How to install OpenVPN inside a jail in FreeNAS 9.2.1.6+ with access to remote hosts via NAT

[OffHoursIT]

Your router's port 443 should be redirected to your jail's IP. Try poking the port from the outside internet using netcat to see if it connects, if it doesn't then something's wrong with your redirection. For that I use openbsd-netcat:

Code:

nc -vz -u 192.168.0.X 443

Replace X with your jail's IP address.

Also, have you rebooted your whole FreeNAS server?

I've run netcat and the port is reachable - see below.

C:\temp>nc64 -vz -u cdelatorre.dyndns.org 443
DNS fwd/rev mismatch: cdelatorre.dyndns.org != fl-66-86-138-251.dhcp.embarqhsd.net
cdelatorre.dyndns.org [66.86.138.251] 443 (https) open
​

At this point, I am at a loss. Thanks for your advice and patience.

 

[robles]

I've run netcat and the port is reachable - see below.

C:\temp>nc64 -vz -u cdelatorre.dyndns.org 443
DNS fwd/rev mismatch: cdelatorre.dyndns.org != fl-66-86-138-251.dhcp.embarqhsd.net
cdelatorre.dyndns.org [66.86.138.251] 443 (https) open
​

At this point, I am at a loss. Thanks for your advice and patience.

EDIT: Corrections were made to this post.

This seems to be a problem with OpenVPN then, have you changed the verbosity to 5 and running it manually?

 

[OffHoursIT]

Okay, I increased verbosity to 5 and rebooted my jail. I ran tail /var/log/messages again and saw the following towards the bottom.

Aug 23 12:15:29 openvpn openvpn[51839]: IFCONFIG POOL LIST
Aug 23 12:15:29 openvpn openvpn[51839]: Initialization Sequence Completed
Aug 23 12:17:33 openvpn openvpn[51839]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Aug 23 12:17:33 openvpn openvpn[51839]: TLS Error: incoming packet authentication failed from [AF_INET]71.43.122.158:51124
​

Hopefully this can provide some insight into the problem. Thanks again for all your help.

 

[OffHoursIT]

Okay good news! I did some research and found out the TLS Error I received can be resolved by changing the following statement in openvpn.conf

tls-auth /mnt/openvpn_storage/ta.key 0

changed to

tls-auth /mnt/openvpn_storage/ta.key​

Now I can get connected, however, I cannot ping any of the devices on my local network including a few freenas jails. Any thoughts?

 

[robles]

Okay good news! I did some research and found out the TLS Error I received can be resolved by changing the following statement in openvpn.conf

tls-auth /mnt/openvpn_storage/ta.key 0

changed to

tls-auth /mnt/openvpn_storage/ta.key​

Now I can get connected, however, I cannot ping any of the devices on my local network including a few freenas jails. Any thoughts?

Can you ping your OpenVPN server remotely?

Code:

ping 172.16.8.1

If not, reboot your FreeNAS server, not just your jail.

 

[Michele Lombardo]

Dear all,
thanks to your guide I could setup my VPN and I could access from anywhere with my iPhone using OpenVPN app. A few weeks ago I started working on having access from my Mac. I'm really becoming CRAZY!!!! I've been tried all OpenVPN clients out there, free and not free... using exactly the same ca/crt/key that I'm successfully using on my iPhone... well all Mac clients can connect but NOTHING MORE!!! I can't see and use any remote service.
What am I doing wrong?

Just to add a few infos, I attach here Viscosity log:

Code:

Aug 20 10:31:30: Viscosity Mac 1.6.4 (1348)
Aug 20 10:31:30: Viscosity OpenVPN Engine Started
Aug 20 10:31:30: Running on Mac OS X 10.11.6
Aug 20 10:31:30: ---------
Aug 20 10:31:30: Controllo la raggiungibilità della connessione…
Aug 20 10:31:30: Connessione raggiungibile, inizio connessione.
Aug 20 10:31:30: OpenVPN 2.3.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on May 10 2016
Aug 20 10:31:30: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Aug 20 10:31:41: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 20 10:31:41: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.iuWRhD/ta.key' as a OpenVPN static key file
Aug 20 10:31:41: Opened utun device utun0
Aug 20 10:31:41: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Aug 20 10:31:41: UDPv4 link local: [undef]
Aug 20 10:31:41: UDPv4 link remote: [AF_INET]xx.xx.xxx.xxx:xxxx
Aug 20 10:31:41: [OpenVPN-ACC] Peer Connection Initiated with [AF_INET]xx.xx.xxx.xxx:xxxx
Aug 20 10:31:42: Initialization Sequence Completed
Aug 20 10:31:42: DNS mode set to: Full

and Shimo log:

Code:

2016-08-28 10:47:37 Stato cambiato in: Connessione in corso (precedente: Disconnesso)
2016-08-28 10:47:37 OpenVPN management socket connected
2016-08-28 10:47:37 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2016-08-28 10:47:37 >HOLD:Waiting for hold release
2016-08-28 10:47:54 >PASSWORD:Need 'Private Key' password
2016-08-28 10:47:56 >STATE:1472374074,RESOLVE,,,
2016-08-28 10:47:56 Stato cambiato in: Connessione in corso (precedente: Connessione in corso)
2016-08-28 10:47:56 >STATE:1472374076,WAIT,,,
2016-08-28 10:47:56 Stato cambiato in: Autenticazione in corso (precedente: Connessione in corso)
2016-08-28 10:47:56 >STATE:1472374076,AUTH,,,
2016-08-28 10:47:58 Stato cambiato in: Connesso (precedente: Autenticazione in corso)
2016-08-28 10:47:58 **********************************************
2016-08-28 10:47:58 Start of output from 7ba54bfd9a8a01e9d17915a4e134dc75-openvpn-up-script.sh
2016-08-28 10:47:58 NOTE: No network configuration changes need to be made.
2016-08-28 10:47:58 DNS servers '80.58.61.250 80.58.61.254' were set manually
2016-08-28 10:47:58 WARNING: that setting is being ignored by OS X; '' is being used.
2016-08-28 10:47:58 WARNING: There are no DNS servers in this computer's new network configuration. This computer or a DHCP server that this computer uses may be configured incorrectly.
2016-08-28 10:47:58 End of output from 7ba54bfd9a8a01e9d17915a4e134dc75-openvpn-up-script.sh
2016-08-28 10:47:58 **********************************************
2016-08-28 10:47:58 >STATE:1472374077,CONNECTED,SUCCESS,,xx.xxx.xx.xxx

Thank you very much!

Michele

 

[robles]

Dear all,
thanks to your guide I could setup my VPN and I could access from anywhere with my iPhone using OpenVPN app. A few weeks ago I started working on having access from my Mac. I'm really becoming CRAZY!!!! I've been tried all OpenVPN clients out there, free and not free... using exactly the same ca/crt/key that I'm successfully using on my iPhone... well all Mac clients can connect but NOTHING MORE!!! I can't see and use any remote service.
What am I doing wrong?

Just to add a few infos, I attach here Viscosity log:

Aug 20 10:31:30: Viscosity Mac 1.6.4 (1348)
Aug 20 10:31:30: Viscosity OpenVPN Engine Started
Aug 20 10:31:30: Running on Mac OS X 10.11.6
Aug 20 10:31:30: ---------
Aug 20 10:31:30: Controllo la raggiungibilità della connessione…
Aug 20 10:31:30: Connessione raggiungibile, inizio connessione.
Aug 20 10:31:30: OpenVPN 2.3.11 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on May 10 2016
Aug 20 10:31:30: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Aug 20 10:31:41: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 20 10:31:41: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.iuWRhD/ta.key' as a OpenVPN static key file
Aug 20 10:31:41: Opened utun device utun0
Aug 20 10:31:41: NOTE: unable to redirect default gateway -- VPN gateway parameter (--route-gateway or --ifconfig) is missing
Aug 20 10:31:41: UDPv4 link local: [undef]
Aug 20 10:31:41: UDPv4 link remote: [AF_INET]xx.xx.xxx.xxx:xxxx
Aug 20 10:31:41: [OpenVPN-ACC] Peer Connection Initiated with [AF_INET]xx.xx.xxx.xxx:xxxx
Aug 20 10:31:42: Initialization Sequence Completed
Aug 20 10:31:42: DNS mode set to: Full

and Shimo log:

2016-08-28 10:47:37 Stato cambiato in: Connessione in corso (precedente: Disconnesso)
2016-08-28 10:47:37 OpenVPN management socket connected
2016-08-28 10:47:37 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2016-08-28 10:47:37 >HOLD:Waiting for hold release
2016-08-28 10:47:54 >PASSWORD:Need 'Private Key' password
2016-08-28 10:47:56 >STATE:1472374074,RESOLVE,,,
2016-08-28 10:47:56 Stato cambiato in: Connessione in corso (precedente: Connessione in corso)
2016-08-28 10:47:56 >STATE:1472374076,WAIT,,,
2016-08-28 10:47:56 Stato cambiato in: Autenticazione in corso (precedente: Connessione in corso)
2016-08-28 10:47:56 >STATE:1472374076,AUTH,,,
2016-08-28 10:47:58 Stato cambiato in: Connesso (precedente: Autenticazione in corso)
2016-08-28 10:47:58 **********************************************
2016-08-28 10:47:58 Start of output from 7ba54bfd9a8a01e9d17915a4e134dc75-openvpn-up-script.sh
2016-08-28 10:47:58 NOTE: No network configuration changes need to be made.
2016-08-28 10:47:58 DNS servers '80.58.61.250 80.58.61.254' were set manually
2016-08-28 10:47:58 WARNING: that setting is being ignored by OS X; '' is being used.
2016-08-28 10:47:58 WARNING: There are no DNS servers in this computer's new network configuration. This computer or a DHCP server that this computer uses may be configured incorrectly.
2016-08-28 10:47:58 End of output from 7ba54bfd9a8a01e9d17915a4e134dc75-openvpn-up-script.sh
2016-08-28 10:47:58 **********************************************
2016-08-28 10:47:58 >STATE:1472374077,CONNECTED,SUCCESS,,xx.xxx.xx.xxx


Thank you very much!

Michele

I also have a mac and I use TunnelBlick perfectly, try and use it. Place in a folder your certificates and OVPN configuration, double click it and it should install.

Also TunnelBlick clears your routing tables properly, and it's free so that's a plus.

 

[Michele Lombardo]

Hi Robles,
thx for you reply. Well, TunnelBlick is the only app I even couldn't connect!!! I have an error message (TuunelBlick could start OpenVPN to connect...) and that's my log:

*Tunnelblick: OS X 10.11.6; Tunnelblick 3.6.6 (build 4582)

2016-08-29 18:07:37 *Tunnelblick: Attempting connection with openvpn_priv; Set nameserver = 769; monitoring connection

2016-08-29 18:07:37 *Tunnelblick: openvpnstart start openvpn_priv.tblk 1337 769 0 3 0 1065264 -ptADGNWradsgnw 2.3.11

2016-08-29 18:07:37 *Tunnelblick:



Could not start OpenVPN (openvpnstart returned with status #251)



Contents of the openvpnstart log:

*Tunnelblick: openvpnstart log:

OpenVPN returned with status 1, errno = 0:

Undefined error: 0



Command used to start OpenVPN (one argument per displayed line):



/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.11/openvpn

--daemon

--log

/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sopenvpn_priv.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.1337.openvpn.log

--cd

/Library/Application Support/Tunnelblick/Shared/openvpn_priv.tblk/Contents/Resources

--verb

3

--config

/Library/Application Support/Tunnelblick/Shared/openvpn_priv.tblk/Contents/Resources/config.ovpn

--verb

3

--cd

/Library/Application Support/Tunnelblick/Shared/openvpn_priv.tblk/Contents/Resources

--management

127.0.0.1

1337

--management-query-passwords

--management-hold

--script-security

2

--up

/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

--down

/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw



Contents of the OpenVPN log:



Options error: Parameter ca_file can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.

Use --help for more information.



More details may be in the Console Log's "All Messages"


What could be the error?

Thank you

Michele

 

[Pseudolife]

It (finally) worked! Thanks Robels!

I had a lot of trouble getting OpenVPN to work right months ago, but today I noticed Robles had updated the guide and decided to make it my project for the day to try again, and I eventually got it going! I am now enjoying the beer of victory at the local brewery (where they have free wifi to test the VPN on.)

Here's what I learned along the way:

1) Robles's network setup is not like mine, and so not everything in the guide works exactly as listed for me. My LAN (Yellow network) uses 192.168.X.X instead of 10.0.X.X as it does in the guide. That means changing various spots in the guide that talk about 10.0.X.X addresses. The guide actually mentions this.

2) My gateway (ISP provided modem & router) isn't configured like his in terms of Port forwarding, and actually wouldn't let me setup port forwarding exactly like he does. Instead, I decided to just go with the OpenVPN official port of 1149 UDP. Basically everywhere in the guide that uses 10011 or 443, I used 1149.

3)[Newbie statement] If it wasn't 100% clear to everyone, you must setup port forwarding on your router to aim that external facing port towards your OpenVPN jail. The guide doesn't go into detail about this, likely because everyone's router and personal network are going to be different. If you familiar with working with your home network, it's obvious and easy, but if you're like me: someone not overly familiar with networks when they started their NAS project, it can be helpful to spell it out. If you look at your jails in FreeNAS, it will tell you the IP address of the OpenVPN jail you made. Connecting and configuring your own router is on you.

4) When configuring your local OpenVPN config file to forward all traffic through the VPN (an optional step in the guide) I replaced the "dhcp-option DNS" listing of 0.0.0.0 with my router's local network IP. In my case that was 192.168.0.1.

5) You can get a free Dynamic DNS setup using just FreeNAS and No-IP.com. Look in FreeNAS > Services > DynamicDNS. Getting this setup will make sure the remote server you keep in your config file will remain consistent even with your ISP alters your public facing IP.

6) You can test your various keyfiles by connecting to your OpenVPN at on your home wifi by using your OpenVPN's local jail ip in the client OpenVPN config. If you connect successfully, your keys are good. You will still need connect from a remote network to make sure everythign else works.

7) If you can connect but can't access anything, reboot the entire FreeNAS box, just as the troubleshooting guide says. If I had known this months ago, I would have had my OpenVPN running then instead of just now.

8) Once the VPN was working, I still had trouble getting Windows 7 to see my network shares over VPN. My server is named "Mimir" but wouldn't show up or connect when typed like that, even though it did work that way on the LAN at home. The local IP address for my server, 192.168.0.200 in my case, does work just fine, however.

 

[John Rushford]

I worked through this procedure exactly as it was written using a jail and with modifications to the config file examples that are appropriate for my network. I had absolutely no problem with it except where I made typos :). My hat is off to the robles for this work!

I'm running FreeNas 9.10 and have been creating several bhyve VM's using iohyve as documented in the 9.10 user guide and I thought I'd try out this procedure using a bhyve VM rather than a jail. I'm glad to report that I was able to get openvpn working using a vm. I only had to get a proper guest kernel running and I had to make one modification to the ipfw.rules script. I substituted 'epair' with 'vtnet' and changed the variable 'EPAIR' to 'VTNET' for consistency.

I built the bhyve vm with this iso image FreeBSD-10.3-RELEASE-amd64-bootonly.iso but, I found that the GENERIC kernel was not built with the ipfw firewall options. Fortunately during the vm install, I chose to include the kernel source and was able to build and install a new GENERIC kernel after including these options:

Code:

options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
options         IPFIREWALL_NAT
options         LIBALIAS

With all this in place, I've destroyed the jail and am now using openvpn running on the bhyve vm.

Again, I'd like to thank robles for this excellent guide to setting up openvpn.

 

[Varun Chugh]

Need help please. After following through all the steps till Server NAT configuration and restarting the Jail. I get the below. What could be the issue? I am on freenas 9.10+

Code:

[root@OpenVPN /media]# ipfw list

00100 nat 1 ip from 172.16.8.0/24 to any out via epair3b

00200 nat 1 ip from any to any in via epair3b

65535 allow ip from any to any

[root@OpenVPN /media]# sockstat -4 -l

USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS     

root     syslogd    98402 7  udp4   *:514                 *:*

[root@OpenVPN /media]#

And I get the below error, why would this be? I am logged in as root.

Code:

[root@OpenVPN /media]# chmod 644 john.appleseed.key john.appleseed.crt ca.crt ta.key

chmod: john.appleseed.key: Operation not permitted

chmod: john.appleseed.crt: Operation not permitted

chmod: ca.crt: Operation not permitted

chmod: ta.key: Operation not permitted

 

[FritVetBE]

Hey Varun Chugh

about the output of the command sockstat -4 -l, it shows the opened sockets on your machine. In your case there is no opened socket relevant to an openvpn instance. you should start the openvpn instance. If it won't start you should check the logs for more details.

 

[John Rushford]

Need help please. After following through all the steps till Server NAT configuration and restarting the Jail. I get the below. What could be the issue? I am on freenas 9.10+


And I get the below error, why would this be? I am logged in as root.

Code:

[root@OpenVPN /media]# chmod 644 john.appleseed.key john.appleseed.crt ca.crt ta.key

chmod: john.appleseed.key: Operation not permitted

chmod: john.appleseed.crt: Operation not permitted

chmod: ca.crt: Operation not permitted

chmod: ta.key: Operation not permitted

If /media is a windows share, I believe you have to use setfacl instead of chmod, See the man page on setfacl and getfacl.

 

[Michele Lombardo]

Dear all,
thanks to your guides I could setup my VPN. But there's something I really can't understand. Well I perfectly connect and use all services if I use my iPhone with OpenVPN app IF I'M CONNECTED TO 3G/4G NETWORK. As soon as I'm connected to a wifi with my iPhone I can connect to my VPN but I can't see any services. Also, I NEVER could connect with my Mac (using a lot of different apps).
What could it be?

Thank you

Michele

 

[Steo]

This tutorial will show you how to configure OpenVPN inside a jail so you can VPN to your home, access your local jails and other hosts and optionally, use it as a complete tunnel in case you're in a public network.

First of all I want to thanks Robles for all the effort he made on this tutorial.

Now ... I'm new so I already introduced my self here:
https://forums.freenas.org/index.php?threads/welcoming-message-messaggio-di-benvenuto.46390/

I am here because I don't want to give up after all the nights and effort I have put on these things and I like FreeNAS so I don't want to give up and look for something else.

Come to my problem. Obviosly I'm trying to install and configure OpenVPN on my FreeNAS system installed on a USB connected to my old notebook.
I've to say that it is working perfectly and all I need now it to run properly OpenVPN in the Jail named "OpenVPN" that I created.

Come to some specs, this is my actual installation version: { FreeNAS-9.2.1.9-RELEASE-x86 (2bbba09) - I can't change this choice actually }

Code:

root@OpenVPN:/ # uname -v
FreeBSD 9.2-RELEASE-p15 #0 r262572+5b7d179: Mon Nov 17 16:27:27 PST 2014  root@build3.ixsystems.com:/tank/home/jkh/build/921/FN/os-base/i386/i386.i386/fusion/jkh/921/FN/FreeBSD/src/sys/FREENAS.i386

These are my Jails:

Code:

[freenas@freenas] /% jls
  JID  IP Address  Hostname  Path
  2  -  customplugin_1  /mnt/160GB/jails/customplugin_1
  3  192.168.0.20  OpenVPN  /mnt/160GB/jails/OpenVPN

(Actually the "customplugin_1" was always there, I really don't know what it is).

I really tried many many things and lookup on many webpages online... I really don't know where to go.
The actual problem is that I cannot run succesfully my openvpn service and I got these errors (I'm into my Jail tcsh shell):

Code:

root@OpenVPN:/ # openssl version
OpenSSL 0.9.8y 5 Feb 2013

root@OpenVPN:/ # openvpn --version
OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016
library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no

root@OpenVPN:/ # service openvpn start
Starting openvpn.

root@OpenVPN:/ # service openvpn start
Starting openvpn.

root@OpenVPN:/ # openvpn --config /usr/local/etc/openvpn/openvpn.conf
Segmentation fault

root@OpenVPN:/ # cat var/log/messages
[...]
Sep 28 21:45:40 OpenVPN freenas: /usr/sbin/service: WARNING: $svnserve_enable is not set properly - see rc.conf(5).
Sep 28 21:45:40 OpenVPN freenas: /usr/sbin/service: WARNING: $pbid_enable is not set properly - see rc.conf(5).
Sep 28 21:45:40 OpenVPN freenas: /usr/sbin/service: WARNING: $aria2_enable is not set properly - see rc.conf(5).
Sep 28 21:46:40 OpenVPN openvpn[6454]: OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016
Sep 28 21:46:40 OpenVPN openvpn[6454]: library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Sep 28 21:46:40 OpenVPN openvpn[6455]: Could not retrieve default gateway from route socket:: No such process (errno=3)
Sep 28 21:46:40 OpenVPN openvpn[6455]: Diffie-Hellman initialized with 2048 bit key

About configuration file...
RC.CONF:

Code:

root@OpenVPN:/ # cat etc/rc.conf
portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="OpenVPN"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
openvpn_dir="/usr/local/etc/openvpn"
cloned_interfaces="tun"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"

OPENVPN.CONF: (from the Jail server: OpenVPN)

Code:

local 192.168.0.20
server 10.0.0.0 255.255.255.0
port 1194
proto udp
dev tun
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.20 255.255.255.0 10.0.0.0
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/steo-server-it.crt
key /usr/local/etc/openvpn/keys/steo-server-it.key
dh /usr/local/etc/openvpn/keys/dh.pem
status /usr/local/etc/openvpn/openvpn.status
log-append /usr/local/etc/openvpn/openvpn.log
tls-auth /usr/local/etc/openvpn/keys/ta.key 0
cipher AES-256-CBC
group nobody
user nobody
comp-lzo
persist-key
persist-tun
keepalive 30 120
verb 3

I can provide you other infos... But really I DON'T KNOW how to figure it out. I'm sure I am making some mistakes and I can't see by my self the solution.
Please I need some hints on how to go over these problem, my OpenVPN don't want to start...

Thank you in advance for your support.

 

[Steo]

Dear all,
thanks to your guides I could setup my VPN. But there's something I really can't understand. Well I perfectly connect and use all services if I use my iPhone with OpenVPN app IF I'M CONNECTED TO 3G/4G NETWORK. As soon as I'm connected to a wifi with my iPhone I can connect to my VPN but I can't see any services. Also, I NEVER could connect with my Mac (using a lot of different apps).
What could it be?

Thank you

Michele

Ciao Michele,
I don't know about your Mac but for sure if you are connected to the wifi where also your freenas/VPN is connected too ... well it could be normal because the configuration file of your iPhone point to the external interface of your router.
You should try to have in that case 2 different configuration file on your client and run the first if you are attached on the 3G/4G network or under another external wifi... and running the second under the same wifi and lan.
Pay attention that the second openvpn configuration file has to change in some details especially on the REMOTE parameter that now should point directly at the internal IP address of the freenas/VPN or Jail that is running the VPN.
I hope to be helpful. Let me know.
Stefano

 

[zoomzoom]

@Steo Please post output of /usr/local/etc/openvpn/openvpn.log and /usr/local/etc/openvpn/openvpn.status

• Prior to doing so, please change the following, then restart the openvpn server
  • change proto udp to proto tcp
    • When troubleshooting openvpn, protocol should always be tcp, then once done troubleshooting, changed back to udp. The reason for this is tcp cannot efficiently encapsulate itself, but during troubleshooting, allows for the traffic to be traced. (The one caveat to using tcp over udp is when one has high packet loss using udp, at which point tcp should be utilized.)
  • change verb 3 to verb 7
  • change keepalive 30 120 to keepalive "30 120"
  • remove local 192.168.0.20

 

[zoomzoom]

...I could setup my VPN, but there's something I really can't understand. While I can perfectly connect and use all services if I use my iPhone with OpenVPN app if I'm connected to a 3G/4G network, as soon as I'm connected to wifi with my iPhone, I can connect to my VPN, but can't see any services. Also, I've never been able to connect with my Mac (using a lot of different apps). What could it be?

Please post the following within code brackets:

• OpenVPN server config
  • server log
• OpenVPN client config
  • client log

 

[Steo]

@Steo Please post output of /usr/local/etc/openvpn/openvpn.log and /usr/local/etc/openvpn/openvpn.status

Hello ZoomZoom, thank you for the help!
Here what you asked, I first applied the changes you asked and after it I did run these commands:

OPENVPN.LOG

Code:

root@OpenVPN:/usr/local/etc/openvpn # openvpn --config /usr/local/etc/openvpn/openvpn.conf
Segmentation fault

root@OpenVPN:/usr/local/etc/openvpn # cat openvpn.log
Thu Sep 29 20:22:37 2016 us=744198 Current Parameter Settings:
Thu Sep 29 20:22:37 2016 us=744493  config = '/usr/local/etc/openvpn/openvpn.conf'
Thu Sep 29 20:22:37 2016 us=744535  mode = 1
Thu Sep 29 20:22:37 2016 us=744574  show_ciphers = DISABLED
Thu Sep 29 20:22:37 2016 us=744618  show_digests = DISABLED
Thu Sep 29 20:22:37 2016 us=744656  show_engines = DISABLED
Thu Sep 29 20:22:37 2016 us=744694  genkey = DISABLED
Thu Sep 29 20:22:37 2016 us=744733  key_pass_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=744771  show_tls_ciphers = DISABLED
Thu Sep 29 20:22:37 2016 us=744821 Connection profiles [default]:
Thu Sep 29 20:22:37 2016 us=744860  proto = tcp-server
Thu Sep 29 20:22:37 2016 us=744898  local = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=744936  local_port = 1194
Thu Sep 29 20:22:37 2016 us=744974  remote = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=745012  remote_port = 1194
Thu Sep 29 20:22:37 2016 us=745049  remote_float = DISABLED
Thu Sep 29 20:22:37 2016 us=745087  bind_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=745135  bind_local = ENABLED
Thu Sep 29 20:22:37 2016 us=745173  connect_retry_seconds = 5
Thu Sep 29 20:22:37 2016 us=745210  connect_timeout = 10
Thu Sep 29 20:22:37 2016 us=745248  connect_retry_max = 0
Thu Sep 29 20:22:37 2016 us=745288  socks_proxy_server = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=745326  socks_proxy_port = 0
Thu Sep 29 20:22:37 2016 us=745363  socks_proxy_retry = DISABLED
Thu Sep 29 20:22:37 2016 us=745401  tun_mtu = 1500
Thu Sep 29 20:22:37 2016 us=745438  tun_mtu_defined = ENABLED
Thu Sep 29 20:22:37 2016 us=745487  link_mtu = 1500
Thu Sep 29 20:22:37 2016 us=745525  link_mtu_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=745563  tun_mtu_extra = 0
Thu Sep 29 20:22:37 2016 us=745600  tun_mtu_extra_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=745642  mtu_discover_type = -1
Thu Sep 29 20:22:37 2016 us=745680  fragment = 0
Thu Sep 29 20:22:37 2016 us=745718  mssfix = 1450
Thu Sep 29 20:22:37 2016 us=745755  explicit_exit_notification = 0
Thu Sep 29 20:22:37 2016 us=745793 Connection profiles END
Thu Sep 29 20:22:37 2016 us=745842  remote_random = DISABLED
Thu Sep 29 20:22:37 2016 us=745880  ipchange = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=745918  dev = 'tun'
Thu Sep 29 20:22:37 2016 us=745955  dev_type = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=745993  dev_node = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=746031  lladdr = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=746069  topology = 1
Thu Sep 29 20:22:37 2016 us=746106  tun_ipv6 = DISABLED
Thu Sep 29 20:22:37 2016 us=746144  ifconfig_local = '10.0.0.1'
Thu Sep 29 20:22:37 2016 us=746193  ifconfig_remote_netmask = '10.0.0.2'
Thu Sep 29 20:22:37 2016 us=746231  ifconfig_noexec = DISABLED
Thu Sep 29 20:22:37 2016 us=746268  ifconfig_nowarn = DISABLED
Thu Sep 29 20:22:37 2016 us=746306  ifconfig_ipv6_local = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=746343  ifconfig_ipv6_netbits = 0
Thu Sep 29 20:22:37 2016 us=746381  ifconfig_ipv6_remote = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=746419  shaper = 0
Thu Sep 29 20:22:37 2016 us=746456  mtu_test = 0
Thu Sep 29 20:22:37 2016 us=746506  mlock = DISABLED
Thu Sep 29 20:22:37 2016 us=746544  keepalive_ping = 30
Thu Sep 29 20:22:37 2016 us=746582  keepalive_timeout = 120
Thu Sep 29 20:22:37 2016 us=746623  inactivity_timeout = 0
Thu Sep 29 20:22:37 2016 us=746661  ping_send_timeout = 30
Thu Sep 29 20:22:37 2016 us=746699  ping_rec_timeout = 240
Thu Sep 29 20:22:37 2016 us=746736  ping_rec_timeout_action = 2
Thu Sep 29 20:22:37 2016 us=746774  ping_timer_remote = DISABLED
Thu Sep 29 20:22:37 2016 us=746823  remap_sigusr1 = 0
Thu Sep 29 20:22:37 2016 us=746861  persist_tun = ENABLED
Thu Sep 29 20:22:37 2016 us=746898  persist_local_ip = DISABLED
Thu Sep 29 20:22:37 2016 us=746936  persist_remote_ip = DISABLED
Thu Sep 29 20:22:37 2016 us=746973  persist_key = ENABLED
Thu Sep 29 20:22:37 2016 us=747010  passtos = DISABLED
Thu Sep 29 20:22:37 2016 us=747048  resolve_retry_seconds = 1000000000
Thu Sep 29 20:22:37 2016 us=747085  username = 'nobody'
Thu Sep 29 20:22:37 2016 us=747124  groupname = 'nobody'
Thu Sep 29 20:22:37 2016 us=747174  chroot_dir = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=747212  cd_dir = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=747250  writepid = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=747288  up_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=747326  down_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=747363  down_pre = DISABLED
Thu Sep 29 20:22:37 2016 us=747400  up_restart = DISABLED
Thu Sep 29 20:22:37 2016 us=747438  up_delay = DISABLED
Thu Sep 29 20:22:37 2016 us=747488  daemon = DISABLED
Thu Sep 29 20:22:37 2016 us=747526  inetd = 0
Thu Sep 29 20:22:37 2016 us=747564  log = ENABLED
Thu Sep 29 20:22:37 2016 us=747605  suppress_timestamps = DISABLED
Thu Sep 29 20:22:37 2016 us=747645  nice = 0
Thu Sep 29 20:22:37 2016 us=747682  verbosity = 7
Thu Sep 29 20:22:37 2016 us=747720  mute = 0
Thu Sep 29 20:22:37 2016 us=747757  gremlin = 0
Thu Sep 29 20:22:37 2016 us=747795  status_file = '/usr/local/etc/openvpn/openvpn.status'
Thu Sep 29 20:22:37 2016 us=747833  status_file_version = 1
Thu Sep 29 20:22:37 2016 us=747884  status_file_update_freq = 60
Thu Sep 29 20:22:37 2016 us=747922  occ = ENABLED
Thu Sep 29 20:22:37 2016 us=747960  rcvbuf = 0
Thu Sep 29 20:22:37 2016 us=747997  sndbuf = 0
Thu Sep 29 20:22:37 2016 us=748034  sockflags = 0
Thu Sep 29 20:22:37 2016 us=748071  fast_io = DISABLED
Thu Sep 29 20:22:37 2016 us=748109  lzo = 7
Thu Sep 29 20:22:37 2016 us=748146  route_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748184  route_default_gateway = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748236  route_default_metric = 0
Thu Sep 29 20:22:37 2016 us=748274  route_noexec = DISABLED
Thu Sep 29 20:22:37 2016 us=748311  route_delay = 0
Thu Sep 29 20:22:37 2016 us=748349  route_delay_window = 30
Thu Sep 29 20:22:37 2016 us=748386  route_delay_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=748424  route_nopull = DISABLED
Thu Sep 29 20:22:37 2016 us=748462  route_gateway_via_dhcp = DISABLED
Thu Sep 29 20:22:37 2016 us=748500  max_routes = 100
Thu Sep 29 20:22:37 2016 us=748549  allow_pull_fqdn = DISABLED
Thu Sep 29 20:22:37 2016 us=748590  route 192.168.0.20/255.255.255.0/10.0.0.0/nil
Thu Sep 29 20:22:37 2016 us=748633  route 10.0.0.0/255.255.255.0/nil/nil
Thu Sep 29 20:22:37 2016 us=748671  management_addr = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748710  management_port = 0
Thu Sep 29 20:22:37 2016 us=748748  management_user_pass = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748785  management_log_history_cache = 250
Thu Sep 29 20:22:37 2016 us=748823  management_echo_buffer_size = 100
Thu Sep 29 20:22:37 2016 us=748871  management_write_peer_info_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748910  management_client_user = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748948  management_client_group = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=748986  management_flags = 0
Thu Sep 29 20:22:37 2016 us=749024  shared_secret_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=749062  key_direction = 1
Thu Sep 29 20:22:37 2016 us=749099  ciphername_defined = ENABLED
Thu Sep 29 20:22:37 2016 us=749149  ciphername = 'AES-256-CBC'
Thu Sep 29 20:22:37 2016 us=749187  authname_defined = ENABLED
Thu Sep 29 20:22:37 2016 us=749225  authname = 'SHA1'
Thu Sep 29 20:22:37 2016 us=749262  prng_hash = 'SHA1'
Thu Sep 29 20:22:37 2016 us=749300  prng_nonce_secret_len = 16
Thu Sep 29 20:22:37 2016 us=749337  keysize = 0
Thu Sep 29 20:22:37 2016 us=749375  engine = DISABLED
Thu Sep 29 20:22:37 2016 us=749412  replay = ENABLED
Thu Sep 29 20:22:37 2016 us=749451  mute_replay_warnings = DISABLED
Thu Sep 29 20:22:37 2016 us=749500  replay_window = 64
Thu Sep 29 20:22:37 2016 us=749538  replay_time = 15
Thu Sep 29 20:22:37 2016 us=749576  packet_id_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=749618  use_iv = ENABLED
Thu Sep 29 20:22:37 2016 us=749656  test_crypto = DISABLED
Thu Sep 29 20:22:37 2016 us=749694  tls_server = ENABLED
Thu Sep 29 20:22:37 2016 us=749731  tls_client = DISABLED
Thu Sep 29 20:22:37 2016 us=749769  key_method = 2
Thu Sep 29 20:22:37 2016 us=749806  ca_file = '/usr/local/etc/openvpn/keys/ca.crt'
Thu Sep 29 20:22:37 2016 us=749861  ca_path = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=749900  dh_file = '/usr/local/etc/openvpn/keys/dh.pem'
Thu Sep 29 20:22:37 2016 us=749938  cert_file = '/usr/local/etc/openvpn/keys/steo-server-it.crt'
Thu Sep 29 20:22:37 2016 us=749976  extra_certs_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750014  priv_key_file = '/usr/local/etc/openvpn/keys/steo-server-it.key'
Thu Sep 29 20:22:37 2016 us=750052  pkcs12_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750106  cipher_list = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750144  tls_verify = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750182  tls_export_cert = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750219  verify_x509_type = 0
Thu Sep 29 20:22:37 2016 us=750257  verify_x509_name = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750295  crl_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=750332  ns_cert_type = 0
Thu Sep 29 20:22:37 2016 us=750369  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750422  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750460  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750497  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750534  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750572  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750613  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750651  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750688  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750726  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750784  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750822  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750859  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750896  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750934  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=750971  remote_cert_ku = 0
Thu Sep 29 20:22:37 2016 us=751009  remote_cert_eku = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=751047  ssl_flags = 0
Thu Sep 29 20:22:37 2016 us=751085  tls_timeout = 2
Thu Sep 29 20:22:37 2016 us=751134  renegotiate_bytes = 0
Thu Sep 29 20:22:37 2016 us=751172  renegotiate_packets = 0
Thu Sep 29 20:22:37 2016 us=751210  renegotiate_seconds = 3600
Thu Sep 29 20:22:37 2016 us=751247  handshake_window = 60
Thu Sep 29 20:22:37 2016 us=751285  transition_window = 3600
Thu Sep 29 20:22:37 2016 us=751322  single_session = DISABLED
Thu Sep 29 20:22:37 2016 us=751360  push_peer_info = DISABLED
Thu Sep 29 20:22:37 2016 us=751398  tls_exit = DISABLED
Thu Sep 29 20:22:37 2016 us=751448  tls_auth_file = '/usr/local/etc/openvpn/keys/ta.key'
Thu Sep 29 20:22:37 2016 us=751491  server_network = 10.0.0.0
Thu Sep 29 20:22:37 2016 us=751531  server_netmask = 255.255.255.0
Thu Sep 29 20:22:37 2016 us=751575  server_network_ipv6 = ::
Thu Sep 29 20:22:37 2016 us=751617  server_netbits_ipv6 = 0
Thu Sep 29 20:22:37 2016 us=751657  server_bridge_ip = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=751697  server_bridge_netmask = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=751737  server_bridge_pool_start = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=751790  server_bridge_pool_end = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=751828  push_entry = 'route 192.168.0.0 255.255.255.0'
Thu Sep 29 20:22:37 2016 us=751866  push_entry = 'route 10.0.0.1'
Thu Sep 29 20:22:37 2016 us=751904  push_entry = 'topology net30'
Thu Sep 29 20:22:37 2016 us=751942  push_entry = 'ping 30'
Thu Sep 29 20:22:37 2016 us=751980  push_entry = 'ping-restart 120'
Thu Sep 29 20:22:37 2016 us=752018  ifconfig_pool_defined = ENABLED
Thu Sep 29 20:22:37 2016 us=752071  ifconfig_pool_start = 10.0.0.4
Thu Sep 29 20:22:37 2016 us=752112  ifconfig_pool_end = 10.0.0.251
Thu Sep 29 20:22:37 2016 us=752151  ifconfig_pool_netmask = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=752190  ifconfig_pool_persist_filename = 'ipp.txt'
Thu Sep 29 20:22:37 2016 us=752228  ifconfig_pool_persist_refresh_freq = 600
Thu Sep 29 20:22:37 2016 us=752265  ifconfig_ipv6_pool_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=752304  ifconfig_ipv6_pool_base = ::
Thu Sep 29 20:22:37 2016 us=752355  ifconfig_ipv6_pool_netbits = 0
Thu Sep 29 20:22:37 2016 us=752394  n_bcast_buf = 256
Thu Sep 29 20:22:37 2016 us=752432  tcp_queue_limit = 64
Thu Sep 29 20:22:37 2016 us=752470  real_hash_size = 256
Thu Sep 29 20:22:37 2016 us=752507  virtual_hash_size = 256
Thu Sep 29 20:22:37 2016 us=752545  client_connect_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=752583  learn_address_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=752626  client_disconnect_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=752678  client_config_dir = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=752716  ccd_exclusive = DISABLED
Thu Sep 29 20:22:37 2016 us=752754  tmp_dir = '/tmp'
Thu Sep 29 20:22:37 2016 us=752792  push_ifconfig_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=752832  push_ifconfig_local = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=752873  push_ifconfig_remote_netmask = 0.0.0.0
Thu Sep 29 20:22:37 2016 us=752911  push_ifconfig_ipv6_defined = DISABLED
Thu Sep 29 20:22:37 2016 us=752950  push_ifconfig_ipv6_local = ::/0
Thu Sep 29 20:22:37 2016 us=753001  push_ifconfig_ipv6_remote = ::
Thu Sep 29 20:22:37 2016 us=753040  enable_c2c = DISABLED
Thu Sep 29 20:22:37 2016 us=753077  duplicate_cn = DISABLED
Thu Sep 29 20:22:37 2016 us=753115  cf_max = 0
Thu Sep 29 20:22:37 2016 us=753152  cf_per = 0
Thu Sep 29 20:22:37 2016 us=753190  max_clients = 1024
Thu Sep 29 20:22:37 2016 us=753227  max_routes_per_client = 256
Thu Sep 29 20:22:37 2016 us=753265  auth_user_pass_verify_script = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=753316  auth_user_pass_verify_script_via_file = DISABLED
Thu Sep 29 20:22:37 2016 us=753354  port_share_host = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=753392  port_share_port = 0
Thu Sep 29 20:22:37 2016 us=753430  client = DISABLED
Thu Sep 29 20:22:37 2016 us=753467  pull = DISABLED
Thu Sep 29 20:22:37 2016 us=753505  auth_user_pass_file = '[UNDEF]'
Thu Sep 29 20:22:37 2016 us=753544 OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016
Thu Sep 29 20:22:37 2016 us=753607 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Thu Sep 29 20:22:37 2016 us=753784 Could not retrieve default gateway from route socket:: No such process (errno=3)
Thu Sep 29 20:22:37 2016 us=838767 Diffie-Hellman initialized with 2048 bit key

Running the command: "service openvpn start" I get the same result in the log, in the shell I get the message: "openvpn starting" but running "service openvpn status" I get as result: "openvpn is not running.".

P.S.1: As you said earlier about the corrections to apply before running this, I have to say that I left only the "keepalive 30 120" without quotes around the numbers because otherwise I receive an error about it. I'm pretty sure there is no any needs of quotes there. If you want me to retry with the quotes for a specific reason tell me.
I commented the "local IP" parameter... is it so bad? redundant?

P.S.2: My "openvpn.status" was completely empty.

Waiting for your news... Thank you! ^_^

 

[zoomzoom]

@Steo Sorry, forget to all also tell you to add the interface name to your config in lieu of the the local directive. Below dev tun list a second dev directive with the name of your interface (for example, dev tun0). This is why it's currently not starting.

The local directive has a special use case (IIRC, gateway-redirect), with the device name generally being sufficient. <-- Factually Inaccurate, see post #446

As to the keep-alive directive, FreeBSD must interpret that differently than linux systems, as normally any whitespace that's contained within an option must be contained within single, or double, quotes.