Port forwarding from vpn jail to router

[shant]

Hello everyone, I am running Freenas 9.3.
The problem im facing is that the ISP's in my country do not provide real externally accessible ip's...its a long story on why they do that, lets just stick with that i cannot access my router through the internet unless i use a VPN service.
Now the router i have does not support running vpn in its firmware (tp link-archer C9) and due to some reasons i do not wish to replace with a vpn supported firmware as well.
what i have done is i have installed openvpn in a Jail with an ip of "192.168.0.102", successfully connected to a vpn server with certs and am able to ping to my freenas vpn ip "10.3.0.3" from my phone (10.3.0.2) connected to the same server.
However i cannot access my other devices in my house (including SSH and Transmission in freenas), what im thinking is an easy solution by telling freenas to port forward port xxxx received on the vpn to my router, and from there port forward on my router the received port from Freenas to X device with 192.168.0.XXX ip, now port forwarding on the router is easy, but i have no clue how to do it on Freenas, i would appreciate if anyone could guide me.

 

[dlavigne]

Were you able to figure this out?

 

[shant]

Were you able to figure this out?

I wasn't.

 

[eldo]

in the short term, would an ssh connection and creating a SOCKS proxy not be suitable for your needs of encrypted external communications?

Also -- and I know it's not what you're specifically asking about -- have you tried running an ovpn server in a VM instead of a jail? I understand running ovpn in a jail can be complex and tedious to set up, but I imagine a complete vm wouldn't have the complexities that routing through a jail would.

 

[shant]

in a vm? wouldn't that still be limited to a jail ?
i would rather tell freenas to port forward the specified ports to my router, and tell my router to port forward from there back to the specified jails, this should skip all jail limitations as to what i can understand, from what i got so far is that i need to tell ipfw to do this for me, but i don't how to do it.

 

[eldo]

So a jail is sort of like a vm on that it separates priveledge from the host system (freenas). But a jail does not virtualize the entire OS and hardware. A vm, for many purposes, is seen as exactly like a different physical computer on the network. In this use case, there isn't any traffic routing dealing with jails, etc to worry about because it would be completely handled by the vm. As I understand it in your current setup freenas manages all the jail traffic and routes packets.

I'm not very versed in ovpn. But what you're wanting to do sounds like a lot of extra routing to accomplish internal communications, though I may be mistaken and it's a typical setup.

On a quick search, I found this and it seems to accomplish your end goal of having a working ovpn inside of a jail. Have you tried something like this?
https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/

Sent from my SM-G920T using Tapatalk

 

[shant]

Thank you for your time,
i did see this guide earlier, the problem with it is that it requires editing on the vpn server side, the server im connecting to is running on ubuntu 14, the instructions would probably apply with some edits , but again my lack of knowledge does not help me.

 

[eldo]

Oh, ok. I think I completely misunderstood your setup.

So you have an external VPN that you're going to connect to from your LAN, and I assume route traffic through your jail into the VPN and then out the other side?
Is that more the setup you're trying to configure?

My assumption was you're setting up a VPN so you can remote into your LAN from outside.

Sent from my SM-G930T using Tapatalk

 

[shant]

yes, ill try to clarify as much as i can.
im connecting to a friend vpn server installed on ubuntu 14
so i have openvpn installed as client on my freenas 9.3 inside a jail, i have successfully connected to the server with certificates, and i have openvpn installed on my phone as well (10.3.0.3) and i can ping to my freenas openvpn jail and i do get a reply ( 10.3.0.2), however i cannot connect to ssh on my freenas nor my torrent transmission jail because the jail is not routing.
the reason i am using vpn is because i don't have an externally accessible public ip and i can only reach my house through a vpn.
since a jail doesn't let me access other jails, my idea was that i tell freenas to port forward ssh port and torrent port received on the vpn jail to the router, and then tell my router to forward those received ports back into my freenas to ssh and transmission,this way i would be skipping jail limitation since my router has access to all of the jails on the freenas, i don't know if this is possible though.
Or if there are other solutions within freenas itself to allow jails access each other and access ssh, id even love to be able to access the web ui through the vpn if possible as well.
im using juicessh on my phone as well as transdrone app for torrent, i am entering the vpn ip in juicessh and transdrone (10.3.0.2)

Thank you.

 

[eldo]

Bear with me, I want to make sure your setup is very clear for anyone to understand what's going on.
Alright, so you have your VPN server at a location with a public IP address. Your jail (3.0.2) connects to the VPN, and when you connect to the VPN with your mobile over cellular data (3.0.3) you can see the jail from your mobile.


What it sounds like to me is that you're essentially attempting to create a bridge between your LAN and the VPN endpoint (I'm guessing 3.0.1?) so you'll have access to your LAN from outside home, but not hosting the VPN server in your LAN. I think that was one of the things throwing me off as I generally think of a remote host accessing the resources of the server's environment, not a different remote hosts.

Does this sound about the gist of your situation?

EDIT:
This doesn't seem to be too far from what I think your endgoal seem to be, with your jail as the ovpn client on th left side of the diagram.
https://docs.openvpn.net/how-to-tut...e-layer-3-routin-using-openvpn-access-server/

 

[shant]

again, thank you for your patience.
yes, the 10.3.0.1 is the vpn server with a public ip in germany, 10.3.0.0 is the subnet, 10.3.0.2 is my jail and 10.3.0.3 is my phone, that is correct, im trying to use vpn so that there is a bridge between my phone and freenas.
now the bridge is already there since i can already ping the ovpn jail successfully, what i can't do is access anything outside of the ovpn client jail (such as the other jails on freenas and ssh etc...) so my vpn connection is kind of stuck in the jail im guessing.