How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT

[JW0914]

As far as having a thorough understanding of 2048 and AES 256, I do not... I just know going with 256 > 128 and 2048 > 1024 creates a stronger encryption that will literally be uncrackable until at least 2100 via Moore's Law; however, quantum computing does exist, as do diamond processors [literally the best material to use for a processor] and Moore's Law does not apply to quantum computing. Both AES-128 and 1024 bit encryption have been cracked and a person is able to do so in a matter of days if they know what they're doing.

Now, is it likely your encryption will be cracked if you use either, it's not likely, but that depends on a number of factors. We all maintain private files, many of which are irreplaceable mementos, such as pictures, finance records, etc. on our network devices, and on the off chance your encryption is cracked on a VPN, it would allow an attacker unfettered access not just to your VPN, but all devices on the network that VPN points to. It simply isn't worth the risk, especially when there's no noticeable lag from utilizing AES-256 > AES-128 and 2048bit > 1024bit.

I'm self-taught for the most part with networking, and I only know what I've shared here from trial and error with my own VPN over the past 2 weeks or so. I do know while researching how to create and setup a VPN. I did come across an article that explained very nicely why you should use one over the other, and if I can find the bookmark, I'll post the link.

EDIT:
(There's a point to this, so bare with me)
Most don't realize just how easy it is to steal someone's identity, however if you've shopped from Amazon recently, you might have noticed if you attempt to add a new address, you have to verify a full credit card number for a card you have on file (a pain, if like me, you have an Amazon Credit Account and it's not an actual card, just a number, and Amazon doesn't print it on your bill).

This policy occurred after a reporter had his ipad/iphone hacked at home, which allowed access to his other network devices, and he had hundreds in fraudulent charges on Amazon because the attackers were able to get the last 4 of a card on file, along with another meaningless piece of info (might have been his street address or email) from his devices, then were able to call Amazon and they were able to take over his account because Amazon's policies at the time permitted the change with just the last four of card number. This journalist was able to track down the attackers, and after agreeing not to file charges, was able to get the attackers to explain how they had accomplished the attack.

This was either on 60 minutes, or possibly Frontline, about a year ago, but my point with this is if someone is able to successfully execute an attack and gain unfettered access to your VPN and LAN, it doesn't take but a few scraps of random information we all have on our devices to allow the attacker to cause serious, and quite stressful, damage to one's life and finances. One should always error on the side of caution when it comes to security, and is why, for example, a person who knows about networking will always tell you to set up a firewall to deny all traffic and add rules to allow allow what needs to be allowed out and allowed in. It's time consuming, tedious work, and due to this, most don't bother, leaving them with a false sense of security.

 

[JJT211]

Yea I agree with you overall that if there isnt a speed penalty, then using stronger encryption is a no-brainer.

But for the sake of discussion, here's another article from the same source regarding that AES-128 'crack', and how in all practical terms, AES-128 is as strong as can be. Let me first make a disclaimer though, that im speaking in purely mathematical and technical terms. Social engineering is a completely diff ball game.

https://blog.agilebits.com/2011/08/18/aes-encryption-isnt-cracked/

He even quotes the actual research paper that accomplished the feat. It's an easy read, see below.

An otherwise excellent article over at The Inquirer has a very unfortunate title: AES encryption is cracked. AES is the Advanced Encryption Standard and is at the heart of so much encryption used today by governments, militaries, banks, and all of us. It is used by 1Password and less directly by Knox for Mac. It is the work horse of modern cryptography, and modern computer chips even have components built is to allow AES to be used efficiently. If AES were to be found weakened in any meaningful way, it would be very bad news for a lot of people.

Before I get into what has happened, I’d like to quote from the research paper itself: “As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.”

And quoting the Inquirer’s interview with Andrey Bogdanov, one of the researchers, we learn

“To put this into perspective: on a trillion machines, that each could test a billion keys per second, it would take more than two billion years to recover an AES-128 key,” the Leuven University researcher added. “Because of these huge complexities, the attack has no practical implications on the security of user data.” Andrey Bogdanov told The INQUIRER that a “practical” AES crack is still far off but added that the work uncovered more about the standard than was known before.

“Indeed, we are even not close to a practical break of AES at the moment.”

What’s the news
I’ve been trying to work through the actual paper and presentation slides by Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger who were visiting Microsoft Research when they developed this. And although this research is far from having any practical influence on the use of AES it is actually fairly big news.

Cryptographers use the word “broken” in a very special way. If an attack on an algorithm can be computed with fewer computations than is required to check every single possible key, then the system is “broken”. Even if the improvement in the number of computations is negligible (as in this case) and even if other resources needed to get that small advantage are outrageously huge (again as in this case) it still gets called “broken”. But in this very specialized sense of the word “broken” the new research represents the first break of the full AES. It also displays the power of a technique developed earlier by the authors.

Impracticality #1: Impossible amounts of data
The authors calculate the best attack using their technique on AES with a 128 bit key requires storing 288 bits of data. That works out to about 38 trillion terabytes of data. Although estimates are hard to pin down, this is more than all the data stored on all the computers on the planet.

Impracticality #2: All for a two-bit gain
The number of encryptions that have to be performed to recover a 128 bit AES key is 2126.1instead of the 2128 encryptions it would take to try all of the possible keys. This is a very small gain, as a 126-bit key (instead of 128-bits) would still take billions of years.

Impracticality #3: Lots of known plaintext needed
I may be misreading the research, but I believe that to discover an AES key, an attacker needs an enormous amount of known plaintext. That is, the attacker needs to already have a huge amount of information in both decrypted and encrypted form. I don’t know exactly how “huge” this will be, but I expect it to be far larger than any data anyone would or could encrypt using 1Password. I’m speculating here until I get a better grasp of things. Indeed, the amount is almost certainly related to the amount of data needed in “Impracticality #1″.

So this all doesn’t represent any threat to the practical use of AES for any purpose it is used for. An unfeasible amount of data needs to be stored in order to gain an insignificant improvement over just trying every key. But what it does do is highlight features of AES that make it subject to this kind of attack. Whether attacks based on this ever become any kind of real threat, we can bet that successors of AES will incorporate mechanisms to thwart them.

Where’s the meat? It’s in the middle
From here on out, I will try to explain some of what I understand from the new attack. There is much that I don’t understand of this, but I will give a broad outline and then wave my hands a bit. This part gets very technical, and I won’t be the slightest bit hurt if you stop reading here.

You may have heard of 3DES (Triple DES) which was used in many places before AES was settled upon as a replacement. The old Data Encryption Standard (DES) uses 56 bit keys. By the time we got into the 1980s it was absolutely clear that 56 bits was no longer enough for a key size. One could imagine (as many people did) taking two DES keys and just encrypting your data twice, first with one DES key and then taking that output and encrypting that with the second DES key. This, you might think, would get you the strength of a 112 bit key. It doesn’t.

It turns out that if you have an sample plaintext and ciphertext pair what you can do is try everyone one of the 256 possible keys on the plaintext and also try everyone of the possible keys on the ciphertext as well. You will then find that there is an overlap of results. Some things that the plaintext encrypts into with one key will be the same as what the ciphertext decrypts into. This will give you (pretty much) the two 56 bit keys. This looking for where the output of one can meet up with the input of the other leads to this being called a “meet-in-the-middle” attack (not to be confused with a “man-in-the-middle” attack which is something else entirely). Note that in doing this, we “only” had to work through 256 keys twice. That is the same as working through 257 once. So double encrypting with DES only improved the security by one bit. This is why to get 112 bit strength out of DES we need to go through it three times, and so even though it allows for double the number of key bits, it is actually Triple DES.

Now back to AES. Ciphers like AES go through multiple rounds of scrambling and manipulating the data. They also have various internal states as they process a block of data with a key. If we find an internal variable that allows us to break the encipherment into two halves then it is possible to do a meet-in-the-middle attack on that. AES, along with every modern cipher, is designed with this in mind. It is designed with enough rounds and interactions among them so that a standard meet-in-the-middle attack will not be quicker than simply trying every key.

Instead of doing the traditional meet-in-the-middle attack, the new attack constructs entities that group internal states, potential keys which complement each other in specific ways, and ciphertext into what they call “bicliques”. By using these more abstract entities instead of an intermediate variable, the attack can avoid some of the limitations on meet-in-the-middle attacks and be effective over a greater number of rounds. By carefully selecting which potential keys go into which biclique, some computation can be reduced by avoiding any duplication of effort. I still haven’t managed to understand, even in overview, how and why these bicliques do what they do, so I can’t say much more.

Thanks for joining me
If you’ve read this far (including the last section) then I thank you for joining me through my process of trying to understand this new attack on AES. Even though it has no practical implications, I find this stuff oddly fascinating. If you’ve just skipped right to the bottom (not an unreasonable thing to do at all) then let me say again everyone who has studied this, including the authors of the attack, state that this has no implications whatsoever for the practical use of AES.

 

[FlyingPersian]

Hi
I've been trying this for a while, but I can't get it to work properly. I am able to connect to the network, but I can't reach any IPs.
My home network is in 192.168.1.0 (standard gateway is 192.168.1.1, openvpn Jail is 192.168.1.10 and FreeNAS is 192.168.1.23)
My VPN (server) network is set to 10.8.0.0
The network I connect from is 192.168.2.1, but I think that's not that important.

My server.conf:

Code:

local 192.168.1.10
port 1195
proto udp
dev tun0
ca /openvpn/keys/ca.crt
cert /openvpn/keys/server.crt
key /openvpn/keys/server.key  # This file should be kept secret
dh /openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /openvpn/ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /openvpn/keys/ta.key 0 # This file is secret
comp-lzo
max-clients 5
persist-key
persist-tun
status /openvpn/openvpn-status.log
log         /openvpn/openvpn.log
verb 4

This is my original server.conf. I've added this line after I read your tutorial:

Code:

route 192.168.1.10 255.255.255.0 10.8.0.1

With or without that line doesn't make a difference. I can't ping any IPs, nor on the 192.168.1.x network nor on 10.8.0.x.

Any ideas what I can do to fix this?

edit: I've deleted some stuff I wrote about ipfw.rules that didn't work properly. That is working now and hasn't been the issue.

edit2: I figured out that this is a windows-related problem. It works like a charm on my Nexus.


Kind Regards

 

[piccia]

1) Hello everyone, new user here :)
2) thanks for your excellent guide, it's very clear!
3) Just a minor note: in order to have my connection working, I had to add "key-direction 1" to the client configuration. Just in case someone else ran in the same problem...

 

[FlyingPersian]

So as said in my last answer the issue seems to be windows-related as it's working fine on my Nexus. This is the log of my windows laptop:

Code:

C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.8.0.5
Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Warning: route gateway is not reachable on any active network adapters: 10.8.0.5
Route addition via IPAPI failed [adaptive]
Route addition fallback to route.exe
env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.2.1 p=0 i=11 t=4 pr=3 a=12113 h=0 m=25/0/0/0/0
10.8.0.1 255.255.255.255 10.8.0.5 p=0 i=11 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=548178 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=548178 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=548178 h=0 m=306/0/0/0/0
192.168.1.0 255.255.255.0 192.168.1.200 p=0 i=15 t=3 pr=3 a=34744 h=0 m=276/0/0/0/0
192.168.1.0 255.255.255.0 10.8.0.5 p=0 i=11 t=4 pr=3 a=0 h=0 m=26/0/0/0/0
192.168.1.200 255.255.255.255 192.168.1.200 p=0 i=15 t=3 pr=3 a=34744 h=0 m=276/0/0/0/0
192.168.1.255 255.255.255.255 192.168.1.200 p=0 i=15 t=3 pr=3 a=34744 h=0 m=276/0/0/0/0
192.168.2.0 255.255.255.0 192.168.2.103 p=0 i=11 t=3 pr=3 a=12113 h=0 m=281/0/0/0/0
192.168.2.103 255.255.255.255 192.168.2.103 p=0 i=11 t=3 pr=3 a=12113 h=0 m=281/0/0/0/0
192.168.2.255 255.255.255.255 192.168.2.103 p=0 i=11 t=3 pr=3 a=12113 h=0 m=281/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=548178 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.1.200 p=0 i=15 t=3 pr=3 a=35221 h=0 m=276/0/0/0/0
224.0.0.0 240.0.0.0 192.168.2.103 p=0 i=11 t=3 pr=3 a=12117 h=0 m=281/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=548178 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.1.200 p=0 i=15 t=3 pr=3 a=35221 h=0 m=276/0/0/0/0
255.255.255.255 255.255.255.255 192.168.2.103 p=0 i=11 t=3 pr=3 a=12117 h=0 m=281/0/0/0/0

I google the error (in red) and some guy said that adding the following line to his config fixed it, but it didn't fix it for me:

Code:

push "dhcp-option WINS 10.0.0.1"

Any ideas how I could fix this?

edit: When I add the following to lines to the .opvn (on my laptop) I can remove the error, but I still can't ping any IPs in that network.

Code:

route-method exe
route-delay 2[ /code]

Log:

Code:
Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
MANAGEMENT: >STATE:1429569192,CONNECTED,ERROR,10.8.0.6,xx.xx.xx.xx

EDIT: Okay I fixed it. I think the issue was that I had a different .opvn file as well that was using a TAP connection I created it long time ago and which I still used to connect to the same network, just a different server. Before I had these lines in my logfile of the new TUN connection which made me suspicious as the IP mentioned (192.168.1.200) belongs to the old TAP connection:

Code:
TAP-Windows Adapter V9
  Index = 15
  GUID = {751CD2ED-A2B9-4A4D-8D11-329D3B151F87}
  IP = 192.168.1.200/255.255.255.0
  MAC = 00:ff:75:1c:d2:ed
  GATEWAY = 0.0.0.0/255.255.255.255
  DHCP SERV = 192.168.1.0/255.255.255.255
  DHCP LEASE OBTAINED = Mon Apr 20 14:33:36 2015
  DHCP LEASE EXPIRES  = Tue Apr 19 14:33:36 2016
  DNS SERV =  

So I uninstalled OpenVPN, deleted the remaining folder, reinstalled it and only used the .opvn file of the new connection et voila, it works.

 

[Jag_Five-O]

So I have literally tried all the suggestions every which way and while I can connect to the OpenVPN server I am never able to access anything on the network.

 

[JJT211]

Yea, i dont know what to tell ya other than it def hasnt worked for everyone, even the more experienced members. Hence why theres hardly anyone supporting this thread.

Here's an alternative and possibly a better and more secure option for remote access.

https://forums.freenas.org/index.ph...r-freenas-server-remotely-and-securely.27376/

 

[adrianwi]

I've set this up a few times following the OP tutorial and it's worked each time. On occasion, a reboot (not just the jail) has helped.

 

[Krowvin]

I haven't had the chance to try this, but it just occurred to me that you might have to right click the openvpn gui (on windows) and click "Run as administrator" when trying to connect to the vpn.

If someone (can connect, but can't ping any lan pcs) gets a chance to try this, let us know!

 

[JJT211]

I can connect, can ping and access everything in my LAN. Comp ip doesnt show as up as LAN ip though

 

[JJT211]

So I have literally tried all the suggestions every which way and while I can connect to the OpenVPN server I am never able to access anything on the network.

So if it makes you feel any better, I cant connect anymore!

A month back, I screwed up the permissions of all of my jails and had to completely redo everything.

When I recreated OpenVPN, to my surprise, it actually worked, at first. But then yesterday when I tried to VPN in to my system (of course as im trying to show-off my server), I was having the same prob as before. I can connect to OpenVPN but cannot access anything else inside LAN! I've started over from scratch numerous times now and still nothing!

Worth noting:
- During initial config, I had to make sure I did a "pkg update" and then "pkg upgrade" before anything else or I wouldn't be able to start the openvpn service.
- I connected my phone to the VPN, and while SSH'd inside the jail with my comp, I tried pinging my phone (which reports IP of 10.0.8.6) - Nothing
- Ping from inside jail to inner firewall IP (10.0.8.1) - good
- I exited the openVPN jail to the root of FreeNAS and pinged the outside firewall 10.1.1.14 - Nothing
- I pinged openVPN jail - good

So its either the OVPN Firewall or the OVPN client thinks its connected to the jail, when it really is not. I dunno

When I have more time, Ill try some of JW0914's suggestions.

 

[Jag_Five-O]

That certainly doesn't make me feel better. In fact I hate the fact it isn't working for you but maybe we can continue to trouble shoot this together.

 

[Jag_Five-O]

Not really sure what I did but I did an update on my FreeNAS and now it works! At least from my phone. I haven't tested a laptop yet, but it looks like I am now there. Maybe update your box and see if that helps.

 

[JJT211]

That certainly doesn't make me feel better. In fact I hate the fact it isn't working for you but maybe we can continue to trouble shoot this together.

Yea I know, just looking for an excuse to vent really...

Not really sure what I did but I did an update on my FreeNAS and now it works! At least from my phone. I haven't tested a laptop yet, but it looks like I am now there. Maybe update your box and see if that helps.

LOL....awesome, congrats!

Mine is def up to date.......worked before update though. It's possible thats what broke mine. Hmmmm.....maybe Ill roll back previous version and give it a shot.

 

[JJT211]

Not really sure what I did but I did an update on my FreeNAS and now it works! At least from my phone. I haven't tested a laptop yet, but it looks like I am now there. Maybe update your box and see if that helps.

Wow, didnt realize there was another update! So after update, reconfigured jail and its working as good as ever.

I bet this update was to fix whatever got screwed up on the last one. Thats all it was though.

Anyways, im glad you finally got yours working. It appears we can finally conclude it was a FreeNAS issue.

 

[nello]

For some reason, tun0 increments to tun1, etc. when I restart the jail:

Code:

root@openvpn:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair2b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8<VLAN_MTU>
  ether 02:87:ab:00:0f:0b
  inet 10.10.49.12 netmask 0xffffff00 broadcast 10.10.49.255
  nd6 options=9<PERFORMNUD,IFDISABLED>
  media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
  status: active
tun4: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
  options=80000<LINKSTATE>
  nd6 options=9<PERFORMNUD,IFDISABLED>

And consequently, the OpenVPN service won't start:

Code:

root@openvpn:/ # service openvpn start
Starting openvpn.
ifconfig: interface tun0 does not exist
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn

What do I need to do to get the OpenVPN service to use whatever tun is available? Or, alternatively, how can I make sure that tun0 is always available?

 

[nello]

If Remote Client wants to ping Other Computer 10.0.0.40/24 …

On the diagram, Other Computer is 10.0.0.30/24

If everything goes right, it should see this output.

This line makes no sense; perhaps a word is missing?

 

[JJT211]

For some reason, tun0 increments to tun1, etc. when I restart the jail:

Code:

root@openvpn:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair2b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=8<VLAN_MTU>
  ether 02:87:ab:00:0f:0b
  inet 10.10.49.12 netmask 0xffffff00 broadcast 10.10.49.255
  nd6 options=9<PERFORMNUD,IFDISABLED>
  media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
  status: active
tun4: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
  options=80000<LINKSTATE>
  nd6 options=9<PERFORMNUD,IFDISABLED>

And consequently, the OpenVPN service won't start:

Code:

root@openvpn:/ # service openvpn start
Starting openvpn.
ifconfig: interface tun0 does not exist
/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn

What do I need to do to get the OpenVPN service to use whatever tun is available? Or, alternatively, how can I make sure that tun0 is always available?

This happenes to everyone

Tk change from tun1 to tun0

ifconfig tun1 name tun0

Youre gonna have to rename tun everytine you restart service. Read a few pages back. Alot has been discussed since your last posted here.

 

[nello]

… I had to add "key-direction 1" to the client configuration …

Adding key-direction isn't necessary if you uncomment, i.e., remove the '#' at the beginning of the line, this line of the client configuration:

Code:

#tls-auth auth.key 1

For more information about tls-auth, see https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-auth

 

[nello]

I hadn't considered the upgrading options, but that's as easy as just using pkg update. I'll include something about this in the future.

I don't see maintenance mentioned in your updated post.

I'm sure this just reflects my ignorance of Jails, but …

As FreeNAS is upgraded from 9.3 to 9.4, etc., how do we upgrade the Jail? This thread seems to indicate that there may be more to it than just running pkg update.