How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT

robles · Oct 7, 2014

Aw I just saw the first screenshot, yes it should be 10.8.0.0/24. I don't have the original diagram though, I'm sorry :(
Also, line 11 is optional, since the route is already in the IPFW configuration, there's no need to push it to the client again, but better safe than sorry.

kloon · Oct 9, 2014

Firstly I would like to thanks for your effort to write this guide. It work perfectly without any hassle. However, I have a problem when I restart the jail. The epair interface change randomly which caused the ipfw block my connection.

Any idea how to prevent the change of the epair interface even restart the jail?

robles · Oct 17, 2014

Hmm what are you doing with your jails? are you starting them manually? are you adding more?
FreeNAS assigns the jail's interface name as they are turned on, this usually doesn't change, but I think you could list the interfaces inside the jail using some script and modify your IPFW's preferences.

kloon · Oct 17, 2014

Yeah, I am playing around the jails by testing various plugin. And then when I restart the openvpn jails manually, the epair interface might change. I am not good in script but I will take your advice and try it out.

Thank you.

Goofball Jones · Nov 7, 2014

I'm new to FreeNAS, and haven't set up my server yet. I plan on reading this guide several times, but before I do, all I want to do is set up a VPN from my FreeNAS server, running Transmission, to my VPN provider...namely Mullvad. Is this the guide I want? Just scanning it, it looks more like you're setting up a VPN inside the server for you to access it from the outside? Or am I more lost than usual?

nello · Dec 17, 2014

Sorry to be such a noob.

But, I can't get bash installed. The error is:

Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.

Child process pid=15049 terminated abnormally: Abort trap: 6

Full context of the error message is below. I'm running FreeNAS-9.2.1.5-RELEASE-x64 (80c1d35) and additional information about my installation is in my signature.

Can anyone tell me how to get bash installed?

Thank you.

- nello

[admin@myNasName] /% sudo jexec 3 tcsh
root@openvpn:/ # pkg install bash
Updating repository catalogue
digests.txz 100% 2019KB 1.0MB/s 1.9MB/s 00:02
packagesite.txz 100% 5157KB 859.5KB/s 566.8KB/s 00:06
Incremental update completed, 23771 packages processed:
0 packages updated, 0 removed and 23771 added.
New version of pkg detected; it needs to be installed first.
The following 1 packages will be installed:

Upgrading pkg: 1.2.5 -> 1.4.0

The installation will require 936 kB more space

1 MB to be downloaded

Proceed with installing packages [y/N]: y
pkg-1.4.0.txz 100% 1972KB 985.8KB/s 1.9MB/s 00:02
Checking integrity... done

[1/1] Upgrading pkg from 1.2.5 to 1.4.0... done
If you are upgrading from the old package format, first run:

# pkg2ng
Updating FreeBSD repository catalogue...
pkg: Repo "FreeBSD" upgrade schema 2006 to 2007: Add conflicts and provides
pkg: Repo "FreeBSD" upgrade schema 2007 to 2008: Add FTS index
pkg: Repo "FreeBSD" upgrade schema 2008 to 2009: Optimize indicies
pkg: Repo "FreeBSD" upgrade schema 2009 to 2010: Add legacy digest field
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Updating database digests format: 100%

The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:

bash: 4.3.30_1
indexinfo: 0.2
gettext-runtime: 0.19.3

The process will require 7 MB more space.
1 MB to be downloaded.

Proceed with this action? [y/N]: y
[openvpn] Fetching bash-4.3.30_1.txz: 100% 1 MB 1.2M/s 00:01
[openvpn] Fetching indexinfo-0.2.txz: 100% 4 kB 4.8k/s 00:01
[openvpn] Fetching gettext-runtime-0.19.3.txz: 100% 144 kB 147.9k/s 00:01

Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.
Child process pid=15049 terminated abnormally: Abort trap: 6
root@openvpn:/ #

nello · Dec 17, 2014

nello said:
But, I can't get bash installed. The error is:

Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.

Child process pid=15049 terminated abnormally: Abort trap: 6

Problem (apparently) solved with:

pkg install gettext

nello · Dec 17, 2014

Posted too fast.

Still can't run bash:

[admin@myNasName] /% sudo jexec 3 bash
Password:
Shared object "libiconv.so.2" not found, required by "bash"

enemy85 · Dec 18, 2014

nello said:
Sorry to be such a noob.

But, I can't get bash installed. The error is:

Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.

Child process pid=15049 terminated abnormally: Abort trap: 6

Full context of the error message is below. I'm running FreeNAS-9.2.1.5-RELEASE-x64 (80c1d35) and additional information about my installation is in my signature.

Can anyone tell me how to get bash installed?

Thank you.

- nello

[admin@myNasName] /% sudo jexec 3 tcsh
root@openvpn:/ # pkg install bash
Updating repository catalogue
digests.txz 100% 2019KB 1.0MB/s 1.9MB/s 00:02
packagesite.txz 100% 5157KB 859.5KB/s 566.8KB/s 00:06
Incremental update completed, 23771 packages processed:
0 packages updated, 0 removed and 23771 added.
New version of pkg detected; it needs to be installed first.
The following 1 packages will be installed:

Upgrading pkg: 1.2.5 -> 1.4.0

The installation will require 936 kB more space

1 MB to be downloaded

Proceed with installing packages [y/N]: y
pkg-1.4.0.txz 100% 1972KB 985.8KB/s 1.9MB/s 00:02
Checking integrity... done

[1/1] Upgrading pkg from 1.2.5 to 1.4.0... done
If you are upgrading from the old package format, first run:

# pkg2ng
Updating FreeBSD repository catalogue...
pkg: Repo "FreeBSD" upgrade schema 2006 to 2007: Add conflicts and provides
pkg: Repo "FreeBSD" upgrade schema 2007 to 2008: Add FTS index
pkg: Repo "FreeBSD" upgrade schema 2008 to 2009: Optimize indicies
pkg: Repo "FreeBSD" upgrade schema 2009 to 2010: Add legacy digest field
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Updating database digests format: 100%

The following 3 packages will be affected (of 0 checked):

New packages to be INSTALLED:

bash: 4.3.30_1
indexinfo: 0.2
gettext-runtime: 0.19.3

The process will require 7 MB more space.
1 MB to be downloaded.

Proceed with this action? [y/N]: y
[openvpn] Fetching bash-4.3.30_1.txz: 100% 1 MB 1.2M/s 00:01
[openvpn] Fetching indexinfo-0.2.txz: 100% 4 kB 4.8k/s 00:01
[openvpn] Fetching gettext-runtime-0.19.3.txz: 100% 144 kB 147.9k/s 00:01

Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.
Child process pid=15049 terminated abnormally: Abort trap: 6
root@openvpn:/ #

i have the same problem, but with version 9.2.1.9 64 bit

EDIT_1:

after trying the "pkg install gettext" as @nello suggested, and getting his same error
Shared object "libiconv.so.2" not found, required by "bash"
i solved with pkg update, pkg fetch -u and pkg upgrade

nello · Dec 18, 2014

robles said:
Requirements

FreeNAS 9.2.1.6+

Perhaps my problem is that I'm running FreeNAS-9.2.1.5, which is below the stated requirements.

enemy85 · Dec 18, 2014

nello said:
Perhaps my problem is that I'm running FreeNAS-9.2.1.5, which is below the stated requirements.

well, i add the same problem with the 9.2.1.9 so that's not relevant FOR THIS PROBLEM....but i don't know for the future steps! ;)

nello · Dec 18, 2014

I upgraded to FreeNAS-9.3-STABLE-201412142326 and I'm still getting this error message when I try to install the bash package:

[openvpn] Fetching bash-4.3.30_1.txz: 100% 1 MB 1.2M/s 00:01
[openvpn] Fetching gettext-runtime-0.19.3.txz: 100% 144 kB 147.9k/s 00:01

Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.

Child process pid=20712 terminated abnormally: Abort trap: 6

Once again, you can see the context for the error message below.

Yes, I deleted the old jail and storage and created them anew after installing 9.3.

Thank you for your help.

[admin@myNasName] /% sudo jexec 2 tcsh

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

Password:
root@openvpn:/ # pkg install bash
Updating FreeBSD repository catalogue...
[openvpn] Fetching meta.txz: 100% 968 B 1.0k/s 00:01
[openvpn] Fetching digests.txz: 100% 2 MB 2.1M/s 00:01
[openvpn] Fetching packagesite.txz: 100% 5 MB 1.3M/s 00:04
Removing expired repository entries: 100%
Processing new repository entries: 100%
FreeBSD repository update completed. 23771 packages processed:
22790 updated, 723 removed and 975 added.
New version of pkg detected; it needs to be installed first.
The following 1 packages will be affected (of 0 checked):

Installed packages to be UPGRADED:

pkg: 1.3.7 -> 1.4.0

The operation will free 139 kB.
1 MB to be downloaded.

Proceed with this action? [y/N]: y
[openvpn] Fetching pkg-1.4.0.txz: 100% 1 MB 1.0M/s 00:02
Checking integrity... done (0 conflicting)
[openvpn] [1/1] Upgrading pkg from 1.3.7 to 1.4.0: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
The following 2 packages will be affected (of 0 checked):

New packages to be INSTALLED:

bash: 4.3.30_1
gettext-runtime: 0.19.3

The process will require 7 MB more space.

1 MB to be downloaded.

Proceed with this action? [y/N]: y
[openvpn] Fetching bash-4.3.30_1.txz: 100% 1 MB 1.2M/s 00:01
[openvpn] Fetching gettext-runtime-0.19.3.txz: 100% 144 kB 147.9k/s 00:01
Checking integrity...Assertion failed: (pkgdb_ensure_loaded(j->db, p2, PKG_LOAD_FILES|PKG_LOAD_DIRS) == EPKG_OK), function pkg_conflicts_need_conflict, file pkg_jobs_conflicts.c, line 211.

Child process pid=20712 terminated abnormally: Abort trap: 6

root@openvpn:/ #

enemy85 · Dec 18, 2014

try with
# pkg update
# pkg fetch -u
# pkg upgrade

and see if it goes

nello · Dec 18, 2014

enemy85 said:
try with
# pkg update
# pkg fetch -u
# pkg upgrade

and see if it goes

Yes, I followed your steps and the bash install completed with these messages:

root@openvpn:/ # pkg install bash
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
The following 1 packages will be affected (of 0 checked):

New packages to be INSTALLED:
bash: 4.3.30_1

The process will require 6 MB more space.

Proceed with this action? [y/N]: y
[openvpn] [1/1] Installing bash-4.3.30_1...
[openvpn] [1/1] Extracting bash-4.3.30_1: 100%
Message for bash-4.3.30_1:
======================================================================

bash requires fdescfs(5) mounted on /dev/fd

If you have not done it yet, please do the following:

mount -t fdescfs fdesc /dev/fd

To make it permanent, you need the following lines in /etc/fstab:

fdesc/dev/fdfdescfsrw00

======================================================================

root@openvpn:/ #
root@openvpn:/ #
root@openvpn:/ # exit
exit

As you can see, I ignored the bash message.

Nevertheless, re-entering the jail with a bash shell seems to work!

[admin@myNasName] /% sudo jexec 2 bash
Password:
[root@openvpn /]#

I don't know what your suggested pkg commands do, but they seem to have solved my problem.

Thank you.

nello · Dec 18, 2014

I created the certificates and firewall rules, but when I try to turn on the openVPN service, I get an error saying it's already running:

[root@openvpn /mnt/openvpn]# service openvpn start
openvpn already running? (pid=61704).
[root@openvpn /mnt/openvpn]#

How do I know if the openVPN service is really running? Does this telnet "Connection Refused" prove that it openVPN is listening and rejected the connection?

Descartes:~ nello$ telnet 10.10.49.12 443
Trying 10.10.49.12...
telnet: connect to address 10.10.49.12: Connection refused
telnet: Unable to connect to remote host

My openvpn.conf is below. My LAN is 10.10.49.x and I'm trying to create the VPN on 10.10.50.x. The Jail's IP address is 10.10.49.12

Thank you for your suggestions.

- nello

port 443
proto udp
dev tun
ca /mnt/openvpn/keys/ca.crt
cert /mnt/openvpn/keys/OctoberGroupVPN.crt
key /mnt/openvpn/keys/OctoberGroupVPN.key
dh /mnt/openvpn/keys/dh2048.pem
server 10.10.50.0 255.255.255.240
ifconfig-pool-persist ipp.txt
push "route 10.10.49.0 255.255.255.0"
route 10.10.49.12 255.255.255.0 10.10.50.1
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

robles · Dec 18, 2014

You can run ps aux to see if your openvpn instance is running:

[robles@nas] ~> sudo jexec 3 bash
[root@openvpn /]# ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 7360 0.0 0.0 12084 504 ?? IsJ 29Nov14 0:02.54 /usr/sbin/syslogd -s
root 7395 0.0 0.0 18288 2108 ?? SsJ 29Nov14 5:07.45 /usr/local/sbin/openvpn --cd /mnt/openvpn --daemon openvpn --config /mnt/openvpn/openvpn.conf --writepid /var/run/openvpn.pid
root 7421 0.0 0.0 14176 412 ?? SsJ 29Nov14 0:01.79 /usr/sbin/cron -s
root 83520 0.0 0.0 17480 2776 0 SJ 8:45PM 0:00.00 bash
root 83521 0.0 0.0 14220 1452 0 R+J 8:46PM 0:00.00 ps aux
[root@openvpn /]#

If you followed this guide, remember you won't be able to connect to your VPN from inside your local network since the client configuration will be looking for the 443 port from inside your network.

Also, the ol' way I test if a port is listening is to test it with netcat:
nc -vz nas.domain.com 443
Connection to nas.domain.com 443 port [tcp/ftp] succeeded!

nello · Dec 19, 2014

robles said:
You can run ps aux to see if your openvpn instance is running:

[robles@nas] ~> sudo jexec 3 bash
[root@openvpn /]# ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 7360 0.0 0.0 12084 504 ?? IsJ 29Nov14 0:02.54 /usr/sbin/syslogd -s
root 7395 0.0 0.0 18288 2108 ?? SsJ 29Nov14 5:07.45 /usr/local/sbin/openvpn --cd /mnt/openvpn --daemon openvpn --config /mnt/openvpn/openvpn.conf --writepid /var/run/openvpn.pid
root 7421 0.0 0.0 14176 412 ?? SsJ 29Nov14 0:01.79 /usr/sbin/cron -s
root 83520 0.0 0.0 17480 2776 0 SJ 8:45PM 0:00.00 bash
root 83521 0.0 0.0 14220 1452 0 R+J 8:46PM 0:00.00 ps aux
[root@openvpn /]#

I see openvpn in the list of running processes, but it doesn't have the command string parameters (--cd /mnt/openvpn --daemon openvpn --config /mnt/openvpn/openvpn.conf --writepid /var/run/openvpn.pid) that yours has.

[root@openvpn /]# ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 61669 0.0 0.0 12092 1880 ?? SsJ 5:49PM 0:00.15 /usr/sbin/syslogd -s
root 61704 0.0 0.0 18296 4460 ?? SsJ 5:49PM 0:00.24 /usr/local/sbin/openvp
root 61732 0.0 0.0 14188 1856 ?? IsJ 5:49PM 0:00.16 /usr/sbin/cron -s
root 14999 0.0 0.0 17488 3096 0 SJ 9:15AM 0:00.01 bash
root 15001 0.0 0.0 16300 1812 0 R+J 9:15AM 0:00.00 ps aux
[root@openvpn /]#

Is the lack of parameters a problem? Apparently openvpn starts when its Jail starts. (I can't
sudo jexec … into the Jail unless it's running.)

robles said:
If you followed this guide, remember you won't be able to connect to your VPN from inside your local network since the client configuration will be looking for the 443 port from inside your network.

Yes, I saw that your guide uses port forwarding to map a different internal/external port numbers.

But I don't understand the need for having a different ports inside vs. outside. You mention that it is for "security" and you give an example of using port forwarding so that SSH uses an obscure WAN port (9088). But, in your OpenVPN server configuration, you have the obscure port (10011) on the LAN side and the common port for HTTPS (443) on the WAN side. Why do you put the common port on the WAN? I would have thought that you'd want to follow your SSH example and put the obscure port on the WAN.

robles said:
Also, the ol' way I test if a port is listening is to test it with netcat:
nc -vz nas.domain.com 443
Connection to nas.domain.com 443 port [tcp/ftp] succeeded!

Apparently openvpn is not listening for connections:

Descartes:~ nello$ nc -vz 10.10.49.12 443
nc: connectx to 10.10.49.12 port 443 (tcp) failed: Connection refused
Descartes:~ nello$

So I guess that I OpenVPN didn't start (correctly).

Can you give me a clue on starting OpenVPN?

Thank you.

- nello

nello · Dec 19, 2014

I changed the verbosity to 5 and tried running openvpn with the config parameter; I get the error below:

[root@openvpn /]# openvpn --config /mnt/openvpn/openvpn.conf
…
Fri Dec 19 15:24:39 2014 us=661200 OpenVPN 2.3.6 amd64-portbld-freebsd9.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 3 2014
Fri Dec 19 15:24:39 2014 us=661244 library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.08
Fri Dec 19 15:24:39 2014 us=696916 Diffie-Hellman initialized with 2048 bit key
Fri Dec 19 15:24:39 2014 us=698213 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 19 15:24:39 2014 us=698277 Socket Buffers: R=[42080->65536] S=[9216->65536]
Fri Dec 19 15:24:39 2014 us=698323 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Fri Dec 19 15:24:39 2014 us=698341 Exiting due to fatal error
[root@openvpn /]#

(See below for all lines I omitted with "…".)

How can I tell the Socket bind that failed; what are the IP address and port?

Thank you.

- nello

[root@openvpn /]# openvpn --config /mnt/openvpn/openvpn.conf
Fri Dec 19 15:24:39 2014 us=655499 Current Parameter Settings:
Fri Dec 19 15:24:39 2014 us=656190 config = '/mnt/openvpn/openvpn.conf'
Fri Dec 19 15:24:39 2014 us=656218 mode = 1
Fri Dec 19 15:24:39 2014 us=656241 show_ciphers = DISABLED
Fri Dec 19 15:24:39 2014 us=656261 show_digests = DISABLED
Fri Dec 19 15:24:39 2014 us=656281 show_engines = DISABLED
Fri Dec 19 15:24:39 2014 us=656301 genkey = DISABLED
Fri Dec 19 15:24:39 2014 us=656322 key_pass_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=656342 show_tls_ciphers = DISABLED
Fri Dec 19 15:24:39 2014 us=656363 Connection profiles [default]:
Fri Dec 19 15:24:39 2014 us=656384 proto = udp
Fri Dec 19 15:24:39 2014 us=656404 local = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=656425 local_port = 443
Fri Dec 19 15:24:39 2014 us=656444 remote = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=656465 remote_port = 443
Fri Dec 19 15:24:39 2014 us=656485 remote_float = DISABLED
Fri Dec 19 15:24:39 2014 us=656512 bind_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=656532 bind_local = ENABLED
Fri Dec 19 15:24:39 2014 us=656552 connect_retry_seconds = 5
Fri Dec 19 15:24:39 2014 us=656573 connect_timeout = 10
Fri Dec 19 15:24:39 2014 us=656593 connect_retry_max = 0
Fri Dec 19 15:24:39 2014 us=656614 socks_proxy_server = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=656634 socks_proxy_port = 0
Fri Dec 19 15:24:39 2014 us=656655 socks_proxy_retry = DISABLED
Fri Dec 19 15:24:39 2014 us=656675 tun_mtu = 1500
Fri Dec 19 15:24:39 2014 us=656696 tun_mtu_defined = ENABLED
Fri Dec 19 15:24:39 2014 us=656742 link_mtu = 1500
Fri Dec 19 15:24:39 2014 us=656768 link_mtu_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=656788 tun_mtu_extra = 0
Fri Dec 19 15:24:39 2014 us=656809 tun_mtu_extra_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=656830 mtu_discover_type = -1
Fri Dec 19 15:24:39 2014 us=656852 fragment = 0
Fri Dec 19 15:24:39 2014 us=656873 mssfix = 1450
Fri Dec 19 15:24:39 2014 us=656898 explicit_exit_notification = 0
Fri Dec 19 15:24:39 2014 us=656919 Connection profiles END
Fri Dec 19 15:24:39 2014 us=656939 remote_random = DISABLED
Fri Dec 19 15:24:39 2014 us=656960 ipchange = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=656980 dev = 'tun'
Fri Dec 19 15:24:39 2014 us=657001 dev_type = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657021 dev_node = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657042 lladdr = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657082 topology = 1
Fri Dec 19 15:24:39 2014 us=657102 tun_ipv6 = DISABLED
Fri Dec 19 15:24:39 2014 us=657123 ifconfig_local = '10.10.50.1'
Fri Dec 19 15:24:39 2014 us=657149 ifconfig_remote_netmask = '10.10.50.2'
Fri Dec 19 15:24:39 2014 us=657170 ifconfig_noexec = DISABLED
Fri Dec 19 15:24:39 2014 us=657190 ifconfig_nowarn = DISABLED
Fri Dec 19 15:24:39 2014 us=657224 ifconfig_ipv6_local = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657248 ifconfig_ipv6_netbits = 0
Fri Dec 19 15:24:39 2014 us=657269 ifconfig_ipv6_remote = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657290 shaper = 0
Fri Dec 19 15:24:39 2014 us=657310 mtu_test = 0
Fri Dec 19 15:24:39 2014 us=657330 mlock = DISABLED
Fri Dec 19 15:24:39 2014 us=657350 keepalive_ping = 10
Fri Dec 19 15:24:39 2014 us=657374 keepalive_timeout = 120
Fri Dec 19 15:24:39 2014 us=657396 inactivity_timeout = 0
Fri Dec 19 15:24:39 2014 us=657416 ping_send_timeout = 10
Fri Dec 19 15:24:39 2014 us=657436 ping_rec_timeout = 240
Fri Dec 19 15:24:39 2014 us=657457 ping_rec_timeout_action = 2
Fri Dec 19 15:24:39 2014 us=657478 ping_timer_remote = DISABLED
Fri Dec 19 15:24:39 2014 us=657498 remap_sigusr1 = 0
Fri Dec 19 15:24:39 2014 us=657519 persist_tun = ENABLED
Fri Dec 19 15:24:39 2014 us=657539 persist_local_ip = DISABLED
Fri Dec 19 15:24:39 2014 us=657560 persist_remote_ip = DISABLED
Fri Dec 19 15:24:39 2014 us=657581 persist_key = ENABLED
Fri Dec 19 15:24:39 2014 us=657601 passtos = DISABLED
Fri Dec 19 15:24:39 2014 us=657622 resolve_retry_seconds = 1000000000
Fri Dec 19 15:24:39 2014 us=657643 username = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657663 groupname = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657685 chroot_dir = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657781 cd_dir = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657849 writepid = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657874 up_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657896 down_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=657916 down_pre = DISABLED
Fri Dec 19 15:24:39 2014 us=657935 up_restart = DISABLED
Fri Dec 19 15:24:39 2014 us=657955 up_delay = DISABLED
Fri Dec 19 15:24:39 2014 us=657974 daemon = DISABLED
Fri Dec 19 15:24:39 2014 us=657994 inetd = 0
Fri Dec 19 15:24:39 2014 us=658015 log = DISABLED
Fri Dec 19 15:24:39 2014 us=658035 suppress_timestamps = DISABLED
Fri Dec 19 15:24:39 2014 us=658055 nice = 0
Fri Dec 19 15:24:39 2014 us=658075 verbosity = 5
Fri Dec 19 15:24:39 2014 us=658095 mute = 0
Fri Dec 19 15:24:39 2014 us=658114 gremlin = 0
Fri Dec 19 15:24:39 2014 us=658134 status_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658175 status_file_version = 1
Fri Dec 19 15:24:39 2014 us=658198 status_file_update_freq = 60
Fri Dec 19 15:24:39 2014 us=658218 occ = ENABLED
Fri Dec 19 15:24:39 2014 us=658238 rcvbuf = 65536
Fri Dec 19 15:24:39 2014 us=658259 sndbuf = 65536
Fri Dec 19 15:24:39 2014 us=658279 sockflags = 0
Fri Dec 19 15:24:39 2014 us=658299 fast_io = DISABLED
Fri Dec 19 15:24:39 2014 us=658319 lzo = 7
Fri Dec 19 15:24:39 2014 us=658339 route_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658359 route_default_gateway = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658380 route_default_metric = 0
Fri Dec 19 15:24:39 2014 us=658400 route_noexec = DISABLED
Fri Dec 19 15:24:39 2014 us=658420 route_delay = 0
Fri Dec 19 15:24:39 2014 us=658439 route_delay_window = 30
Fri Dec 19 15:24:39 2014 us=658460 route_delay_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=658480 route_nopull = DISABLED
Fri Dec 19 15:24:39 2014 us=658501 route_gateway_via_dhcp = DISABLED
Fri Dec 19 15:24:39 2014 us=658521 max_routes = 100
Fri Dec 19 15:24:39 2014 us=658541 allow_pull_fqdn = DISABLED
Fri Dec 19 15:24:39 2014 us=658564 route 10.10.49.12/255.255.255.0/10.10.50.1/nil
Fri Dec 19 15:24:39 2014 us=658586 route 10.10.50.0/255.255.255.240/nil/nil
Fri Dec 19 15:24:39 2014 us=658607 management_addr = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658627 management_port = 0
Fri Dec 19 15:24:39 2014 us=658647 management_user_pass = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658667 management_log_history_cache = 250
Fri Dec 19 15:24:39 2014 us=658687 management_echo_buffer_size = 100
Fri Dec 19 15:24:39 2014 us=658708 management_write_peer_info_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658729 management_client_user = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658750 management_client_group = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658770 management_flags = 0
Fri Dec 19 15:24:39 2014 us=658790 shared_secret_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=658810 key_direction = 0
Fri Dec 19 15:24:39 2014 us=658831 ciphername_defined = ENABLED
Fri Dec 19 15:24:39 2014 us=658851 ciphername = 'BF-CBC'
Fri Dec 19 15:24:39 2014 us=658871 authname_defined = ENABLED
Fri Dec 19 15:24:39 2014 us=658892 authname = 'SHA1'
Fri Dec 19 15:24:39 2014 us=658912 prng_hash = 'SHA1'
Fri Dec 19 15:24:39 2014 us=658932 prng_nonce_secret_len = 16
Fri Dec 19 15:24:39 2014 us=658952 keysize = 0
Fri Dec 19 15:24:39 2014 us=658972 engine = DISABLED
Fri Dec 19 15:24:39 2014 us=658992 replay = ENABLED
Fri Dec 19 15:24:39 2014 us=659012 mute_replay_warnings = DISABLED
Fri Dec 19 15:24:39 2014 us=659032 replay_window = 64
Fri Dec 19 15:24:39 2014 us=659052 replay_time = 15
Fri Dec 19 15:24:39 2014 us=659072 packet_id_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659092 use_iv = ENABLED
Fri Dec 19 15:24:39 2014 us=659112 test_crypto = DISABLED
Fri Dec 19 15:24:39 2014 us=659133 tls_server = ENABLED
Fri Dec 19 15:24:39 2014 us=659162 tls_client = DISABLED
Fri Dec 19 15:24:39 2014 us=659182 key_method = 2
Fri Dec 19 15:24:39 2014 us=659203 ca_file = '/mnt/openvpn/keys/ca.crt'
Fri Dec 19 15:24:39 2014 us=659223 ca_path = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659242 dh_file = '/mnt/openvpn/keys/dh2048.pem'
Fri Dec 19 15:24:39 2014 us=659263 cert_file = '/mnt/openvpn/keys/OctoberGroupVPN.crt'
Fri Dec 19 15:24:39 2014 us=659284 priv_key_file = '/mnt/openvpn/keys/OctoberGroupVPN.key'
Fri Dec 19 15:24:39 2014 us=659304 pkcs12_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659324 cipher_list = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659346 tls_verify = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659366 tls_export_cert = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659387 verify_x509_type = 0
Fri Dec 19 15:24:39 2014 us=659408 verify_x509_name = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659428 crl_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659447 ns_cert_type = 0
Fri Dec 19 15:24:39 2014 us=659468 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659488 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659507 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659528 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659547 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659568 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659590 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659610 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659629 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659649 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659669 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659690 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659711 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659730 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659749 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659770 remote_cert_ku = 0
Fri Dec 19 15:24:39 2014 us=659790 remote_cert_eku = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=659810 ssl_flags = 0
Fri Dec 19 15:24:39 2014 us=659829 tls_timeout = 2
Fri Dec 19 15:24:39 2014 us=659850 renegotiate_bytes = 0
Fri Dec 19 15:24:39 2014 us=659870 renegotiate_packets = 0
Fri Dec 19 15:24:39 2014 us=659890 renegotiate_seconds = 3600
Fri Dec 19 15:24:39 2014 us=659910 handshake_window = 60
Fri Dec 19 15:24:39 2014 us=659929 transition_window = 3600
Fri Dec 19 15:24:39 2014 us=659949 single_session = DISABLED
Fri Dec 19 15:24:39 2014 us=659970 push_peer_info = DISABLED
Fri Dec 19 15:24:39 2014 us=659989 tls_exit = DISABLED
Fri Dec 19 15:24:39 2014 us=660009 tls_auth_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=660036 server_network = 10.10.50.0
Fri Dec 19 15:24:39 2014 us=660061 server_netmask = 255.255.255.240
Fri Dec 19 15:24:39 2014 us=660098 server_network_ipv6 = ::
Fri Dec 19 15:24:39 2014 us=660119 server_netbits_ipv6 = 0
Fri Dec 19 15:24:39 2014 us=660143 server_bridge_ip = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660193 server_bridge_netmask = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660221 server_bridge_pool_start = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660244 server_bridge_pool_end = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660264 push_entry = 'route 10.10.49.0 255.255.255.0'
Fri Dec 19 15:24:39 2014 us=660285 push_entry = 'route 10.10.50.1'
Fri Dec 19 15:24:39 2014 us=660306 push_entry = 'topology net30'
Fri Dec 19 15:24:39 2014 us=660326 push_entry = 'ping 10'
Fri Dec 19 15:24:39 2014 us=660347 push_entry = 'ping-restart 120'
Fri Dec 19 15:24:39 2014 us=660368 ifconfig_pool_defined = ENABLED
Fri Dec 19 15:24:39 2014 us=660391 ifconfig_pool_start = 10.10.50.4
Fri Dec 19 15:24:39 2014 us=660414 ifconfig_pool_end = 10.10.50.11
Fri Dec 19 15:24:39 2014 us=660437 ifconfig_pool_netmask = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660458 ifconfig_pool_persist_filename = 'ipp.txt'
Fri Dec 19 15:24:39 2014 us=660479 ifconfig_pool_persist_refresh_freq = 600
Fri Dec 19 15:24:39 2014 us=660499 ifconfig_ipv6_pool_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=660521 ifconfig_ipv6_pool_base = ::
Fri Dec 19 15:24:39 2014 us=660542 ifconfig_ipv6_pool_netbits = 0
Fri Dec 19 15:24:39 2014 us=660562 n_bcast_buf = 256
Fri Dec 19 15:24:39 2014 us=660582 tcp_queue_limit = 64
Fri Dec 19 15:24:39 2014 us=660602 real_hash_size = 256
Fri Dec 19 15:24:39 2014 us=660622 virtual_hash_size = 256
Fri Dec 19 15:24:39 2014 us=660643 client_connect_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=660664 learn_address_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=660684 client_disconnect_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=660705 client_config_dir = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=660725 ccd_exclusive = DISABLED
Fri Dec 19 15:24:39 2014 us=660746 tmp_dir = '/tmp'
Fri Dec 19 15:24:39 2014 us=660766 push_ifconfig_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=660789 push_ifconfig_local = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660812 push_ifconfig_remote_netmask = 0.0.0.0
Fri Dec 19 15:24:39 2014 us=660833 push_ifconfig_ipv6_defined = DISABLED
Fri Dec 19 15:24:39 2014 us=660856 push_ifconfig_ipv6_local = ::/0
Fri Dec 19 15:24:39 2014 us=660878 push_ifconfig_ipv6_remote = ::
Fri Dec 19 15:24:39 2014 us=660898 enable_c2c = DISABLED
Fri Dec 19 15:24:39 2014 us=660919 duplicate_cn = DISABLED
Fri Dec 19 15:24:39 2014 us=660939 cf_max = 0
Fri Dec 19 15:24:39 2014 us=660958 cf_per = 0
Fri Dec 19 15:24:39 2014 us=660978 max_clients = 1024
Fri Dec 19 15:24:39 2014 us=660998 max_routes_per_client = 256
Fri Dec 19 15:24:39 2014 us=661019 auth_user_pass_verify_script = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=661039 auth_user_pass_verify_script_via_file = DISABLED
Fri Dec 19 15:24:39 2014 us=661060 port_share_host = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=661084 port_share_port = 0
Fri Dec 19 15:24:39 2014 us=661103 client = DISABLED
Fri Dec 19 15:24:39 2014 us=661123 pull = DISABLED
Fri Dec 19 15:24:39 2014 us=661144 auth_user_pass_file = '[UNDEF]'
Fri Dec 19 15:24:39 2014 us=661200 OpenVPN 2.3.6 amd64-portbld-freebsd9.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 3 2014
Fri Dec 19 15:24:39 2014 us=661244 library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.08
Fri Dec 19 15:24:39 2014 us=696916 Diffie-Hellman initialized with 2048 bit key
Fri Dec 19 15:24:39 2014 us=698213 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Dec 19 15:24:39 2014 us=698277 Socket Buffers: R=[42080->65536] S=[9216->65536]
Fri Dec 19 15:24:39 2014 us=698323 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Fri Dec 19 15:24:39 2014 us=698341 Exiting due to fatal error
[root@openvpn /]#

robles · Dec 20, 2014

Addressing your previous question, I used the 443 port because lots of firewalls block every port except mail (25, 587) and web (80, 443). This way I can connect to my VPN sending raw data from a client even though it may be behind a firewall.

Seeing your logs, it seems like the instance is running but can't bind to a local port socket. OpenVPN runs at boot, so you need to kill your running instance to see the logs printed to your screen. Try killing it with kill -9 [pid].

If it still can't bind a socket, it may be because it's unable to create the tun interface. Use ifconfig to check if it has been created by the OpenVPN instance, it should list your server's IP: 10.10.50.1. Also check your Jails' configuration to see if your local epair matches the configuration pool.

If your tunnel interface wasn't created (you can't see your tun interface), check this FreeBSD Diary article on creating a routed VPN.

Hope this helps!

nello · Dec 20, 2014

robles said:
I used the 443 port because lots of firewalls block every port except mail (25, 587) and web (80, 443). This way I can connect to my VPN sending raw data from a client even though it may be behind a firewall.

Yes, the external port of 443 makes perfect sense to me. But, why forward it to 10011 behind your router? What is the advantage of using a different port behind your router when the port in front of the router is a well-known one?

robles said:
Try killing it with kill -9 [pid].

I killed the instance and rebooted; the service seems to have started with the correct parameters now:

[root@openvpn /var/log]# ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 6332 0.0 0.0 12092 1872 ?? SsJ 4:10PM 0:00.01 /usr/sbin/syslogd -s
root 6367 0.0 0.0 18296 4172 ?? SsJ 4:10PM 0:00.00 /usr/local/sbin/openvpn --cd /mnt/openvpn --daemon openvpn --config /mnt/op
root 6395 0.0 0.0 14188 1872 ?? IsJ 4:10PM 0:00.00 /usr/sbin/cron -s
root 7533 0.0 0.0 17488 2944 0 SJ 4:14PM 0:00.01 bash
root 7951 0.0 0.0 16300 1812 0 R+J 4:21PM 0:00.00 ps aux
[root@openvpn /var/log]#

Unfortunately, my server log still shows an error; see below for a full listing of the log at verbosity 5:

OpenVPN 2.3.6 amd64-portbld-freebsd9.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 3 2014
library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.08
Diffie-Hellman initialized with 2048 bit key
TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[42080->65536] S=[9216->65536]
ROUTE_GATEWAY 10.10.49.1
TUN/TAP device /dev/tun0 opened
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
/sbin/ifconfig tun0 10.10.50.1 10.10.50.2 mtu 1500 netmask 255.255.255.255 up
/sbin/route add -net 10.10.49.12 10.10.50.1 255.255.255.0
ERROR: FreeBSD route add command failed: external program exited with error status: 1
/sbin/route add -net 10.10.50.0 10.10.50.2 255.255.255.240
Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
openvpn[6367]: UDPv4 link local (bound): [undef]
openvpn[6367]: UDPv4 link remote: [undef]
openvpn[6367]: MULTI: multi_init called, r=256 v=256
openvpn[6367]: IFCONFIG POOL: base=10.10.50.4 size=2, ipv6=0
openvpn[6367]: IFCONFIG POOL LIST
openvpn[6367]: Initialization Sequence Completed

And apparently OpenVPN is NOT listening on port 443 as it should:

Descartes:~ nello$ nc -vz 10.10.49.12 443
nc: connectx to 10.10.49.12 port 443 (tcp) failed: Connection refused

robles said:
If it still can't bind a socket, it may be because it's unable to create the tun interface. Use ifconfig to check if it has been created by the OpenVPN instance, it should list your server's IP: 10.10.50.1. Also check your Jails' configuration to see if your local epair matches the configuration pool.

If your tunnel interface wasn't created (you can't see your tun interface), check this FreeBSD Diary article on creating a routed VPN.

I'm sorry but I'm such a noob that I don't know the ipconifg command(s) to use; maybe this is what you're asking me to do:

[root@openvpn /]# ifconfig

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:48:d7:00:0f:0b
inet 10.10.49.12 netmask 0xffffff00 broadcast 10.10.49.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.10.50.1 --> 10.10.50.2 netmask 0xffffffff
nd6 options=9<PERFORMNUD,IFDISABLED>
Opened by PID 6363

[root@openvpn /]#

So, it looks like the tun interface was created.

Thank you again for your suggestions. Perhaps you have another idea why I'm getting an error when the OpenVPN service starts.

- nello

OpenVPN Server Log Messages

[root@openvpn /]# cat /var/log/messages
Dec 20 16:10:09 openvpn syslogd: kernel boot file is /boot/kernel/kernel
Dec 20 16:10:09 openvpn openvpn[6363]: Current Parameter Settings:
Dec 20 16:10:09 openvpn openvpn[6363]: config = '/mnt/openvpn/openvpn.conf'
Dec 20 16:10:09 openvpn openvpn[6363]: mode = 1
Dec 20 16:10:09 openvpn openvpn[6363]: show_ciphers = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: show_digests = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: show_engines = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: genkey = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: key_pass_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: show_tls_ciphers = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: Connection profiles [default]:
Dec 20 16:10:09 openvpn openvpn[6363]: proto = udp
Dec 20 16:10:09 openvpn openvpn[6363]: local = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: local_port = 443
Dec 20 16:10:09 openvpn openvpn[6363]: remote = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: remote_port = 443
Dec 20 16:10:09 openvpn openvpn[6363]: remote_float = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: bind_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: bind_local = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: connect_retry_seconds = 5
Dec 20 16:10:09 openvpn openvpn[6363]: connect_timeout = 10
Dec 20 16:10:09 openvpn openvpn[6363]: connect_retry_max = 0
Dec 20 16:10:09 openvpn openvpn[6363]: socks_proxy_server = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: socks_proxy_port = 0
Dec 20 16:10:09 openvpn openvpn[6363]: socks_proxy_retry = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tun_mtu = 1500
Dec 20 16:10:09 openvpn openvpn[6363]: tun_mtu_defined = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: link_mtu = 1500
Dec 20 16:10:09 openvpn openvpn[6363]: link_mtu_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tun_mtu_extra = 0
Dec 20 16:10:09 openvpn openvpn[6363]: tun_mtu_extra_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: mtu_discover_type = -1
Dec 20 16:10:09 openvpn openvpn[6363]: fragment = 0
Dec 20 16:10:09 openvpn openvpn[6363]: mssfix = 1450
Dec 20 16:10:09 openvpn openvpn[6363]: explicit_exit_notification = 0
Dec 20 16:10:09 openvpn openvpn[6363]: Connection profiles END
Dec 20 16:10:09 openvpn openvpn[6363]: remote_random = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ipchange = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: dev = 'tun'
Dec 20 16:10:09 openvpn openvpn[6363]: dev_type = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: dev_node = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: lladdr = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: topology = 1
Dec 20 16:10:09 openvpn openvpn[6363]: tun_ipv6 = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_local = '10.10.50.1'
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_remote_netmask = '10.10.50.2'
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_noexec = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_nowarn = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_ipv6_local = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_ipv6_netbits = 0
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_ipv6_remote = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: shaper = 0
Dec 20 16:10:09 openvpn openvpn[6363]: mtu_test = 0
Dec 20 16:10:09 openvpn openvpn[6363]: mlock = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: keepalive_ping = 10
Dec 20 16:10:09 openvpn openvpn[6363]: keepalive_timeout = 120
Dec 20 16:10:09 openvpn openvpn[6363]: inactivity_timeout = 0
Dec 20 16:10:09 openvpn openvpn[6363]: ping_send_timeout = 10
Dec 20 16:10:09 openvpn openvpn[6363]: ping_rec_timeout = 240
Dec 20 16:10:09 openvpn openvpn[6363]: ping_rec_timeout_action = 2
Dec 20 16:10:09 openvpn openvpn[6363]: ping_timer_remote = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: remap_sigusr1 = 0
Dec 20 16:10:09 openvpn openvpn[6363]: persist_tun = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: persist_local_ip = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: persist_remote_ip = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: persist_key = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: passtos = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: resolve_retry_seconds = 1000000000
Dec 20 16:10:09 openvpn openvpn[6363]: username = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: groupname = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: chroot_dir = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: cd_dir = '/mnt/openvpn'
Dec 20 16:10:09 openvpn openvpn[6363]: writepid = '/var/run/openvpn.pid'
Dec 20 16:10:09 openvpn openvpn[6363]: up_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: down_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: down_pre = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: up_restart = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: up_delay = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: daemon = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: inetd = 0
Dec 20 16:10:09 openvpn openvpn[6363]: log = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: suppress_timestamps = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: nice = 0
Dec 20 16:10:09 openvpn openvpn[6363]: verbosity = 5
Dec 20 16:10:09 openvpn openvpn[6363]: mute = 0
Dec 20 16:10:09 openvpn openvpn[6363]: gremlin = 0
Dec 20 16:10:09 openvpn openvpn[6363]: status_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: status_file_version = 1
Dec 20 16:10:09 openvpn openvpn[6363]: status_file_update_freq = 60
Dec 20 16:10:09 openvpn openvpn[6363]: occ = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: rcvbuf = 65536
Dec 20 16:10:09 openvpn openvpn[6363]: sndbuf = 65536
Dec 20 16:10:09 openvpn openvpn[6363]: sockflags = 0
Dec 20 16:10:09 openvpn openvpn[6363]: fast_io = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: lzo = 7
Dec 20 16:10:09 openvpn openvpn[6363]: route_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: route_default_gateway = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: route_default_metric = 0
Dec 20 16:10:09 openvpn openvpn[6363]: route_noexec = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: route_delay = 0
Dec 20 16:10:09 openvpn openvpn[6363]: route_delay_window = 30
Dec 20 16:10:09 openvpn openvpn[6363]: route_delay_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: route_nopull = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: route_gateway_via_dhcp = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: max_routes = 100
Dec 20 16:10:09 openvpn openvpn[6363]: allow_pull_fqdn = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: route 10.10.49.12/255.255.255.0/10.10.50.1/nil
Dec 20 16:10:09 openvpn openvpn[6363]: route 10.10.50.0/255.255.255.240/nil/nil
Dec 20 16:10:09 openvpn openvpn[6363]: management_addr = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: management_port = 0
Dec 20 16:10:09 openvpn openvpn[6363]: management_user_pass = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: management_log_history_cache = 250
Dec 20 16:10:09 openvpn openvpn[6363]: management_echo_buffer_size = 100
Dec 20 16:10:09 openvpn openvpn[6363]: management_write_peer_info_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: management_client_user = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: management_client_group = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: management_flags = 0
Dec 20 16:10:09 openvpn openvpn[6363]: shared_secret_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: key_direction = 0
Dec 20 16:10:09 openvpn openvpn[6363]: ciphername_defined = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ciphername = 'BF-CBC'
Dec 20 16:10:09 openvpn openvpn[6363]: authname_defined = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: authname = 'SHA1'
Dec 20 16:10:09 openvpn openvpn[6363]: prng_hash = 'SHA1'
Dec 20 16:10:09 openvpn openvpn[6363]: prng_nonce_secret_len = 16
Dec 20 16:10:09 openvpn openvpn[6363]: keysize = 0
Dec 20 16:10:09 openvpn openvpn[6363]: engine = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: replay = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: mute_replay_warnings = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: replay_window = 64
Dec 20 16:10:09 openvpn openvpn[6363]: replay_time = 15
Dec 20 16:10:09 openvpn openvpn[6363]: packet_id_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: use_iv = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: test_crypto = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tls_server = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tls_client = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: key_method = 2
Dec 20 16:10:09 openvpn openvpn[6363]: ca_file = '/mnt/openvpn/keys/ca.crt'
Dec 20 16:10:09 openvpn openvpn[6363]: ca_path = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: dh_file = '/mnt/openvpn/keys/dh2048.pem'
Dec 20 16:10:09 openvpn openvpn[6363]: cert_file = '/mnt/openvpn/keys/OctoberGroupVPN.crt'
Dec 20 16:10:09 openvpn openvpn[6363]: priv_key_file = '/mnt/openvpn/keys/OctoberGroupVPN.key'
Dec 20 16:10:09 openvpn openvpn[6363]: pkcs12_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: cipher_list = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: tls_verify = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: tls_export_cert = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: verify_x509_type = 0
Dec 20 16:10:09 openvpn openvpn[6363]: verify_x509_name = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: crl_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: ns_cert_type = 0
Dec 20 16:10:09 openvpn openvpn[6363]: remote_cert_ku = 0
Dec 20 16:10:09 openvpn last message repeated 15 times
Dec 20 16:10:09 openvpn openvpn[6363]: remote_cert_eku = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: ssl_flags = 0
Dec 20 16:10:09 openvpn openvpn[6363]: tls_timeout = 2
Dec 20 16:10:09 openvpn openvpn[6363]: renegotiate_bytes = 0
Dec 20 16:10:09 openvpn openvpn[6363]: renegotiate_packets = 0
Dec 20 16:10:09 openvpn openvpn[6363]: renegotiate_seconds = 3600
Dec 20 16:10:09 openvpn openvpn[6363]: handshake_window = 60
Dec 20 16:10:09 openvpn openvpn[6363]: transition_window = 3600
Dec 20 16:10:09 openvpn openvpn[6363]: single_session = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: push_peer_info = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tls_exit = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tls_auth_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: server_network = 10.10.50.0
Dec 20 16:10:09 openvpn openvpn[6363]: server_netmask = 255.255.255.240
Dec 20 16:10:09 openvpn openvpn[6363]: server_network_ipv6 = ::
Dec 20 16:10:09 openvpn openvpn[6363]: server_netbits_ipv6 = 0
Dec 20 16:10:09 openvpn openvpn[6363]: server_bridge_ip = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: server_bridge_netmask = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: server_bridge_pool_start = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: server_bridge_pool_end = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: push_entry = 'route 10.10.49.0 255.255.255.0'
Dec 20 16:10:09 openvpn openvpn[6363]: push_entry = 'route 10.10.50.1'
Dec 20 16:10:09 openvpn openvpn[6363]: push_entry = 'topology net30'
Dec 20 16:10:09 openvpn openvpn[6363]: push_entry = 'ping 10'
Dec 20 16:10:09 openvpn openvpn[6363]: push_entry = 'ping-restart 120'
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_pool_defined = ENABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_pool_start = 10.10.50.4
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_pool_end = 10.10.50.11
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_pool_netmask = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_pool_persist_filename = 'ipp.txt'
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_pool_persist_refresh_freq = 600
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_ipv6_pool_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_ipv6_pool_base = ::
Dec 20 16:10:09 openvpn openvpn[6363]: ifconfig_ipv6_pool_netbits = 0
Dec 20 16:10:09 openvpn openvpn[6363]: n_bcast_buf = 256
Dec 20 16:10:09 openvpn openvpn[6363]: tcp_queue_limit = 64
Dec 20 16:10:09 openvpn openvpn[6363]: real_hash_size = 256
Dec 20 16:10:09 openvpn openvpn[6363]: virtual_hash_size = 256
Dec 20 16:10:09 openvpn openvpn[6363]: client_connect_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: learn_address_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: client_disconnect_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: client_config_dir = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: ccd_exclusive = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: tmp_dir = '/tmp'
Dec 20 16:10:09 openvpn openvpn[6363]: push_ifconfig_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: push_ifconfig_local = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: push_ifconfig_remote_netmask = 0.0.0.0
Dec 20 16:10:09 openvpn openvpn[6363]: push_ifconfig_ipv6_defined = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: push_ifconfig_ipv6_local = ::/0
Dec 20 16:10:09 openvpn openvpn[6363]: push_ifconfig_ipv6_remote = ::
Dec 20 16:10:09 openvpn openvpn[6363]: enable_c2c = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: duplicate_cn = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: cf_max = 0
Dec 20 16:10:09 openvpn openvpn[6363]: cf_per = 0
Dec 20 16:10:09 openvpn openvpn[6363]: max_clients = 1024
Dec 20 16:10:09 openvpn openvpn[6363]: max_routes_per_client = 256
Dec 20 16:10:09 openvpn openvpn[6363]: auth_user_pass_verify_script = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: auth_user_pass_verify_script_via_file = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: port_share_host = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: port_share_port = 0
Dec 20 16:10:09 openvpn openvpn[6363]: client = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: pull = DISABLED
Dec 20 16:10:09 openvpn openvpn[6363]: auth_user_pass_file = '[UNDEF]'
Dec 20 16:10:09 openvpn openvpn[6363]: OpenVPN 2.3.6 amd64-portbld-freebsd9.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 3 2014
Dec 20 16:10:09 openvpn openvpn[6363]: library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.08
Dec 20 16:10:09 openvpn openvpn[6363]: Diffie-Hellman initialized with 2048 bit key
Dec 20 16:10:09 openvpn openvpn[6363]: TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 20 16:10:09 openvpn openvpn[6363]: Socket Buffers: R=[42080->65536] S=[9216->65536]
Dec 20 16:10:09 openvpn openvpn[6363]: ROUTE_GATEWAY 10.10.49.1
Dec 20 16:10:09 openvpn openvpn[6363]: TUN/TAP device /dev/tun0 opened
Dec 20 16:10:09 openvpn openvpn[6363]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 20 16:10:09 openvpn openvpn[6363]: /sbin/ifconfig tun0 10.10.50.1 10.10.50.2 mtu 1500 netmask 255.255.255.255 up
Dec 20 16:10:09 openvpn openvpn[6363]: /sbin/route add -net 10.10.49.12 10.10.50.1 255.255.255.0
Dec 20 16:10:09 openvpn openvpn[6363]: ERROR: FreeBSD route add command failed: external program exited with error status: 1
Dec 20 16:10:09 openvpn openvpn[6363]: /sbin/route add -net 10.10.50.0 10.10.50.2 255.255.255.240
Dec 20 16:10:09 openvpn openvpn[6363]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 20 16:10:09 openvpn openvpn[6367]: UDPv4 link local (bound): [undef]
Dec 20 16:10:09 openvpn openvpn[6367]: UDPv4 link remote: [undef]
Dec 20 16:10:09 openvpn openvpn[6367]: MULTI: multi_init called, r=256 v=256
Dec 20 16:10:09 openvpn openvpn[6367]: IFCONFIG POOL: base=10.10.50.4 size=2, ipv6=0
Dec 20 16:10:09 openvpn openvpn[6367]: IFCONFIG POOL LIST
Dec 20 16:10:09 openvpn openvpn[6367]: Initialization Sequence Completed
[root@openvpn /]#

Important Announcement for the TrueNAS Community.

How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT

Explorer

Dabbler

Explorer

Dabbler

Cadet

Patron

Patron

Patron

Guru

Patron

Guru

Patron

Guru

Patron

Patron

Explorer

Patron

Patron

Explorer

Patron

Similar threads