SOLVED Openvpn Gateway in Jail?

[jerkbag]

Hi,

I was wondering if anyone could point me to a guide to having a freeness jail act as a gateway for clients to route traffic through a openvpn connection on the jail?

I have openvpn running properly and connecting on the jail itself. I have also set GATEWAY_ENABLE=YES. If the vpn is off, clients can successfully reach the internet using the jail's IP as a gateway. But when I turn the vpn on in the jail it stops working. The relevant openvpn.conf lines are below

Code:

client
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
redirect-gateway
remote-cert-tls server
comp-lzo
verb 1
reneg-sec 0
keepalive 30 120

I don't have the firewall enabled. All the guides I found pertain to running a vpn *server* in a jail for connecting in -- I can't find info for the final step here to just forward traffic out. Any help appreciated thanks!

 

[Yatti420]

I know it has been done I just don't have links.. Try searching should pop up..

 

[jerkbag]

Thanks. Yeah I must be missing something cause I can't find it in search -- everything pertains to running a vpn server. Will keep trying.

 

[jerkbag]

Some progress. I can successfully use the jail as a gateway by adding the following rules and enabling ipfw

(I will setup to auto get the tun name but for now):

ipfw -q -f flush
ipfw -q nat 1 config if tun4
ipfw -q add nat 1 all from any to any xmit tun4
ipfw -q add nat 1 all from any to any recv tun4

If I do this, setting the address of the jail as the gateway on any device on my network is properly passing traffic through the vpn (client) connection running on the jail. BUT: I cannot get DNS requests to work. So I can traceroute through the vpn to 8.8.8.8, or any other known IP, but using a domain name doesn't work.

Does anyone know what I need to add to ipfw rules to allow dns requests to be NATed through the jail as well?

(BTW I am doing this to setup a simple gateway for geospoofing on devices that can't have the router specified (roku stick). I'll use dnsmasq on tomato router to point certain devices to the gateway which will be the jail running a vpn connection to a foreign server. I have this setup and working now with a raspberry pi running at the gateway but I'd rather use it for something else and move the gateway to the freenas jail)

 

[Ludovic Lamarre]

Maybe this option in client.ovpn would do the trick?
dhcp-option DNS 10.11.12.13


Envoyé de mon Nexus 6 en utilisant Tapatalk

 

[jerkbag]

Hi -- managed to solve this for anyone who stumbles upon this thread. Turned it I was making it too complicated, and by simply having a single rule of

ipfw -q add nat 1 all from any to any via any

to IPFW did the trick, and allows the jail to act as a gateway to a VPN provider for any computer on my system.

 

[Patrol02]

@jerkbag I am trying to have the same done (OpenVPN in a jail as a gateway), can you post a small tutorial or a more detailed info about how you managed to configure it?
I am having troubles of even configuring an "empty" jail to act as a gateway for my clients, how did you do it?