I've been attempting to get a OpenVPN server configured on my TrueNAS server, and following the directions from here, it's up and running and properly routing traffic to both my internal network and the external Internet.
However, my Windows VM (running in the standard TrueNAS VM manner) loses its connection to the network (thank goodness for noVNC) once the following tunables are enabled:
(note: natd_interface edited from tutorial to match system's main interface)
TrueNAS version: TrueNAS-12.0-U6.1
Windows VM version: 21H1 19043.1165
Windows VM typically gets IP 192.168.1.239/24; currently has IP 169.254.57.193/16. OpenVPN is configured to use the 192.168.2.0/24 subnet.
I suspect that my tunable natd configurations are overwriting some hidden natd configurations necessary for the VM to pass traffic, but I don't know enough of the inner workings to even know where to begin investigating this.
I'm not the only person I've encountered with this issue it seems (including in the comments of the linked video above), and it seems like a non-trivial use-case combination (using the same server to have an OpenVPN host and a VM host), so finding a resolution to this could be beneficial for the larger community, too.
So, my questions are two-fold:
Other potentially useful info:
However, my Windows VM (running in the standard TrueNAS VM manner) loses its connection to the network (thank goodness for noVNC) once the following tunables are enabled:
Code:
natd_enable [yes] natd_interface [igb0] natd_flags [-dynamic -m]
(note: natd_interface edited from tutorial to match system's main interface)
TrueNAS version: TrueNAS-12.0-U6.1
Windows VM version: 21H1 19043.1165
Windows VM typically gets IP 192.168.1.239/24; currently has IP 169.254.57.193/16. OpenVPN is configured to use the 192.168.2.0/24 subnet.
I suspect that my tunable natd configurations are overwriting some hidden natd configurations necessary for the VM to pass traffic, but I don't know enough of the inner workings to even know where to begin investigating this.
I'm not the only person I've encountered with this issue it seems (including in the comments of the linked video above), and it seems like a non-trivial use-case combination (using the same server to have an OpenVPN host and a VM host), so finding a resolution to this could be beneficial for the larger community, too.
So, my questions are two-fold:
- Is there a way to fix this, either through routing settings or natd flags or something else entirely?
- If my suspicion above is correct, is there a way to find these configurations so they can manually added back?
Other potentially useful info:
Code:
root@(server):~ # ipfw list 00050 divert 8668 ip4 from any to any via igb0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any icmp6types 1 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 65000 allow ip from any to any 65535 allow ip from any to any
Code:
root@(server):~ # ifconfig
em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER>
ether 00:25:90:b5:62:93
media: Ethernet autoselect
status: no carrier
nd6 options=1<PERFORMNUD>
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: GigNIC
options=a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
ether 00:25:90:b5:62:92
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
groups: pflog
mlxen0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
description: 10GigNIC
options=ed07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether e4:1d:2d:dc:43:e0
inet 192.168.7.2 netmask 0xffffff00 broadcast 192.168.7.255
media: Ethernet autoselect (10Gbase-CX4 <full-duplex,rxpause,txpause>)
status: active
nd6 options=9<PERFORMNUD,IFDISABLED>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 192.168.2.1 --> 192.168.2.2 netmask 0xffffff00
groups: tun
nd6 options=1<PERFORMNUD>
Opened by PID 1646
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:06:1d:02:71:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 8 priority 128 path cost 2000
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 20000
groups: bridge
nd6 options=1<PERFORMNUD>
vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: Plex as nic: epair0b
options=8<VLAN_MTU>
ether 02:25:90:31:41:ea
hwaddr 02:77:b8:03:a5:0a
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=1<PERFORMNUD>
vnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether fe:a0:98:65:44:79
hwaddr 58:9c:fc:10:e8:47
groups: tap
media: Ethernet autoselect
status: active
nd6 options=1<PERFORMNUD>
Opened by PID 2145Code:
root@(server):~ # netstat -r Routing tables Internet: Destination Gateway Flags Netif Expire default RackGateway UGS igb0 localhost link#3 UH lo0 192.168.1.0/24 link#2 U igb0 192.168.1.2 link#2 UHS lo0 192.168.2.0/24 192.168.1.2 UGS igb0 192.168.2.1 link#6 UHS lo0 192.168.2.2 link#6 UH tun0 192.168.7.0/24 link#5 U mlxen0 192.168.7.2 link#5 UHS lo0 Internet6: Destination Gateway Flags Netif Expire ::/96 localhost UGRS lo0 localhost link#3 UH lo0 ::ffff:0.0.0.0/96 localhost UGRS lo0 fe80::/10 localhost UGRS lo0 fe80::%lo0/64 link#3 U lo0 fe80::1%lo0 link#3 UHS lo0 ff02::/16 localhost UGRS lo0
