OpenVPN on FreeNAS or individual Jails?

[6strings]

Trying to figure out why some people prefer to only run OpenVPN on individual Jails, particularly the Transmission Jail. I understand that obviously this will help anonymize your transmission traffic but why not just run all traffic through the VPN? Is it possible to do that or does that require setting up a dd-wrt router with open vpn and connecting the FreeNAS to that?

Also, wouldnt you want to anonymize things like couchpotato and sickbeard and other plugins that will be downloading the actual torrent files themselves?

Right now I am trying to set up my freenas as a media server and anonymous torrenting machine. I have separate jails setup for all plugins, transmission, sick beard, couchpotato, etc.

I was trying to set up OpenVPN with the following articles/tutorials (I am using PIA as my vpn service):

1) (this is for setting up for within the transmission jail only)
http://forums.freenas.org/index.php...-a-jail-so-it-only-connects-to-the-vpn.18669/

2) (Is this for running ALL traffic on FreeNAS through VPN????)
http://joepaetzel.com/2013/09/22/openvpn-on-freenas-9-1/

I am fairly new to networking and very new at FreeNAS/linux/FreeBSD

Thanks Guys!

 

[Whattteva]

Depends on what you are trying to do.
Running it through a dd-wrt router will be the easier option for sure though.

The reason why some people set up only certain things to go through VPN is mostly due to latency.
For example, if you play any kind of FPS games, you don't really want your traffic to go through an additional layer of VPN because it adds unnecessary latency, which could mean the difference between you killing the enemy or the enemy killing you instead.

Another factor is throughput. Some people have more bandwidth than their VPN service can provide and if you route everything through there, you will be bottlenecked by the VPN's max bandwidth.

 

[6strings]

Makes sense. I was thinking more along the lines of running a dd-wrt router as a client bridge (dedicated just for the FreeNAS and its traffic) connected to my regular home router and running OpenVPN on the dedicated dd-wrt router only? This way other devices will be connected to my regular router (non-vpn) thus not being affected by a bottle neck.

Right now, I'd rather go with the most simplest and easiest to set up option while still serving my purposes (which is to anonymize torrenting). In order to achieve this, should I...

Option 1) run openvpn on the transmission jail only?
Option 2) run openvpn on the individual jails of transmission, sickbeard, and couchpotato. Since those other plugins also download torrent files.
Option 3) run openvpn on the whole freenas? If I was to do this, is there a way to install it on the freenas OS itself so ALL traffic (including individual plugins/jails) or would I have to install openvpn on an external device like a dd-wrt router?
Option 4) Is there a way to install all torrent-related plugins (sickbeard, couchpotato, transmission) on one single jail and running OpenVPN on that one jail.

Just not sure which tutorial/article (as mentioned above) I should follow for what I want.

Thanks!

 

[Whattteva]

The easiest way is usually having a dd-wrt router like you mentioned in the beginning. The router will automatically setup some things to make it much easier for you (like routing setup).

Option 4 is possible, but you'd have to setup a manual jail with VIMAGE and a bunch of other network things yourself.
Plugins will also have to be installed and setup manually by you as well. Basically nothing automatic.

 

[6strings]

Ok so I realized I don't want to deal with installing openvpn on my transmission Jail. Instead i'd like to install openvpn on an external hardware device. Essentially, I want my freenas wired to my router and want it behind a vpn. However, I don't want all my traffic (laptops and other desktop computers) to run through the vpn. I was thinking of connecting my freenas to a network switch or something that has openvpn functionality installed and then connect that switch to my main router. This way only the freenas is behind the vpn.

Not sure if this is the best way of going about it or if there are better recommended options.

• Option 1 (network switch) If its possible, what network switch would work that can have openvpn installed? In this case I'd have the freenas plugged into the switch and the switch plugged into the back of the router. Only devices plugged into the switch (i.e., the freenas) would go through VPN.
• Option 2 (straight to main router with certain ports going through vpn) If option 1 cant work, is there a way to wire the freenas directly to my router but only have that port/interface route traffic through vpn thus having all other ports/interfaces and wireless devices go through regular traffic? Or is there a way to configure in settings and say only IP address xxx.xxx.x.x (freenas ip) goes through vpn?
• Option 3 (dd-wrt with openvpn) I think the other option that some people do is to utilize a dd-wrt router. Are there guides for what I want to do in particular? Where I want essentially two routers. One main router routing all desktops and laptops through regular internet and then having the FreeNAS wired into a second router (dd-wrt with openvpn installed) plugged into my main router acting as a switch(?? correct term?). not sure what the dd-wrt router would be called in this case (client, bridge, switch???)

Just not sure which set up would work best and what will work and what wont. In all these case everything is wired. I want the freenas to be wired to the internet but want to isolate it so that only the freenas goes through the vpn. I have openvpn clients installed on individual computers so I can run vpn on those desktops to my liking and when i choose. But I want the freenas to always be behind the vpn.


Thanks guys!

 

[Whattteva]

• Option 1: I'm not too familiar with other switches, but basically any router has a built-in 4-port switch these days and if it's DD-WRT/Tomato compatible, you can have OpenVPN on it (provided it has a big enough flash RAM for OpenVPN).
  
• Option 2: You can make it so that only certain sub-networks you have specified to go through the VPN by careful routing, but I don't think it's possible to just specify ports.
• Option 3: You could have FreeNAS connected to the VPN device separately (this is probably the easiest way). I've never done it with switch or bridge mode, but I've done this by just keeping the device in router mode. There should be plenty of tutorials on how to set up a DD-WRT router with OpenVPN with a simple Google search.

 

[6strings]

• Thanks for the response. You said you have your green as connect to a VPN device separately. I'm assuming you mean that you have a main router and then you have a second router running ddwrt with openvpn and only the freenas is connected to that router. If that's the case how is that second router connected to the internet? Do you wire it to your main router?

That is what I essentially want to accomplish if possible. Freenas connected to ddwrt/openvpn router then that router is connected to main router which is connected to my modem.

Thabks

 

[pirateghost]

If you are using ddwrt you can split the ports into VLANs. You don't need 2 routers for that

 

[Whattteva]

^What he said. You can essentially isolate your FreeNAS in its own LAN separate from the rest of your network.
I've never tried this, but I'm pretty sure you could find tutorial for making VLAN's with DD-WRT on Google also.