP addresses (this is a show-stopper)
      3. I cannot ping by hostname (I can work around this with the hosts table)

So, my settings are:

(note that firewall_enable is not enabled in the above image)

I have the following Plex plugin settings (not sure if this is related, but it is curious that the jail is supposed to be using igb1 as show below, but it doesn't show up in the interface list above and does not show up in the list of connected devices -- on 10.13.0.118 as shown below -- on my router):
Edit: It is showing up on my router as I would expect - I had reserved it previously and it did not show up when I was looking for it

This has been driving me crazy all week and any help/suggestions anyone can offer would be most welcome!

 

[Samuel Tai]

Don't configure OpenVPN on TrueNAS. Configure it on your router.

 

[jordanthompson]

Well, that *sounds* like a good idea, but I have a Google Wifi Router and that is not going to work :-(
I had a OpenWRT router and additional access points, but I replaced them with the Google WiFi devices.

@Samuel Tai If it it is frowned on, why is the option even provided?

I am trying to install it on a Raspberry Pi, but I am running into other issues (it is an old installation and upgrading is a PITA). I am using it as a web server and I managed to break it and am re-installing it from an old image :-/

 

[Samuel Tai]

My understanding is the OpenVPN client/server configs are for server-to-server replication across untrusted networks. I don't believe it was intended for client access, although some folks have made it work by setting up TrueNAS in unorthodox ways that are brittle against upgrades.

 

[jordanthompson]

@Samuel Tai Are we OK with running OpenVPN in a jail?

 

[Patrick M. Hausen]

@Samuel Tai Are we OK with running OpenVPN in a jail?

I had that working some time ago - until I replaced my Fritzbox with OPNsense so I moved OpenVPN to the firewall. Then later replaced OpenVPN with WireGuard. But yes, it did work - routed subnet for OpenVPN clients and everything. I vaguely remembered some hack with an init task to enable tun(4) inside the jail. You will have to experiment with that.