I'm new to both TrueNAS and OpenVPN, so if any wrong conclusion are drawn in this post it's probably due to a lack of experience with either.
On my NAS server I run a bunch of services, all occupying a local IP in the subnet 192.168.178.x. These all work fine and can be accessed while connected to the same router. My goal was to make these services available remotely (outside the local network) by introducing OpenVPN tunneling, while allowing for routes on the subnet where the services live.
Initially I followed the official Truenas documentation on OpenVPN, but it's rather sparse and did not yield the result I had hoped for. I could connect to the OpenVPN server, but was unable to reach the services in the same network (note that I hadn't even set the additional parameters at this point for I was unaware of them) outside the TrueNAS server itself. At this point I just looked around for tutorials considering I knew this probably wasn't a very esoteric requirement. I read 3 blogs and watched one youtube tutorial over 3 days with no success until I stumbled upon this video: https://www.youtube.com/watch?v=YEkfW4aC9Rk&lc=UgzJ_LeLK2k7tPFyNBV4AaABAg
This was the first one that actually got me to be able to connect to the VPN server remotely, while also allowing the connected clients to access the subnet I made available to them (192.168.178.x). However, it also broke all internet connection in all my jails. After going back step by step I found out the issue that caused the internet connection to break in the jails was the introduction of the Tunables related to natd. The Tunables in the tutorial are as follows (all rc.conf changes):
Needless to say the problem is thus related to NAT in some way; when I traceroute to the TrueNAS server's IP I get this (this is from within the local network, but DDNS has already proven itself to work):
I think I'm in over my head here but I'm a little lost on how where exactly NAT comes into play here. More so am I about the fact that natd seems to break the connection in my jails, but does allow me to connect to the individual services. If anyone could clarify what is happening here I'd at least have a good chance at tackling the issue, but right now I'm just lost.
On my NAS server I run a bunch of services, all occupying a local IP in the subnet 192.168.178.x. These all work fine and can be accessed while connected to the same router. My goal was to make these services available remotely (outside the local network) by introducing OpenVPN tunneling, while allowing for routes on the subnet where the services live.
Initially I followed the official Truenas documentation on OpenVPN, but it's rather sparse and did not yield the result I had hoped for. I could connect to the OpenVPN server, but was unable to reach the services in the same network (note that I hadn't even set the additional parameters at this point for I was unaware of them) outside the TrueNAS server itself. At this point I just looked around for tutorials considering I knew this probably wasn't a very esoteric requirement. I read 3 blogs and watched one youtube tutorial over 3 days with no success until I stumbled upon this video: https://www.youtube.com/watch?v=YEkfW4aC9Rk&lc=UgzJ_LeLK2k7tPFyNBV4AaABAg
This was the first one that actually got me to be able to connect to the VPN server remotely, while also allowing the connected clients to access the subnet I made available to them (192.168.178.x). However, it also broke all internet connection in all my jails. After going back step by step I found out the issue that caused the internet connection to break in the jails was the introduction of the Tunables related to natd. The Tunables in the tutorial are as follows (all rc.conf changes):
Removing them would restore internet connection to my jails, but once again cause remote clients to fail to connect to the individual services.firewall_enable="YES"
firewall_type="open"
natd_enable="YES"
natd_flags="-m -dynamic"
natd_interface="re0" (name of the default interface)
gateway_enable="YES"
Needless to say the problem is thus related to NAT in some way; when I traceroute to the TrueNAS server's IP I get this (this is from within the local network, but DDNS has already proven itself to work):
The OpenVPN server lives on 192.168.179.0; explaining the hop to 192.168.179.1, which is presumably assigned to the client. In the second traceroute I attempt to reach a service, but it times out as you can see.[pieps@piepsmobile ~]$ traceroute 192.168.178.180
traceroute to 192.168.178.180 (192.168.178.180), 30 hops max, 60 byte packets
1 _gateway (192.168.178.1) 3.725 ms * *
2 192.168.178.180 (192.168.178.180) 21.645 ms 23.328 ms 23.297 ms
[pieps@piepsmobile ~]$ traceroute 192.168.178.60
traceroute to 192.168.178.60 (192.168.178.60), 30 hops max, 60 byte packets
1 192.168.179.1 (192.168.179.1) 5.601 ms 5.557 ms 6.353 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
I think I'm in over my head here but I'm a little lost on how where exactly NAT comes into play here. More so am I about the fact that natd seems to break the connection in my jails, but does allow me to connect to the individual services. If anyone could clarify what is happening here I'd at least have a good chance at tackling the issue, but right now I'm just lost.