SOLVED OpenVPN in an iocage on FreeNAS 11.2-RELEASE

Status
Not open for further replies.

RootBeer

Cadet
Joined
Mar 27, 2018
Messages
5
At last I got OpenVPN working in an iocage. Though the installation of openvpn itself with $ pkg install openvpn is straightforward, and the configuration is amply described here in the forum, the stumbling block for the iocage is always to get the tun/tap device tun0 working properly. Many people including myself tried the command -$ devfs rule -s 4 add path 'tun*' unhide. But it just does not work!!
Thanks to Brandon Schneider and Dan Jacques (see https://ftp.freenas.org/issues/40872#note-44) I finally got it OpenVPN working. This is how to do it:
1. Remove the pri-init "devfs rule....." in the old GUI of FreeNAS in case you have it there. Reboot your NAS. This to make sure that any remnants of "devfs...." are removed.
2. In the new GUI, create a new jail for OpenVPN. Make sure to include in the options VNET0, devfs_ruleset 4, and enable mount.devfs and mount.fdescfs. Check also allow.set_hostname, allow.mount and allow.mount.devfs. Click SAVE.
3. And here is the big trick (thanks again Brandon and Dan): In a jail shell, get out of the OpenVPN jail, stop it, and give the command iocage set allow_tun=1 <name of your openvpn jail>. Restart the jail.
4. Enjoy your OpenVPN in the iocage jail.
 

jd16

Cadet
Joined
Dec 16, 2018
Messages
1
Edit: Nevermind, a restart fixed the issue.
 
Last edited:

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
At last I got OpenVPN working in an iocage. Though the installation of openvpn itself with $ pkg install openvpn is straightforward, and the configuration is amply described here in the forum, the stumbling block for the iocage is always to get the tun/tap device tun0 working properly. Many people including myself tried the command -$ devfs rule -s 4 add path 'tun*' unhide. But it just does not work!!
Thanks to Brandon Schneider and Dan Jacques (see https://ftp.freenas.org/issues/40872#note-44) I finally got it OpenVPN working. This is how to do it:
1. Remove the pri-init "devfs rule....." in the old GUI of FreeNAS in case you have it there. Reboot your NAS. This to make sure that any remnants of "devfs...." are removed.
2. In the new GUI, create a new jail for OpenVPN. Make sure to include in the options VNET0, devfs_ruleset 4, and enable mount.devfs and mount.fdescfs. Check also allow.set_hostname, allow.mount and allow.mount.devfs. Click SAVE.
3. And here is the big trick (thanks again Brandon and Dan): In a jail shell, get out of the OpenVPN jail, stop it, and give the command iocage set allow_tun=1 <name of your openvpn jail>. Restart the jail.
4. Enjoy your OpenVPN in the iocage jail.

My openvpn works fine in an iocage jail with 11.2 after removing the pre-init in the GUI and rebooting. Then add allow_tun=1 to the iocage create command with vnet0 without the other options you mentioned.
 

Nvious1

Explorer
Joined
Jul 12, 2018
Messages
67
Thanks so much for this post. I have spent the last couple hours trying to build an iocage jail with a functional openvpn client. I also agree the allow_tun="1" was the only extra parameter I needed to build the jail.

Example shell build line
Code:
iocage create -n "myJailName" -r 11.2-RELEASE vnet="on" bpf="yes" dhcp="on" allow_raw_sockets="1" boot="on" allow_tun="1"


I tried to look for this value in the GUI - Advanced build params but its not there so the only way to set this property is at create using shell or using the iocage set command like you mentioned. Thanks for the help!
 
Status
Not open for further replies.
Top