PelicanMedia
Cadet
- Joined
- Jun 10, 2022
- Messages
- 2
Hi all, I have weird issue(s) after following this guide. My setup as below:
====
TrueNAS-13.0-RELEASE
TrueNAS network: 192.168.2.0/24
TrueNAS IP address: 192.168.2.55
TrueNAS network interface: igc0
OpenVPN Server network: 192.168.20.0/24
Services -> OpenVPN Server -> additional parameters
push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
Network -> Static routes:
Destination: 192.168.20.0/32 (automatically adds the /32 and GUI crashes when changing or removing) Gateway: 192.168.2.55
System -> Tunables:
firewall_enable = "YES"
firewall_type = "open"
gateway_enable = "YES"
natd_enable = "YES"
natd_interface= "igc0"
natd_flags = "-dynamic -m"
====
Now, if all the above Tunables are enabled and I reboot the TN server, the client PC, connected to the server (via the OpenVPN Connect software on their home network) has access to the TN server and internet connection. BUT, I have either no access to the TN GUI, the GUI is painfully slow with the blue spinney wheel or the CSS looks broken and cant click anywhere from my workstation (on the 192.168.2.0 network). And the client PC has full access to the TN GUI.
BUT, If I eventually get access to the Tunables page, disable the 'firewall_enable = "YES"' rule and restart the TN server, the client has access to the TN server but no internet connection and I have full, fast and complete access to the TN GUI from my workstation.
Also, if I manage to get to the Tunables page, re-enable the 'firewall_enable = "YES"' rule and disable the 'gateway_enable = "YES"' rule and restart the TN server, the client has access to the TN server but no internet connection and I am back to no or restricted access to the TN GUI from my workstation.
What is going on ?!
Ideally, the client would only have access to the TN server but still be able to browse the internet AND myself, being the admin, be able to access the TN GUI without issue. Even more ideally the client's internet traffic would use their own network settings and just be able to connect to the TN server's shares.
PS. The only way I was able to add the Static Route without the /32 was to add it manually from the shell on the local device itself. It crashed the GUI when adding it from there.
Thanks.
====
TrueNAS-13.0-RELEASE
TrueNAS network: 192.168.2.0/24
TrueNAS IP address: 192.168.2.55
TrueNAS network interface: igc0
OpenVPN Server network: 192.168.20.0/24
Services -> OpenVPN Server -> additional parameters
push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
Network -> Static routes:
Destination: 192.168.20.0/32 (automatically adds the /32 and GUI crashes when changing or removing) Gateway: 192.168.2.55
System -> Tunables:
firewall_enable = "YES"
firewall_type = "open"
gateway_enable = "YES"
natd_enable = "YES"
natd_interface= "igc0"
natd_flags = "-dynamic -m"
====
Now, if all the above Tunables are enabled and I reboot the TN server, the client PC, connected to the server (via the OpenVPN Connect software on their home network) has access to the TN server and internet connection. BUT, I have either no access to the TN GUI, the GUI is painfully slow with the blue spinney wheel or the CSS looks broken and cant click anywhere from my workstation (on the 192.168.2.0 network). And the client PC has full access to the TN GUI.
BUT, If I eventually get access to the Tunables page, disable the 'firewall_enable = "YES"' rule and restart the TN server, the client has access to the TN server but no internet connection and I have full, fast and complete access to the TN GUI from my workstation.
Also, if I manage to get to the Tunables page, re-enable the 'firewall_enable = "YES"' rule and disable the 'gateway_enable = "YES"' rule and restart the TN server, the client has access to the TN server but no internet connection and I am back to no or restricted access to the TN GUI from my workstation.
What is going on ?!
Ideally, the client would only have access to the TN server but still be able to browse the internet AND myself, being the admin, be able to access the TN GUI without issue. Even more ideally the client's internet traffic would use their own network settings and just be able to connect to the TN server's shares.
PS. The only way I was able to add the Static Route without the /32 was to add it manually from the shell on the local device itself. It crashed the GUI when adding it from there.
Thanks.