Help with VPN

[aiden21c]

Hi! I was hoping I might be able to get a hand with setting up a VPN on TrueNAS Scale 22.02.2.1.
I have followed steps according to two tutorials. This tutorial guided me through configuring the relevant certificates required to set up the OVPN server, as well as adding the static route within the NAS and adding the additional parameters to the server. I have set my OVPN server on the 192.168.10.0/24 network, where my LAN is 192.168.0.0/24.

I then attempted to configure NAT using this tutorial. This instructed me to first add net.ipv4.ip_forward with a value of 1 to Sysctl, then add the following PostInit scripts to my init/shutdown scripts:

Code:

NAT Rule 1:        nft add table ip nat                                                                                        POSTINIT
NAT Rule 2:        nft 'add chain ip nat prerouting { type nat hook prerouting priority 0 ; }'                                    POSTINIT
NAT Rule 3:        nft 'add chain ip nat postrouting { type nat hook postrouting priority 100 ; }'                                POSTINIT
NAT Rule 4:        nft 'add rule nat postrouting iifname openvpn-server oifname br0 ip saddr 192.168.10.0/24 masquerade'    POSTINIT

Somewhere along in this process I was able to access the TrueNAS webpage over the VPN connection, including accessing it's webpage and a VNC of a hosted VM via the VPN address of 192.168.10.1 or the LAN address of 192.168.0.100. I was unable to access any other devices within my LAN however. Somewhere along, this functionality broke as I was aiming to set up full LAN access. When I connect to the server using a remote OVPN client, I am successfully assigned an IP within the 192.168.10.0/24 network, however the client device then becomes completely offline, having no access to either the VPN network not the LAN or the public internet.

I'm not too sure exactly what I'm doing wrong and was hoping I might be able to get some help. Thank you!

PS: If it helps, I do have a slightly unique network setup on the server, in which the local IP of 192.168.0.100 is actually assigned to a bridge labelled br0. This was to allow for my VM to access my local network for network shares and such.

 

[HunorR]

i have the same problem.. personaly i made a VM where i installed pivpn and i am using that for now. if i connect true truenas scale VPN server i can ping the truenas host and that's it, i can't communicate with the outside world

 

[aiden21c]

i have the same problem.. personaly i made a VM where i installed pivpn and i am using that for now. if i connect true truenas scale VPN server i can ping the truenas host and that's it, i can't communicate with the outside world

I found a solution:

First follow this guide to set up the OVPN server itself. Ensure not to set up any static routing however, but make sure to add the additional parameters to the server. Also ensure to change the client config file to add your ddns address outlined in the video.

This forum post then outlines how to set up the NAT rules and such on the server. Ensure to follow this from top to bottom.

Let me know if you need any further help and I'm happy to run you through it.

 

[HunorR]

phuu thank you for the quick response! now its working :D

 

[HunorR]

after doing this do you have any system warning?

I am receivin this message in truenas:

Core files for the following executables were found: /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:06 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:06 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:07 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:07 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:08 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:08 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:09 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:10 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:43:12 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:48:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:48:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:53:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:53:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:58:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 15:58:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:03:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:03:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:08:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:08:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:13:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:13:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:18:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:18:04 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:18:30 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:18:59 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:19:02 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:19:59 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:20:51 2022), /usr/sbin/xtables-nft-multi (Wed Jul 13 16:20:53 2022). Please create a ticket at https://jira.ixsystems.com/ and attach the relevant core files along with a system debug. Once the core files have been archived and attached to the ticket, they may be removed by running the following command in shell: 'rm /var/db/system/cores/*'.

 

[aiden21c]

after doing this do you have any system warning?

I am receivin this message in truenas:

I have filed a bug ticket for this. I didn't realise it had something to do with this process but it seems VPN related seeing as you're experiencing it too. I honestly had no idea it had anything to do with this. It doesn't seem to effect anything else across the system however.

Maybe you can add your experience to my bug ticket to help get it fixed sooner?

Log in with Atlassian account

Log in to Jira, Confluence, and all other Atlassian Cloud products here. Not an Atlassian user? Sign up for free.

ixsystems.atlassian.net

 

[HunorR]

i dont have acces to your ticket

But as you where saying, i didn't notice any problems on the server, everything is working fine, just the error message is geting longer

 

[aiden21c]

i dont have acces to your ticket
View attachment 56831

But as you where saying, i didn't notice any problems on the server, everything is working fine, just the error message is geting longer

It appears the issue may have been fixed. I'm going to give it a go today and update the ticket if the issue still persists. You're more than welcome to make your own ticket of the same issue to ensure it gets handled quickly also.

To manage the errors, I changed the error and brought its importance down 1 level, so that I don't get emails from the bug. I was getting over 100 emails a day every time a new core is created and it was getting out of hand.

 

[Jani11]

Hey,
I am getting the same notifications after setting up the VPN.

/usr/sbin/xtables-nft-multi....​

are there any updates regarding youre ticket? @aiden21c

 

[aiden21c]

Hey,
I am getting the same notifications after setting up the VPN.

/usr/sbin/xtables-nft-multi....​

are there any updates regarding youre ticket? @aiden21c

Hi,
Im so sorry for such a late reply, ive been overseas and not been anywhere near my laptop for a while.

I finally had a look at this, and since the release of Truenas Scale Bluefin, there has been seemingly no improvements. I have actually decided I am going to move all my VPN needs to "wg-easy" and after following this instructional document, I have it working a charm with no need for any OVPN jank.

Hope this helps.