Great article - really helped me out!
For anyone using PIA VPN - the following ipfw rules worked for me (I'm connecting to the Florida server - so those will be different).
add 01000 allow log udp from 192.168.1.0/24 to 192.168.1.1 dst-port 53 keep-state
add 01002 allow log udp from 192.168.1.0/24 to 8.8.8.8 dst-port 53 keep-state
add 01004 allow log udp from 192.168.1.0/24 to 8.8.4.4 dst-port 53 keep-state
add 01006 allow ip from 192.168.1.0/24 to 192.168.1.0/24 keep-state
add 02001 allow ip from 192.168.1.0/24 to 198.178.124.69 keep-state
add 02002 allow ip from 198.178.124.69 to 192.168.1.0/24 keep-state
add 02003 allow ip from 192.168.1.0/24 to 96.31.87.158 keep-state
add 02004 allow ip from 96.31.87.158 to 192.168.1.0/24 keep-state
add 02005 allow ip from 192.168.1.0/24 to 198.178.120.118 keep-state
add 02006 allow ip from 198.178.120.118 to 192.168.1.0/24 keep-state
add 02007 allow ip from 192.168.1.0/24 to 198.178.127.20 keep-state
add 02008 allow ip from 198.178.127.20 to 192.168.1.0/24 keep-state
add 02009 allow ip from 192.168.1.0/24 to 199.193.119.20 keep-state
add 02010 allow ip from 199.193.119.20 to 192.168.1.0/24 keep-state
add 02011 allow ip from 192.168.1.0/24 to 199.193.117.47 keep-state
add 02012 allow ip from 199.193.117.47 to 192.168.1.0/24 keep-state
add 02013 allow ip from 192.168.1.0/24 to 68.233.228.140 keep-state
add 02014 allow ip from 68.223.228.140 to 192.168.1.0/24 keep-state
add 02015 allow ip from 192.168.1.0/24 to 198.178.127.23 keep-state
add 02008 allow ip from 198.178.127.23 to 192.168.1.0/24 keep-state
add 04000 allow ip from 127.0.0.1 to any
add 05000 allow ip from 10.0.0.0/7 to any
add 05002 allow ip from any to 10.0.0.0/7
add 65534 deny ip from any to any
Also - since PIA uses username & password I installed OpenVPN by this method. SSH into the jail:
# portsnap fetch
# portsnap extract
# cd /usr/ports/security/openvpn
# make install clean
After the last command has run for a while a blue screen will flash up, where you can select to build so that you can specify the username / password in a file.
After this is done, you can proceed with the steps outlined in this thread. However, there will be no user key files - PIA uses username / password auth. Create a text password file with 2 lines, the first contains your PIA VPN username, and the second line contains your password. Save the file with a name of your choosing, and then open up your ovpn file, and change this line from:
auth-user-pass
to:
auth-user-pass pass.txt
where "pass.txt" is the name of the password file you created.
Also - upload all your files (ovpn file - renamed as stated in the original instuctions, ca.crt and pass.txt) to the openvpn folder, NOT openvpn/keys. The PIA config doesn't look there.
I ended up installing Transmission & SABnzbd in the same jail. Installed SABnzbd via the regular plugin method, and then downloaded Transmission via this link (
http://www.appcafe.org/freenas), selected the SABnzbd jail in the Web ui, and then clicked the "Upload" button and uploaded the Transmission plugin into the same jail. Both will then use the same VPN connection. Works like a charm! SABnzbd complained about folder permissions for download folders, but a quick chown sorted that out.
Hope this helps someone!