Hey Robles!
Thanks for this great tutorial! Though isn't really up to date anymore with the new easyRSA and stuff, I did manage to get it working in my test environment.
I'll install it once more to verify my own documentation, after that I'll share it back to you, just in case you would be interested :)
EDIT: Finally I found some time to finish my blogpost, it can be found here:
http://blog.fritvet.be/2016/06/openvpn-in-freenas-jail.html
Any feedback is welcome.
And Robles, thanks again for this tutorial! I got it up and running within 2 weeks, I'm sure it would have taken me more then 1 month if this guide wasn't available!
Hi FritVetBE
I've been following your tutorial step by step. It's very well done!!! Congrats!! I'm a total newbie in terms of FN, FreeBSD and OpenVPN and I could do "almost" everything. But I'm stuck around the end of your process.
Just a few infos and differences:
1) my jail is called "OpenVPN" and where you wrote "OpenVPN-ACC" I corrected with my name
2) my jail IP is 192.168.1.77 and I corrected it where you wrote your IP
3) in the "openvpn_priv.conf" I supposed there was a typo in the "push" field and I wrote "route 192.168.1.0 255.255.255.0" (and not 192.168.1.10). Right?
4) I didn't know well where to create & edit the "/etc/rc.conf": I tried on both "/usr/local/etc/rc.conf" and "/usr/local/etc/openvpn/rc.conf".
But at the end of the day I have a different ipfw list. Here's mine:
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65535 allow ip from any to any
Where did I do wrong? As you said, I checked ipfw.rules and rc.conf files and they are ok. I also restarted (with onerestart) the ipfw service.
I'm here!... could you help me?
Thx
Michele