OpenVPN cant install on Jail

[Robert Thomspon]

Hey guys...

So, upgraded to FreeNAS 11.2-U2... And am trying to set up OpenVPN on my transmission jail... but pkg cant locate OpenVPN...
Is this a "needs to be updated for the repository" or is there something else possibly broken?

Any help would be appreciated

(Did not have this issue on 11.1)

 

[nojohnny101]

Have you confirmed your networking is working on the jails. Can you ping the internet from within the jail. Is your DNS set properly?

 

[Robert Thomspon]

Have you confirmed your networking is working on the jails. Can you ping the internet from within the jail. Is your DNS set properly?

Yes, networking works on Jails... i can ping google from within the Transmission Jail. It looks like maybe OpenVPN is missing from the repository the jail wants to use?

 

[nojohnny101]

I'm 99% sure this is a networking problem.

Post the output of "ifconfig" from within your jail. Do you have a DNS server set in your jail? Are you using vnet with bridge?

How did you build your jail?

 

[Robert Thomspon]

I'm 99% sure this is a networking problem.

Post the output of "ifconfig" from within your jail. Do you have a DNS server set in your jail? Are you using vnet with bridge?

How did you build your jail?

I would agree... If I wasn't already able to install other packages (ive installed nano with the 'pkg install nano' command... it does not kick back with 'not found in the repositories'

I am on a job call at the moment... but will post the ifconfig output later today.
I do have DNS set in the jail, I am not using a vnet bridge.

 

[Robert Thomspon]

I'm 99% sure this is a networking problem.

Post the output of "ifconfig" from within your jail. Do you have a DNS server set in your jail? Are you using vnet with bridge?

How did you build your jail?

Code:

root@transmission:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether bc:30:5b:03:aa:47
        hwaddr 02:57:10:00:07:0b
        inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
root@transmission:/ # pkg install openvpn
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'openvpn' have been found in the repositories

 

[Robert Thomspon]

Any suggestions on what to try? (And, it looks like VLAN is automatic and required)

 

[colmconn]

from a terminal as root, can you run

Code:

iocage get -a <jailname>

and paste the results in a reply? Replace <jailname> with the name of the jail in which you cannot get openvpn to start. Also what's in the jail's /var/log/messages from openvpn when you try to start it?

 

[nojohnny101]

It looks like you have IPv6 enabled. Try disabling that.

I just helped someone else sort out networking on their jail. have a look at this thread and double check all your settings.

https://www.ixsystems.com/community/threads/plex-11-2-static-ip-setup-and-vnet.74590/

 

[Robert Thomspon]

It looks like you have IPv6 enabled. Try disabling that.

I just helped someone else sort out networking on their jail. have a look at this thread and double check all your settings.

https://www.ixsystems.com/community/threads/plex-11-2-static-IP-setup-and-vnet.74590/

Yeah, I ticked IPv6 when trying to figure out what wasn't working.
Has anyone else reported an issue like this on 11.2? I only ask, because I had 0 issues on 11.1... I set all of this up before and never had weird issues with pulling from repos.

 

[Robert Thomspon]

from a terminal as root, can you run

Code:

iocage get -a <jailname>

and paste the results in a reply? Replace <jailname> with the name of the jail in which you cannot get openvpn to start. Also what's in the jail's /var/log/messages from openvpn when you try to start it?

Code:

root@freenas:~ # iocage get -a transmission
CONFIG_VERSION:14.1
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:0
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:0
available:readonly
basejail:yes
boot:eek:n
bpf:yes
children_max:0
cloned_release:11.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:eek:ff
count:1
cpuset:eek:ff
cputime:eek:ff
datasize:eek:ff
dedup:eek:ff
defaultrouter:192.168.1.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:eek:ff
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:transmission
host_hostuuid:transmission
host_time:yes
hostid:f11a1355-3f53-11e9-80fd-bc305bb3313b
hostid_strict_check:eek:ff
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vnet0|192.168.1.4/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs:eek:ff
jail_zfs_dataset:iocage/jails/transmission/data
jail_zfs_mountpoint:none
last_started:2019-03-16 20:00:06
login_flags:-f root
mac_prefix:bc305b
maxproc:eek:ff
memorylocked:eek:ff
memoryuse:eek:ff
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:eek:ff
msgqsize:eek:ff
nmsgq:eek:ff
notes:none
nsemop:eek:ff
nshm:eek:ff
nthr:eek:ff
openfiles:eek:ff
origin:readonly
owner:root
pcpu:eek:ff
priority:99
pseudoterminals:eek:ff
quota:none
release:11.2-RELEASE-p9
reservation:none
resolver:/etc/resolv.conf
rlimits:eek:ff
securelevel:2
shmsize:eek:ff
stacksize:eek:ff
state:up
stop_timeout:30
swapuse:eek:ff
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:pluginv2
used:readonly
vmemoryuse:eek:ff
vnet:eek:n
vnet0_mac:bc305b03aa46 bc305b03aa47
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:auto
vnet_interfaces:none
wallclock:eek:ff
root@freenas:~ #

 

[Robert Thomspon]

It looks like you have IPv6 enabled. Try disabling that.

I just helped someone else sort out networking on their jail. have a look at this thread and double check all your settings.

https://www.ixsystems.com/community/threads/plex-11-2-static-IP-setup-and-vnet.74590/

Only adapter that returns anything of value is when I have the ethernet adapter set to VLAN0... at which point I get returned:
(also attached are ifconfig results with VLAN as the adapter)

Code:

root@transmission:/ # pkg install nano
Updating iocage-plugins repository catalogue...
pkg: Repository iocage-plugins load error: access repo file(/var/db/pkg/repo-iocage-plugins.sqlite) failed: No such file or directory
[transmission] Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
[transmission] Fetching packagesite.txz: 100%  242 KiB 247.6kB/s    00:01
Processing entries: 100%
iocage-plugins repository update completed. 1085 packages processed.
All repositories are up to date.
pkg: No packages available to install matching 'nano' have been found in the repositories
root@transmission:/ # pkg install openvpn
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'openvpn' have been found in the repositories
root@transmission:/ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether bc:30:5b:03:aa:47
        hwaddr 02:57:10:00:07:0b
        inet 192.168.1.4 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair

 

[colmconn]

The

Code:

allow_tun: 0

may be what may be causing your problems.

Stop the jail: iocage stop transmission
Permit tunnels: iocage set allow_tun=1 transmission
start the jail again: iocage start transmission
The try to start openvon within the jail.

Openvpn needs to be able to create tunnel interfaces to work, if it cannot, it cannot work. It may also need raw_sockets, so you may also need to set that to 1 using a similar procedure the that outlined above if the allow_tun alone does not get it working.

 

[Robert Thomspon]

The

Code:

allow_tun: 0

may be what may be causing your problems.

Stop the jail: iocage stop transmission
Permit tunnels: iocage set allow_tun=1 transmission
start the jail again: iocage start transmission
The try to start openvon within the jail.

Openvpn needs to be able to create tunnel interfaces to work, if it cannot, it cannot work. It may also need raw_sockets, so you may also need to set that to 1 using a similar procedure the that outlined above if the allow_tun alone does not get it working.

The problem exists before OpenVPN... I can not install it from the repository... I need to fix that before I could even begin to mess with whether it works correctly or not...

 

[colmconn]

It sounds like you have other issues going on. If I were in your position, I'd start with a fresh jail.

A script like the following might create a fresh transmission jail for you.

Don't go using it without reading through it and understanding what each line does. It will nuke any jail already existing named transmission. Also, it needs the IP address set appropriately for the jail (or DHCP, which I leave to you to do for yourself) and default gateway set to match your network prior to invocation.

I have not tried this as I alreday have an jail that meets my needs.

Code:

#!/bin/sh

set -x

## the ip address you want your organizr jail to have. if you want to
## use DHCP you will need to modifiy as appropriate
JAIL_IP=xxx.xxx.xxx.xxx
# the next variable is only needed if you want external port tree
# mounted into the jail. This is the root of the port tree dataset on
# the host
JAIL_PATH=/mnt/ssd/

JAIL_NAME=transmission

DEFAULT_GATEWAY_IP=192.168.1.1
RELEASE="11.2-RELEASE"

# set to 0 to not mount external datasets containing ports
mount_ports=0

stopIfNotSucceeded () {
    if [ $? != 0 ] ; then
    echo "The previous command failed to execute correctly. Exiting."
    exit 1
    fi
}

iocage stop ${JAIL_NAME}
iocage destroy -f ${JAIL_NAME}

echo '{"pkgs":["transmission-daemon", "transmission-web", "openvpn"]}' > /tmp/pkg.json
iocage create --name "${JAIL_NAME}" -p /tmp/pkg.json \
       -r ${RELEASE} \
       ip4_addr="vnet0|${JAIL_IP}/24" \
       defaultrouter="${DEFAULT_GATEWAY_IP}" \
       host_hostname="${JAIL_NAME}" \
       allow_raw_sockets="1" \
       allow_tun="1" \
       allow_raw_sockets="1" \
       vnet="on" \
       boot="on"
stopIfNotSucceeded
rm /tmp/pkg.json    

if [ $mount_ports ] ; then
    iocage exec ${JAIL_NAME} -- mkdir -p /usr/ports /var/db/portsnap
    stopIfNotSucceeded
    iocage fstab -a ${JAIL_NAME} ${JAIL_PATH}/portsnap/ports /usr/ports nullfs rw 0 0
    stopIfNotSucceeded
    iocage fstab -a ${JAIL_NAME} ${JAIL_PATH}/portsnap/db /var/db/portsnap nullfs rw 0 0
    stopIfNotSucceeded
fi

## update to the latest packages
iocage exec ${JAIL_NAME} -- "sed -i.bak \"s/quarterly/latest/\" /etc/pkg/FreeBSD.conf"; stopIfNotSucceeded
iocage exec ${JAIL_NAME} -- "pkg update"; stopIfNotSucceeded
iocage exec ${JAIL_NAME} -- "pkg upgrade -y"; stopIfNotSucceeded

iocage restart ${JAIL_NAME}

 

[Nvious1]

I think the problem is that you are using the transmission plugin-in and they have the pkg binary set to look at IX Systems repos and not the standard freebsd one. So either you might need to update the pkg repos to use the standard freebsd ones or just roll your own jail.

I use:
echo '{"pkgs":["bash","unzip","unrar","transmission","openvpn","ca_root_nss","nano"]}' > /tmp/pkg.json iocage create -n "transmission" -p /tmp/pkg.json -r 11.2-RELEASE vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" allow_tun="1"

 

[Robert Thomspon]

I think the problem is that you are using the transmission plugin-in and they have the pkg binary set to look at IX Systems repos and not the standard freebsd one. So either you might need to update the pkg repos to use the standard freebsd ones or just roll your own jail.

I use:
echo '{"pkgs":["bash","unzip","unrar","transmission","openvpn","ca_root_nss","nano"]}' > /tmp/pkg.json iocage create -n "transmission" -p /tmp/pkg.json -r 11.2-RELEASE vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" allow_tun="1"

Thanks a billion... While this didn't fix my jail or give me the reason what's broken in mine... it does indeed create a jail that connects to the repository correctly… so, ultimately, this is a perfect workaround!

It also seems to install transmission significantly faster than FreeNAS' jail installer.

 

[Nvious1]

For others reference, I think all that needs to be done to remove the following config file temporarily so you can pull packages from the freebsd repo, however I would generally recommend that if you need this you should probably just make your own jail as future updates to the plugin might not work properly.

/usr/local/etc/pkg/repos/FreeBSD.conf

The above config is set to disable the default repo for FreeBSD and only use the IX-plugin one. If you temp move this file out of this directory, it should enable the default repo in addition to the existing one.