Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Resource icon

TrueNAS and OpenVPN client configuration

Here is a short tutorial to configure the OpenVPN client on TrueNAS 12.0.

Prerequisite: an OpenVPN server running with a similar configuration:
Code:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote vpn.domain.org 1194 udp
lport 0
verify-x509-name "vpn.domain.org " name
auth-user-pass
remote-cert-tls server
comp-lzo adaptive

<ca>
-----BEGIN CERTIFICATE-----
MIIFgNGGD2bjNiJRSeJfugreDJkqhgh57w0BER8GFADBrMtMwEQYJYRRDEwuPcGVu
UW+LBmf6rq+7zqi4UH+f+zB566FOpEwwSjEGA1UETMBEAxMKT3BlblZQTi1DQTEL
...
9Iw5MNx9phXRlZjwMX0L3pteGKNUNJlmgQZSjI1ZNw7K3CZsIB47QFwalqkGFqGr
L0nObyspUxbcdqZVO/vbo3hFjNqVPjqkO4bP94G7D6w+W0ZHF6TXPmScvo2c9XVs
qnpyhawELAHtDy3keG1Hf/A+D6nTGMUb5+7E9Lw9WS+M1B6jrE
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIGGTCCBAGgIBgAwIBABqhkiG9TANBgkw0BABKJZMQsFADwEQYDIEAZEwcGpPVy
iSFcYvI0l24r3zcIF836KryNpb1FKFaYzFszG3bCVSIp9LwVDrz1irMahq/W43Zb
...
D3kash6QiMfbVoxts2TEGMw18tz3ptf5R9QuGAILlfdZbVC9i0hj2wZvIMXZ+MDu
zwjY8zVQnfyxT9gc2rYwZTx057ldXZRqds7H2znKzIDZC9iu+UrQzCmq+s/YXUjy
KyLQVgOUIT6n2vyGuikiOvUczf1S8E8MBZtrvhM=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQgkqhkiG9IBADANBgw0BAASCQEFACSwgkoAwggEAAQCAoIC71VfhS9wOaSNJ
DCBpBfPtUc6iMzeezb0Dld1TGNmbujIAqOdmcnikE87lnQXA+w1ZIwKouFx2b7zr
...
6IEehZNciHpOU8zGE1RSNH1mqQKT6t0pK7hjGhlbZRsHmE8tGy7aBQi9z38pkunR
M7Dird0Be9Ua6r90+lDczcggzwzHTZ==
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
31201c2093539a034a3549b8f109f7a0
...
c0224e25d9ed3d2b562e94bed507fcac
-----END OpenVPN Static key V1-----
</tls-auth>

I'm sure other configurations work as well, but I haven't tried... And I'm not that experienced with OpenVPN! :smile:

  1. In"System\CAs"
    • Add a new certificate
    • Give it a name (here VPN_CA) and select "Import CA" as type

    • Copy/paste the certificate from the configuration file
      The certificat can be found between the tags <ca> and </ca> of the OpenVPN config file
  2. In "System\Certificate"
    • Add a certificate
    • Give it a name (here VPN) and select "Import Certificate" as type
    • Copy and paste the certificate, it can be found in the OpenVPN config file between the tags <cert> and </cert>
    • Copy and paste the key between the tags <key> and </key> from the configuration file

    • So now we have a CA and a certificate for the VPN connexion as below
  3. In "Services\OpenVPN client" some configuration fields need to be filled based on the OpenVPN configuration
    • Get to the configuration of the service
    • Client certificate: select the certificat that has been configured in #2
    • Root CA: select the certificate that has been configured in #1
    • The rest of the parameters are found in the OpenVPN configuration file
    • In "Additional parameters" you can add options that are in the configuration files, like the TLS key for authentication or user login/password
  4. Start the service
    • Start the service (check automatically if needed)
    • Test if the connection is working using curl ifconfig.me in a terminal for example (it should give you the IP from the VPN connection and not from your "local" connection, turn the OpenVPN client service on and off to see the difference)
    • Logs of the OpenVPN client can be found in /var/log/messages and /var/log/daemon
Author
Pitfrr
Views
32,605
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from Pitfrr

Top