This tutorial will show you how to configure OpenVPN inside a jail so you can VPN to your home, access your local jails and other hosts and optionally, use it as a complete tunnel in case you're in a public network.
First of all I want to thanks Robles for all the effort he made on this tutorial.
Now ... I'm new so I already introduced my self here:
https://forums.freenas.org/index.php?threads/welcoming-message-messaggio-di-benvenuto.46390/
I am here because I don't want to give up after all the nights and effort I have put on these things and I like FreeNAS so I don't want to give up and look for something else.
Come to my problem. Obviosly I'm trying to install and configure OpenVPN on my FreeNAS system installed on a USB connected to my old notebook.
I've to say that it is working perfectly and all I need now it to run properly OpenVPN in the Jail named "OpenVPN" that I created.
Come to some specs, this is my actual installation version: { FreeNAS-9.2.1.9-RELEASE-x86 (2bbba09) -
I can't change this choice actually }
Code:
root@OpenVPN:/ # uname -v
FreeBSD 9.2-RELEASE-p15 #0 r262572+5b7d179: Mon Nov 17 16:27:27 PST 2014 root@build3.ixsystems.com:/tank/home/jkh/build/921/FN/os-base/i386/i386.i386/fusion/jkh/921/FN/FreeBSD/src/sys/FREENAS.i386
These are my Jails:
Code:
[freenas@freenas] /% jls
JID IP Address Hostname Path
2 - customplugin_1 /mnt/160GB/jails/customplugin_1
3 192.168.0.20 OpenVPN /mnt/160GB/jails/OpenVPN
(Actually the "customplugin_1" was always there, I really don't know what it is).
I really tried many many things and lookup on many webpages online... I really don't know where to go.
The actual problem is that I cannot run succesfully my openvpn service and I got these errors (I'm into my Jail tcsh shell):
Code:
root@OpenVPN:/ # openssl version
OpenSSL 0.9.8y 5 Feb 2013
root@OpenVPN:/ # openvpn --version
OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016
library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
root@OpenVPN:/ # service openvpn start
Starting openvpn.
root@OpenVPN:/ # service openvpn start
Starting openvpn.
root@OpenVPN:/ # openvpn --config /usr/local/etc/openvpn/openvpn.conf
Segmentation fault
root@OpenVPN:/ # cat var/log/messages
[...]
Sep 28 21:45:40 OpenVPN freenas: /usr/sbin/service: WARNING: $svnserve_enable is not set properly - see rc.conf(5).
Sep 28 21:45:40 OpenVPN freenas: /usr/sbin/service: WARNING: $pbid_enable is not set properly - see rc.conf(5).
Sep 28 21:45:40 OpenVPN freenas: /usr/sbin/service: WARNING: $aria2_enable is not set properly - see rc.conf(5).
Sep 28 21:46:40 OpenVPN openvpn[6454]: OpenVPN 2.3.12 i386-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 30 2016
Sep 28 21:46:40 OpenVPN openvpn[6454]: library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Sep 28 21:46:40 OpenVPN openvpn[6455]: Could not retrieve default gateway from route socket:: No such process (errno=3)
Sep 28 21:46:40 OpenVPN openvpn[6455]: Diffie-Hellman initialized with 2048 bit key
About configuration file...
RC.CONF:
Code:
root@OpenVPN:/ # cat etc/rc.conf
portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="OpenVPN"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
openvpn_dir="/usr/local/etc/openvpn"
cloned_interfaces="tun"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
OPENVPN.CONF: (from the Jail server: OpenVPN)
Code:
local 192.168.0.20
server 10.0.0.0 255.255.255.0
port 1194
proto udp
dev tun
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
route 192.168.0.20 255.255.255.0 10.0.0.0
ca /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/steo-server-it.crt
key /usr/local/etc/openvpn/keys/steo-server-it.key
dh /usr/local/etc/openvpn/keys/dh.pem
status /usr/local/etc/openvpn/openvpn.status
log-append /usr/local/etc/openvpn/openvpn.log
tls-auth /usr/local/etc/openvpn/keys/ta.key 0
cipher AES-256-CBC
group nobody
user nobody
comp-lzo
persist-key
persist-tun
keepalive 30 120
verb 3
I can provide you other infos... But really I DON'T KNOW how to figure it out. I'm sure I am making some mistakes and I can't see by my self the solution.
Please I need some hints on how to go over these problem, my OpenVPN don't want to start...
Thank you in advance for your support.