Issues with Installing OpenVPN with NordVPN in Transmission Jail.

[PontWapiti]

Hello !

Couple of days ago, I decided to try to setup a NAS with Freenas as I had an unused pc that met hardware requirements.
I manage to set up with a plex media server and it works fine.

However, now I am trying to install Transmission with OpenVPN using NordVPN.

For the Transmission part, it works fine but I can't manage to make OpenVPN up and running.
I followed this tuto to try to set up Open VPN : https://www.reddit.com/r/freenas/comments/41fhz3/configuration_guide_for_openvpn_and_ipfw_so_that/

I installed OpenVPN and Nano :

Code:

pkg update
pkg install nano
pkg install openvpn

Then I created a folder for OpenVPN config:

Code:

mkdir /usr/local/etc/openvpn
cd /usr/local/etc/openvpn

I get my NordVPN config file:

Code:

wget https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/nl411.nordvpn.com.udp.ovpn --no-check-certificate

I move it to my /openvpn folder and rename it openvpn.conf:

Code:

mv nl411.nordvpn.com.udp.ovpn /usr/local/etc/openvpn/openvpn.conf

And now here is the step where Im stucked because NordVPN works a bit different than PIA :
I try to get my certification and key files from Nordvpn :

Code:

wget https://downloads.nordcdn.com/configs/archives/certificates/servers.zip --no-check-certificate

And I unzip it in my NordVPN folder :

Code:

unzip servers.zip -d NordVPN/

Now the problem is Nord VPN provide a .zip with all the files for the NordVPN servers so I scroll until I find the file for my server (nl411) and copy them in my /openvpn folder :

Code:

cp nl411_nordvpn_com_ca.crt ..
cp nl411_nordvpn_com_tls.key ..

Now at this point I don't know what to do. I have 2 files one .crt file and one .key file but no .pem file for example.
I created a .txt file with my credentials :

nano pass.txt
p1234567
exam.ple.pass.word

And I edit the openvpn.conf to try to point to the correct files but when I open the openvpn.conf I can't find any line that would fit for point the right files.
I could fine one line auth-user-pass so I added the path of my .txt with the credentials :

Code:

nano openvpn.conf
auth-user-pass /usr/local/etc/openvpn/pass.txt

but I can't find anything regarding the nl411_nordvpn_com_ca.crt and nl411_nordvpn_com_tls.key files so I don't know how to say to the openvpn.conf file to use these 2 files.

I tried to launch OpenVPN so I configured rc.conf to start openvpn on startup :

Code:

nano /etc/rc.conf
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"

then I launch openvpn:

Code:

service openvpn start

I run :

Code:

# tail /var/log/messages

May 9 00:52:35 transmission openvpn[7711]: VERIFY WARNING: depth=0, unable to get certificate CRL: CN=nl411.nordvpn.com
May 9 00:52:35 transmission openvpn[7711]: VERIFY WARNING: depth=1, unable to get certificate CRL: C=PA, O=NordVPN, CN=NordVPN CA3
May 9 00:52:35 transmission openvpn[7711]: VERIFY WARNING: depth=2, unable to get certificate CRL: C=PA, O=NordVPN, CN=NordVPN Root CA
May 9 00:52:35 transmission openvpn[7711]: VERIFY ERROR: CRL not loaded
May 9 00:52:35 transmission openvpn[7711]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
May 9 00:52:35 transmission openvpn[7711]: TLS_ERROR: BIO read tls_read_plaintext error
May 9 00:52:35 transmission openvpn[7711]: TLS Error: TLS object -> incoming plaintext read error
May 9 00:52:35 transmission openvpn[7711]: TLS Error: TLS handshake failed
May 9 00:52:35 transmission openvpn[7711]: SIGUSR1[soft,tls-error] received, process restarting
May 9 00:52:35 transmission openvpn[7711]: Restart pause, 40 second(s)

So I guess it has to deal with the certificates but as mentioned above I have no clue how to point the openvpn.conf to the righ certificates files.

If you have any idea of what could be the problems that would be great !

I hope I was clear in my explanations, if not please let me know !

Thanks a lot,
PontWapiti

 

[scrappy]

Try installing ca_root_nss package

 

[PontWapiti]

Hey Scrappy,

Thanks for your help !

Should I just run a

Code:

pkg install ca_root_nss

?

I look more into when I get back from work.

Thanks!
PontWapiti

 

[scrappy]

Should I just run a Code:
pkg install ca_root_nss

Yep. Just like that

 

[PontWapiti]

Hello,

Thanks again for the help Scrappy.

I installed the ca_root_nss but I keep getting the same errors regarding the VPN certificates files ("unable to get certificate").

Any more ideas ?

I can't figure out how to use properly those .crt and .key files my VPN provided me...

Cheers,
PontWapiti

 

[silverback]

I have no experience with nordvpn, but with Airvpn the keys and certs are imbedded in the .ovpn file. When I open the Airvpn .ovpn file with a text editor I can see the openvpn settings with the keys and certs. And I copy the whole text file to /openvpn.conf. Apologies if this is obvious or irrelevant.

 

[scrappy]

Airvpn the keys and certs are imbedded in the .ovpn file.

Did a little digging and this is true of NordVPN as well. Here is an article showing how to connect with NordVPN in Linux, though a FreeBSD jail would work much in the same way.

 

[_Adrian_]

Following

 

[nyxtyr]

Clearest guide I could find so far however I am still unable to get this working on my truenas system. Any help or other guides would be greatly appreciated.