Any OpenVPN guides for FreeNAS 9.1.1?

[prod]

Want to add OpenVPN to my FreeNAS 9.1.1 Server as was wondering if there is any Noob step by step instructions out there?

 

[Whattteva]

This is kind of old, but it should still apply.

OpenVPN is already installed by default on FreeNAS. All you have to do is do minor configuration file changes here and there, really.

Let me know if you need any help.

 

[prod]

oh wow that's great news, is there any documentation on how to config it? I just found wiki and its empty http://doc.freenas.org/index.php/OpenVPN

 

[Whattteva]

It should be in that link in my previous post. Click the word "This" in the first sentence.

 

[prod]

oh thank you didnt see the link :)

 

[HNLRoscoe]

Hi,

Please excuse me if this question is dumb, but I'm still pretty new with operating in a *Nix environment: The Joe Paetzel guide you linked references this guide as a way to set up RSA certificates and OpenVPN conf files. It says that OpenVPN's default install is /usr/local/share/doc/openvpn and that the server.conf file should be there. I don't even have a /doc directory in /usr/local/share, and I can't find my server.conf file for the life of me, because the find, locate, and whereis commands don't seem to be working properly.

Is there something that I'm missing here?

 

[Whattteva]

My fault, I forgot that's pretty old and a bit outdated.

Try this one: http://openvpn.net/index.php/open-source/documentation/howto.html

 

[ShinobiX9X]

Hi,

Please excuse me if this question is dumb, but I'm still pretty new with operating in a *Nix environment: The Joe Paetzel guide you linked references this guide as a way to set up RSA certificates and OpenVPN conf files. It says that OpenVPN's default install is /usr/local/share/doc/openvpn and that the server.conf file should be there. I don't even have a /doc directory in /usr/local/share, and I can't find my server.conf file for the life of me, because the find, locate, and whereis commands don't seem to be working properly.

Is there something that I'm missing here?

I did this in freenas 8.3. in the comments of joe paetzel's guide you'll find:

​

1​

​

0​

​

​

Rate This​

ok…so this i a hack, but here is a link to the standard stuff from /usr/local/share/doc/openvpn/
http://joepaetzel.files.wordpress.com/2012/09/openvpn.jpg
Download that, change the extension to .tar, then uncompress it. Copy it to your FreeNas box however you want. I just copied it to a share on the FreeNas box then moved it from there.
Hope that helps.
So it seems the openvpn files aren't in 9.1 after all?

 

[ShinobiX9X]

in FreeNAS 9.1.1 i found easy-rsa there: /usr/local/share/easy-rsa

 

[DeliveryGuy]

I finally finished an updated OpenVPN writeup. Hopefully it is clearer than my previous one.
http://joepaetzel.wordpress.com/2013/09/22/openvpn-on-freenas-9-1/

 

[ShinobiX9X]

Hi Deliveryguy,

Thank you again for giving me OpenVPN :D.
The new guide is ery nice

 

[DeliveryGuy]

Hi Deliveryguy,

Thank you again for giving me OpenVPN :D.
The new guide is ery nice

You're welcome. I'm glad you like the new guide. Some day brother Josh will get around to adding OpenVPN to the gui and the guide won't be needed. Not sure when that will happen though.

 

[petterrabbit]

I finally finished an updated OpenVPN writeup. Hopefully it is clearer than my previous one.
http://joepaetzel.wordpress.com/2013/09/22/openvpn-on-freenas-9-1/

thanks man! this is amazing

 

[DeliveryGuy]

thanks man! this is amazing

Thanks. I appreciate the positive feedback.

 

[enemy85]

Hi,
I'm trying to set up openvpn on my freenas box and I did all what is described in this link (GREAT guide,btw), but when i try to access my box using openvpn client from my pc, it ends up with this message:

Code:

"Wed Nov 27 19:49:04 2013 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Wed Nov 27 19:49:04 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Nov 27 19:49:04 2013 Need hold release from management interface, waiting...
Wed Nov 27 19:49:05 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Nov 27 19:49:05 2013 MANAGEMENT: CMD 'state on'
Wed Nov 27 19:49:05 2013 MANAGEMENT: CMD 'log all on'
Wed Nov 27 19:49:05 2013 MANAGEMENT: CMD 'hold off'
Wed Nov 27 19:49:05 2013 MANAGEMENT: CMD 'hold release'
Wed Nov 27 19:49:05 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Nov 27 19:49:05 2013 MANAGEMENT: >STATE:1385578145,RESOLVE,,,
Wed Nov 27 19:49:05 2013 RESOLVE: Cannot resolve host address: https://xxxxxxxxxxxx.no-ip.org: Il nome richiesto è valido, non sono stati trovati dati del tipo richiesto. "

does anybody can help me to make this working?
does openvpn service supports HTTPS and DDNS?
thanks

EDIT

Solved, i just need to put the remote web address without any "https://" but just the address itself... great!

but now that i'm connected using the openvpn client...how does it works???

 

[ShinobiX9X]

you manually need to connect to the ip adress of the nas as if you were inside the lan

 

[enemy85]

you manually need to connect to the ip adress of the nas as if you were inside the lan

It's what i tried to do...but it doesn't work! where I'm going wrong???

 

[enemy85]

well, i cannot figure it out on my own, so i'll try to describe u my situation in order to get some help...
my situation:

i have a freenas box running in my office, the nas is behind a router with 192.168.1.1 ip and the nas ip it's 192.168.1.73
the office doesn't have a static ip but a dynamic one given by the ISP.
i have set the router and the freenas box with DDNS service with a no-ip.org and everything works good (I'm able to connect to the nas from outside my lan)
I installed OPENVPN on my freenas box as described in the guide, and setted the OPENVPN.CONF file on the nas as described below

Code:

# Sample OpenVPN 2.0 config file for
# multi-client server.
 
#replace x.x.x.x with freenas ip
local 192.168.1.73
port 1194
proto udp
dev tun
#change the paths and filenames below to match what you did
ca /mnt/path_on_my_nas/openvpn/keys/ca.crt
cert /mnt/path_on_my_nas/openvpn/keys/server.crt
key /mnt/path_on_my_nas/openvpn/keys/server.key
dh /mnt/path_on_my_nas/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#change x.x.x.x to match your network ip range
#ie 192.168.0.0 or 10.0.0.0
push “route 192.168.1.1 255.255.255.0″
#replace x.x.x.x with freenas ip
route 192.168.1.73 255.255.255.0 10.8.0.1
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

while the client file on my laptop is

Code:

# Sample client-side OpenVPN 2.0 config file #
client
dev tun
proto udp
#change remote to your static ip
#or domain name for your freenas server
my_ddns_address.no-ip.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /Path_on_my_laptop/ca.crt
cert /Path_on_my_laptop/laptop.crt
key /Path_on_my_laptop/laptop.key
ns-cert-type server
comp-lzo

when i connect through the OPENVPN GUI i get:

Code:

Thu Nov 28 20:57:23 2013 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Thu Nov 28 20:57:23 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Nov 28 20:57:23 2013 Need hold release from management interface, waiting...
Thu Nov 28 20:57:24 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Nov 28 20:57:24 2013 MANAGEMENT: CMD 'state on'
Thu Nov 28 20:57:24 2013 MANAGEMENT: CMD 'log all on'
Thu Nov 28 20:57:24 2013 MANAGEMENT: CMD 'hold off'
Thu Nov 28 20:57:24 2013 MANAGEMENT: CMD 'hold release'
Thu Nov 28 20:57:24 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 28 20:57:24 2013 MANAGEMENT: >STATE:1385668644,RESOLVE,,,
Thu Nov 28 20:57:25 2013 UDPv4 link local: [undef]
Thu Nov 28 20:57:25 2013 UDPv4 link remote: [AF_INET]95.247.239.194:1194
Thu Nov 28 20:57:25 2013 MANAGEMENT: >STATE:1385668645,WAIT,,,
Thu Nov 28 20:57:25 2013 MANAGEMENT: >STATE:1385668645,AUTH,,,
Thu Nov 28 20:57:25 2013 TLS: Initial packet from [AF_INET]95.247.239.194:1194, sid=b834cbbc 510c69c7
Thu Nov 28 20:57:26 2013 VERIFY OK: depth=1, C=IT, ST=XX, L=xxxxxx, O=xxxxxx, OU=xxxxx, CN=xxxxxx, name=xxxxxx, emailAddress=xxxxxxxx@hotmail.it
Thu Nov 28 20:57:26 2013 VERIFY OK: nsCertType=SERVER
Thu Nov 28 20:57:26 2013 VERIFY OK: depth=0, C=IT, ST=XX, L=xxxxxx, O=xxxxxx, OU=xxxxx, CN=server, name=FREENAS, emailAddress=xxxxxxx@hotmail.it
Thu Nov 28 20:57:28 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 28 20:57:28 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 28 20:57:28 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 28 20:57:28 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 28 20:57:28 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 28 20:57:28 2013 [server] Peer Connection Initiated with [AF_INET]95.247.239.194:1194
Thu Nov 28 20:57:29 2013 MANAGEMENT: >STATE:1385668649,GET_CONFIG,,,
Thu Nov 28 20:57:30 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Nov 28 20:57:31 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Thu Nov 28 20:57:31 2013 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 28 20:57:31 2013 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 28 20:57:31 2013 OPTIONS IMPORT: route options modified
Thu Nov 28 20:57:31 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Nov 28 20:57:31 2013 MANAGEMENT: >STATE:1385668651,ASSIGN_IP,,10.8.0.6,
Thu Nov 28 20:57:31 2013 open_tun, tt->ipv6=0
Thu Nov 28 20:57:31 2013 TAP-WIN32 device [Connessione alla rete locale (LAN) 3] opened: \\.\Global\{801C6E8E-9ACD-4601-818D-24969CFA46BB}.tap
Thu Nov 28 20:57:31 2013 TAP-Windows Driver Version 9.9
Thu Nov 28 20:57:31 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {801C6E8E-9ACD-4601-818D-24969CFA46BB} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Nov 28 20:57:31 2013 Successful ARP Flush on interface [34] {801C6E8E-9ACD-4601-818D-24969CFA46BB}
Thu Nov 28 20:57:36 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Thu Nov 28 20:57:36 2013 MANAGEMENT: >STATE:1385668656,ADD_ROUTES,,,
Thu Nov 28 20:57:36 2013 C:\Windows\system32\route.exe ADD 192.168.1.1 MASK 255.255.255.0 10.8.0.5
Thu Nov 28 20:57:36 2013 Warning: address 192.168.1.1 is not a network address in relation to netmask 255.255.255.0
Thu Nov 28 20:57:36 2013 ROUTE: route addition failed using CreateIpForwardEntry: Parametro non corretto.  [status=87 if_index=34]
Thu Nov 28 20:57:36 2013 Route addition via IPAPI failed [adaptive]
Thu Nov 28 20:57:36 2013 Route addition fallback to route.exe
Thu Nov 28 20:57:36 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Thu Nov 28 20:57:36 2013 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Nov 28 20:57:36 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Nov 28 20:57:36 2013 Route addition via IPAPI succeeded [adaptive]
Thu Nov 28 20:57:36 2013 Initialization Sequence Completed
Thu Nov 28 20:57:36 2013 MANAGEMENT: >STATE:1385668656,CONNECTED,SUCCESS,10.8.0.6,95.247.239.194

and the green pcs, so i guess the vpn is working, but i cannot access my freenas box via web browser on ping it neither.... WHY???

 

[ShinobiX9X]

Did you add this?
in rc.conf add the line: gateway_enable=”YES”

 

[enemy85]

no, in the rc.conf I just add the following:

openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/mnt/path_to/openvpn/openvpn.conf"

as described in the guide...

I'll try what you suggest me and i'll let u know