I’ve pieced this together from many places. Here is the guide I’ve put together using PIA for the VPN and Transmission for torrent.
VPN TORRENT TRUENAS JAIL SETUP
CREATE A NEW JAIL AND ENTER THE JAIL SHELL
pkg install nano wget
nano /etc/pkg/FreeBSD.conf
EDIT THIS LINE
url:“pkg+http://pkg.FreeBSD.org/$(ABI)/quarterly”,
TO LOOK LIKE THIS
url: “pkg+http://pkg.FreeBSD.org/$(ABI)/latest”,
pkg install openvpn
mkdir /usr/local/etc/openvpn
touch /usr/local/etc/openvpn/auth.txt
echo USERNAME > /usr/local/etc/openvpn/auth.txt
echo PASSWORD >> /usr/local/etc/openvpn/auth.txt
chmod 0600 /usr/local/etc/openvpn/auth.txt
mkdir /usr/local/etc/openvpn/download
cd /usr/local/etc/openvpn/download
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip
touch /usr/local/etc/openvpn/openvpn.conf
CHANGE "LOCATION" TO YOUR DESIRED OVPN LOCATION FILE
cp LOCATION.ovpn /usr/local/etc/openvpn/openvpn.conf
nano /usr/local/etc/openvpn/openvpn.conf
ADD THE FOLLOWING LINE TO THE BOTTOM OF THE FILE:
auth-user-pass /usr/local/etc/openvpn/auth.txt
auth-nocache
sysrc openvpn_enable="YES"
sysrc openvpn_if="tun"
EXIT THE JAIL CONSOLE, ENTER THE MAIN TRUENAS/FREENAS CONSOLE
CHANGE “JAILNAME” TO YOUR JAIL’S NAME
iocage set allow_tun=1 JAILNAME
REBOOT THE TRUENAS/FREENAS SERVER
FROM THE JAIL CONSOLE, TEST OPENVPN
wget -qO - http://wtfismyip.com/text
DISPLAY PUBLIC IP ON JAIL SHELL LOGIN
nano /etc/ipcheck.sh
#!/bin/bash
printf "\\33[0;34mYour public IP address is:\033[0;31m\n"
wget -qO - http://wtfismyip.com/text
printf "\\033[0m"
chmod +x /etc/ipcheck.sh
nano ~/.login
/bin/sh /etc/ipcheck.sh
SETUP KILLSWITCH
nano /usr/local/etc/openvpn/ipfw.rules
THE FILE SHOULD LOOK AS FOLLOWS:
#!/bin/sh
##
# OpenVPN Kill Switch Configuration.
#
# From:
# https://github.com/danjacques/freenasdocs
##
. /etc/network.subr
RULE_NO=1000
fwcmd="/sbin/ipfw"
add_fw() {
${fwcmd} add ${RULE_NO} $*
RULE_NO=$((${RULE_NO}+1))
}
# Flush all current rules before we start.
${fwcmd} -f flush
# Enable loopback.
add_fw allow ip from any to any via lo0
# Enable VPN traffic.
add_fw allow ip from any to any via tun*
# Internal Routing
#
# Change these addresses accordingly for your internal network and netmask.
add_fw allow log ip from any to 192.168.1.0/24 keep-state
# Allow DNS traffic.
#
# OpenVPN configs may use host names, and we'll need to look these up.
# Default route.
add_fw allow log udp from any to any dst-port 53 keep-state
# Allow traffic on OpenVPN UDP port.
#
# If you're using TCP VPN and/or a different port, update accordingly. Consult
# your OpenVPN config for details.
add_fw allow log udp from any to any dst-port 1198 keep-state
# Cleanup rules.
RULE_NO=4000
add_fw allow ip from 127.0.0.1 to any
# VPN Network Access.
RULE_NO=5000
add_fw allow ip from 10.0.0.0/7 to any
add_fw allow ip from any to 10.0.0.0/7
# Block everything else.
RULE_NO=65534
add_fw deny log ip from any to any
nano /etc/rc.conf
ADD THE FOLLOWING LINES
firewall_enable="YES"
firewall_script="/usr/local/etc/openvpn/ipfw.rules"
/etc/rc.d/ipfw start
TEST YOUR FIREWALL
/usr/local/etc/rc.d/openvpn stop
ping 8.8.8.8
SHOULD NOT WORK
/usr/local/etc/rc.d/openvpn start
ping 8.8.8.8
SHOULD WORK
KILLSWITCH IS WORKING
INSTALL/CONFIGURE TRANSMISSION
pkg install transmission
sysrc transmission_enable="YES"
sysrc transmission_user="root"
sysrc transmission_group="wheel"
service transmission stop
nano /usr/local/etc/transmission/home/settings.json
CHANGE
"rpc-whitelist-enabled": true,
TO
"rpc-whitelist-enabled": false,
CHANGE
"umask": 18,
TO
"umask": 7,
CHANGE DOWNLOAD DIRECTORY (IF DESIRED)
sysrc transmission_download_dir="/path/to/download/dir"
service transmission start
VPN TORRENT TRUENAS JAIL SETUP
CREATE A NEW JAIL AND ENTER THE JAIL SHELL
pkg install nano wget
nano /etc/pkg/FreeBSD.conf
EDIT THIS LINE
url:“pkg+http://pkg.FreeBSD.org/$(ABI)/quarterly”,
TO LOOK LIKE THIS
url: “pkg+http://pkg.FreeBSD.org/$(ABI)/latest”,
pkg install openvpn
mkdir /usr/local/etc/openvpn
touch /usr/local/etc/openvpn/auth.txt
echo USERNAME > /usr/local/etc/openvpn/auth.txt
echo PASSWORD >> /usr/local/etc/openvpn/auth.txt
chmod 0600 /usr/local/etc/openvpn/auth.txt
mkdir /usr/local/etc/openvpn/download
cd /usr/local/etc/openvpn/download
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip
touch /usr/local/etc/openvpn/openvpn.conf
CHANGE "LOCATION" TO YOUR DESIRED OVPN LOCATION FILE
cp LOCATION.ovpn /usr/local/etc/openvpn/openvpn.conf
nano /usr/local/etc/openvpn/openvpn.conf
ADD THE FOLLOWING LINE TO THE BOTTOM OF THE FILE:
auth-user-pass /usr/local/etc/openvpn/auth.txt
auth-nocache
sysrc openvpn_enable="YES"
sysrc openvpn_if="tun"
EXIT THE JAIL CONSOLE, ENTER THE MAIN TRUENAS/FREENAS CONSOLE
CHANGE “JAILNAME” TO YOUR JAIL’S NAME
iocage set allow_tun=1 JAILNAME
REBOOT THE TRUENAS/FREENAS SERVER
FROM THE JAIL CONSOLE, TEST OPENVPN
wget -qO - http://wtfismyip.com/text
DISPLAY PUBLIC IP ON JAIL SHELL LOGIN
nano /etc/ipcheck.sh
#!/bin/bash
printf "\\33[0;34mYour public IP address is:\033[0;31m\n"
wget -qO - http://wtfismyip.com/text
printf "\\033[0m"
chmod +x /etc/ipcheck.sh
nano ~/.login
/bin/sh /etc/ipcheck.sh
SETUP KILLSWITCH
nano /usr/local/etc/openvpn/ipfw.rules
THE FILE SHOULD LOOK AS FOLLOWS:
#!/bin/sh
##
# OpenVPN Kill Switch Configuration.
#
# From:
# https://github.com/danjacques/freenasdocs
##
. /etc/network.subr
RULE_NO=1000
fwcmd="/sbin/ipfw"
add_fw() {
${fwcmd} add ${RULE_NO} $*
RULE_NO=$((${RULE_NO}+1))
}
# Flush all current rules before we start.
${fwcmd} -f flush
# Enable loopback.
add_fw allow ip from any to any via lo0
# Enable VPN traffic.
add_fw allow ip from any to any via tun*
# Internal Routing
#
# Change these addresses accordingly for your internal network and netmask.
add_fw allow log ip from any to 192.168.1.0/24 keep-state
# Allow DNS traffic.
#
# OpenVPN configs may use host names, and we'll need to look these up.
# Default route.
add_fw allow log udp from any to any dst-port 53 keep-state
# Allow traffic on OpenVPN UDP port.
#
# If you're using TCP VPN and/or a different port, update accordingly. Consult
# your OpenVPN config for details.
add_fw allow log udp from any to any dst-port 1198 keep-state
# Cleanup rules.
RULE_NO=4000
add_fw allow ip from 127.0.0.1 to any
# VPN Network Access.
RULE_NO=5000
add_fw allow ip from 10.0.0.0/7 to any
add_fw allow ip from any to 10.0.0.0/7
# Block everything else.
RULE_NO=65534
add_fw deny log ip from any to any
nano /etc/rc.conf
ADD THE FOLLOWING LINES
firewall_enable="YES"
firewall_script="/usr/local/etc/openvpn/ipfw.rules"
/etc/rc.d/ipfw start
TEST YOUR FIREWALL
/usr/local/etc/rc.d/openvpn stop
ping 8.8.8.8
SHOULD NOT WORK
/usr/local/etc/rc.d/openvpn start
ping 8.8.8.8
SHOULD WORK
KILLSWITCH IS WORKING
INSTALL/CONFIGURE TRANSMISSION
pkg install transmission
sysrc transmission_enable="YES"
sysrc transmission_user="root"
sysrc transmission_group="wheel"
service transmission stop
nano /usr/local/etc/transmission/home/settings.json
CHANGE
"rpc-whitelist-enabled": true,
TO
"rpc-whitelist-enabled": false,
CHANGE
"umask": 18,
TO
"umask": 7,
CHANGE DOWNLOAD DIRECTORY (IF DESIRED)
sysrc transmission_download_dir="/path/to/download/dir"
service transmission start