FreeNAS-11 replication over openvpn setup?

[foogaamoo]

Hi!

Here's my scenario. I'd like to setup FreeNAS-11 replication between two remote servers over an openvpn tunnel. Hopefully a common scenario.

I could get openvpn installed/setup in a FreeNAS jail and was able to successfully connect to the remote FreeNAS server.

For the FreeNAS replication to work, would I need to install openvpn into the root OS? Researching other responses - sounds like its not advised to install in root OS. If this is true, then is there some way to have the FreeNAS replication task work over the jail IP address?

Thanks!

 

[m0nkey_]

Set-up the VPN in a jail, then set a static route in the UI.

http://doc.freenas.org/11/network.html#static-routes

 

[foogaamoo]

To help others, here are my steps:

• Enabled VPN service on Netgear R7000 router.
• Followed step 5 & 7 in this doc: https://www.ovpn.com/en/guides/freenas
• Downloaded and then expanded non-windows.zip (R7000 router provides this zip package after enabling VPN service) to /usr/local/etc/openvpn
• Symlink openvpn.conf -> client2.conf
• Added these lines to openvpn.conf file

Code:

ifconfig <IP address for vpn endpoint> 255.255.255.0
script-security 2
up /usr/local/etc/openvpn/fw.up
down /usr/local/etc/openvpn/fw.down
up-restart

/usr/local/etc/openvpn/fw.up

Code:

#!/bin/csh
/sbin/ipfw -q -f flush
/sbin/ipfw -q nat 1 config if tap0
/sbin/ipfw -q add nat 1 all from any to any via any

/usr/local/etc/openvpn/fw.down

Code:

#!/bin/csh
/sbin/ipfw -q -f flush

• Used the gateway,firewall information from this post: https://forums.freenas.org/index.php?threads/openvpn-client-jail.48473/. I used a TAP connection so replaced tun0 with tap0; use netstat -rn to lookup the endpoint name.

/usr/local/etc/ipfw.rules [note: if the ipfw rules were applied before the vpn tunnel was established, then the tunnel would get blocked. Moving the nat rules to openvpn conf as up/down scripts solved this problem.]

Code:

ipfw -q -f flush

• Using FreeNAS web UI, added a static rule to <remote network> gw to openvpn jail IP Address.
• On the primary FreeNAS server (no openvpn jail), use the web UI to add a static route to the backup FreeNAS (with the openvpn jail) network using gw to <tap0 ip address>.
• Test both FreeNAS server can access each other and then setup your replication task.