Any OpenVPN guides for FreeNAS 9.1.1?

Status
Not open for further replies.

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
Did you add this?
in rc.conf add the line: gateway_enable=”YES”


I did as u suggested me to do...but nothing is changed...

when i connect through the OPENVPN GUI i get:
Code:
Sun Dec 01 13:10:49 2013 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sun Dec 01 13:10:49 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Dec 01 13:10:49 2013 Need hold release from management interface, waiting...
Sun Dec 01 13:10:50 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Dec 01 13:10:50 2013 MANAGEMENT: CMD 'state on'
Sun Dec 01 13:10:50 2013 MANAGEMENT: CMD 'log all on'
Sun Dec 01 13:10:50 2013 MANAGEMENT: CMD 'hold off'
Sun Dec 01 13:10:50 2013 MANAGEMENT: CMD 'hold release'
Sun Dec 01 13:10:50 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Dec 01 13:10:50 2013 MANAGEMENT: >STATE:1385899850,RESOLVE,,,
Sun Dec 01 13:10:50 2013 UDPv4 link local: [undef]
Sun Dec 01 13:10:50 2013 UDPv4 link remote: [AF_INET]87.7.4.77:1194
Sun Dec 01 13:10:50 2013 MANAGEMENT: >STATE:1385899850,WAIT,,,
Sun Dec 01 13:10:50 2013 MANAGEMENT: >STATE:1385899850,AUTH,,,
Sun Dec 01 13:10:50 2013 TLS: Initial packet from [AF_INET]87.7.4.77:1194, sid=b2b45702 f3847e32
Sun Dec 01 13:10:51 2013 VERIFY OK: depth=1, C=IT, ST=BA, L=xxxxx, O=xxxxxx, OU=xxxxxx, CN=xxxxxx, name=xxxxxx, emailAddress=xxxxxxx@hotmail.it
Sun Dec 01 13:10:51 2013 VERIFY OK: nsCertType=SERVER
Sun Dec 01 13:10:51 2013 VERIFY OK: depth=0, C=IT, ST=BA, L=xxxxx, O=xxxxxx, OU=xxxxx, CN=server, name=FREENAS, emailAddress=xxxxxxx@hotmail.it
Sun Dec 01 13:10:54 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Dec 01 13:10:54 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 01 13:10:54 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Dec 01 13:10:54 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 01 13:10:54 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Dec 01 13:10:54 2013 [server] Peer Connection Initiated with [AF_INET]87.7.4.77:1194
Sun Dec 01 13:10:55 2013 MANAGEMENT: >STATE:1385899855,GET_CONFIG,,,
Sun Dec 01 13:10:57 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Dec 01 13:10:57 2013 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.1 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sun Dec 01 13:10:57 2013 OPTIONS IMPORT: timers and/or timeouts modified
Sun Dec 01 13:10:57 2013 OPTIONS IMPORT: --ifconfig/up options modified
Sun Dec 01 13:10:57 2013 OPTIONS IMPORT: route options modified
Sun Dec 01 13:10:57 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Dec 01 13:10:57 2013 MANAGEMENT: >STATE:1385899857,ASSIGN_IP,,10.8.0.6,
Sun Dec 01 13:10:57 2013 open_tun, tt->ipv6=0
Sun Dec 01 13:10:57 2013 TAP-WIN32 device [Connessione alla rete locale (LAN) 3] opened: \\.\Global\{801C6E8E-9ACD-4601-818D-24969CFA46BB}.tap
Sun Dec 01 13:10:57 2013 TAP-Windows Driver Version 9.9
Sun Dec 01 13:10:57 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {801C6E8E-9ACD-4601-818D-24969CFA46BB} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Dec 01 13:10:57 2013 Successful ARP Flush on interface [34] {801C6E8E-9ACD-4601-818D-24969CFA46BB}
Sun Dec 01 13:11:02 2013 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
Sun Dec 01 13:11:02 2013 MANAGEMENT: >STATE:1385899862,ADD_ROUTES,,,
Sun Dec 01 13:11:02 2013 C:\Windows\system32\route.exe ADD 192.168.1.1 MASK 255.255.255.0 10.8.0.5
Sun Dec 01 13:11:02 2013 Warning: address 192.168.1.1 is not a network address in relation to netmask 255.255.255.0
Sun Dec 01 13:11:02 2013 ROUTE: route addition failed using CreateIpForwardEntry: Parametro non corretto.  [status=87 if_index=34]
Sun Dec 01 13:11:02 2013 Route addition via IPAPI failed [adaptive]
Sun Dec 01 13:11:02 2013 Route addition fallback to route.exe
Sun Dec 01 13:11:02 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 01 13:11:02 2013 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Dec 01 13:11:02 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Sun Dec 01 13:11:02 2013 Route addition via IPAPI succeeded [adaptive]
Sun Dec 01 13:11:02 2013 Initialization Sequence Completed
Sun Dec 01 13:11:02 2013 MANAGEMENT: >STATE:1385899862,CONNECTED,SUCCESS,10.8.0.6,87.7.4.77



any other suggestions???
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
Anyone who can help me or have other suggestions? I really can't understand where I'm doing wrong...
 

ShinobiX9X

Contributor
Joined
Mar 6, 2013
Messages
141
Code:
# Sample OpenVPN 2.0 config file for
# multi-client server.
 
#replace x.x.x.x with freenas ip
local 192.168.1.73
port 1194
proto udp
dev tun
#change the paths and filenames below to match what you did
ca /mnt/path_on_my_nas/openvpn/keys/ca.crt
cert /mnt/path_on_my_nas/openvpn/keys/server.crt
key /mnt/path_on_my_nas/openvpn/keys/server.key
dh /mnt/path_on_my_nas/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#change x.x.x.x to match your network ip range
#ie 192.168.0.0 or 10.0.0.0
push “route 192.168.1.1 255.255.255.0″       try to change to : push "route 192.168.1.0 255.255.255.0"
#replace x.x.x.x with freenas ip
route 192.168.1.73 255.255.255.0 10.8.0.1
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
I'll try that this afternoon and let u know. Thank you
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757


nothing changed...even trying to change to : push "route 192.168.1.0 255.255.255.0"
:(:(:(
 

ShinobiX9X

Contributor
Joined
Mar 6, 2013
Messages
141
nothing changed...even trying to change to : push "route 192.168.1.0 255.255.255.0"
:(:(:(



I don't know but it's because the following: Warning: address 192.168.1.1 is not a network adress in relation to netmask 255.255.255.0
and mine is 192.168.1.0

what does it say when changed to 192.168.1.0?
I don't know if it's nessaccary, but did you restart the openvpn service on the server, maybe it's at start it reads the configuration?

  1. Sun Dec 01 13:11:02 2013 C:\Windows\system32\route.exe ADD 192.168.1.1 MASK 255.255.255.0 10.8.0.5
  2. Sun Dec 01 13:11:02 2013 Warning: address 192.168.1.1 is not a network address in relation to netmask 255.255.255.0
  3. Sun Dec 01 13:11:02 2013 ROUTE: route addition failed using CreateIpForwardEntry: Parametro non corretto. [status=87 if_index=34]
 

DeliveryGuy

Dabbler
Joined
Dec 6, 2011
Messages
35
Give this a shot for starters. In your Server Config, change: push “route 192.168.1.1 255.255.255.0″
to push “route 192.168.1.0 255.255.255.0″
The fallback answer is to connect to 10.8.0.1 instead of using the 192.168.x.x address. That will only work if you only need to connect to the FreeNas box.




Just saw the two posts above...need caffeine.
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
I don't know but it's because the following: Warning: address 192.168.1.1 is not a network adress in relation to netmask 255.255.255.0
and mine is 192.168.1.0

what does it say when changed to 192.168.1.0?
I don't know if it's nessaccary, but did you restart the openvpn service on the server, maybe it's at start it reads the configuration?

You are a GENIUS and I'm so stupid! I didn't restarted the service!
now it seems to work! great!

just don't understand why it works with 192.168.1.0 and no with 192.168.1.1 as my real router works...but ok, it's just great it works!
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757

ShinobiX9X

Contributor
Joined
Mar 6, 2013
Messages
141
.1 is a (used) adress, .0 is to tell where the network ip's range or so (i can't explain)
 

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
Because those numbers utilize a bitmask operation to figure out the host number and the network number.
With the extra '1', you will get a totally different network number from when it is a '0'.
Wikipedia has a more in-depth explanation here if you're interested.
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
ok, now that vpn works I have another question...

there is a way to improve the speed of transfers while using openvp? I noticed that it's more than 10 times slower while using openvpn... It's just my situation or it's something common?
there is something that can be set?
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
Does anybody has any knowledge about openvpn speed???
 

ShinobiX9X

Contributor
Joined
Mar 6, 2013
Messages
141
I suppose you use openvpn from outside your network, then it's also depending from internet speeds which usually are a lot slower than your lan (100m - 1g).
 

Whattteva

Wizard
Joined
Mar 5, 2013
Messages
1,824
OpenVPN speeds are limited by your connection's upstream speed (which is typically really really slow, only 1 Mbps for me). Not many ISP's offer fast upstream speeds. Verizon FIOS is the only one I know of that can offer up to 25 Mbps upstream, but besides that, upstream speeds generally sucks because they don't like you hosting things on your home network (some even block ports).
 

enemy85

Guru
Joined
Jun 10, 2011
Messages
757
OpenVPN speeds are limited by your connection's upstream speed (which is typically really really slow, only 1 Mbps for me). Not many ISP's offer fast upstream speeds. Verizon FIOS is the only one I know of that can offer up to 25 Mbps upstream, but besides that, upstream speeds generally sucks because they don't like you hosting things on your home network (some even block ports).


well i know that the bottleneck of the whole system speed is always the upstream speed, that for me it's just 480 kbps...but here it's even much slower....2-3 kB/s so that's why i was wondering...
 

demonLaMagra

Cadet
Joined
Dec 21, 2013
Messages
2
Hey guys, im following this guide to install OpenVPN http://joepaetzel.wordpress.com/2013/09/22/openvpn-on-freenas-9-1/

I have ran in to the issues detailed below when trying to create the CA.cert.

[root@freenas] /mnt/NAS/openvpn# chmod -R 755 easy-rsa/2.0/*
[root@freenas] /mnt/NAS/openvpn# cd easy-rsa/2.0
[root@freenas] /mnt/NAS/openvpn/easy-rsa/2.0# sh
# ./clean-all
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /mnt/NAS/openvpn/easy-rsa/2.0/keys
# ./build-ca
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.​
Any ideas?

cheers

UPDATE:

when i try to source ./vars i get the follwing output.

Code (text):
  1. [root@freenas] /mnt/NAS/openvpn/easy-rsa/2.0# source ./vars
  2. export: Command not found.
  3. export: Command not found.
  4. export: Command not found.
  5. export: Command not found.
  6. EASY_RSA: Undefined variable.
  7. export: Command not found.
  8. EASY_RSA: Undefined variable.
 

Cosmo_Kramer

Contributor
Joined
Jan 9, 2013
Messages
103
I did this in freenas 8.3. in the comments of joe paetzel's guide you'll find:


1

0


Rate This
ok…so this i a hack, but here is a link to the standard stuff from /usr/local/share/doc/openvpn/
http://joepaetzel.files.wordpress.com/2012/09/openvpn.jpg
Download that, change the extension to .tar, then uncompress it. Copy it to your FreeNas box however you want. I just copied it to a share on the FreeNas box then moved it from there.
Hope that helps.
So it seems the openvpn files aren't in 9.1 after all?

Any idea if this will work in a jail?
 

DeliveryGuy

Dabbler
Joined
Dec 6, 2011
Messages
35
Hey guys, im following this guide to install OpenVPN http://joepaetzel.wordpress.com/2013/09/22/openvpn-on-freenas-9-1/
I have ran in to the issues detailed below when trying to create the CA.cert.
[root@freenas] /mnt/NAS/openvpn# chmod -R 755 easy-rsa/2.0/*
[root@freenas] /mnt/NAS/openvpn# cd easy-rsa/2.0
[root@freenas] /mnt/NAS/openvpn/easy-rsa/2.0# sh
# ./clean-all
Please source the vars script first (i.e. "source ./vars")
Make sure you have edited it to reflect your configuration.
# . ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /mnt/NAS/openvpn/easy-rsa/2.0/keys
# ./build-ca
Please edit the vars script to reflect your configuration,
then source it with "source ./vars".
Next, to start with a fresh PKI configuration and to delete any
previous certificates and keys, run "./clean-all".
Finally, you can run this tool (pkitool) to build certificates/keys.
Any ideas?
cheers
UPDATE:
when i try to source ./vars i get the follwing output.
Code (text):
  1. [root@freenas] /mnt/NAS/openvpn/easy-rsa/2.0# source ./vars
  2. export: Command not found.
  3. export: Command not found.
  4. export: Command not found.
  5. export: Command not found.
  6. EASY_RSA: Undefined variable.
  7. export: Command not found.
  8. EASY_RSA: Undefined variable.


Looks like you did not switch your shell to sh

Type sh , then hit return. Then try
. ./vars
 
Status
Not open for further replies.
Top