Possible to connect to Freenas server with a VPN?

[Epicness35]

Hi, I have recently wanted to setup my FreeNAS server to be accessible to the internet, and after I learned that it is very hard to keep it secure, I decided not to go that way. So, I saw a lot of posts saying to connect using a VPN. How would I do this, and is it possible to use a VPN and connect to my FreeNAS server at home to access files from anywhere?

 

[pirateghost]

You need a VPN server on your network somewhere (a lot of consumer 'routers' have this built in). Your client (laptop/tablet/phone) accesses the VPN and securely places that device "on your network" to use all your LAN resources...

As for your second question:
That's the reason people suggest VPN to access your server....

 

[Epicness35]

So, how would I do this?

 

[Mirfster]

So, how would I do this?

1. Check your router, it may already have built-in support for VPN
   • If it is only PPTP (Point to Point Tunneling Protocol); then I would suggest thinking of a better method
2. If your Router doesn't support VPN, might want to check out PFSense or even a dedicated device that can be used for this
   • I prefer a separate dedicated device instead of say a VM that has PFSense installed; but others have successfully used this method
3. Another possibility is to check and see if your router is on the DD-WRT compatible list and maybe even flash it to use that; then use OpenVPN

 

[Epicness35]

So would I install OpenVpn on my router or my FreeNAS server?

 

[pirateghost]

So would I install OpenVpn on my router or my FreeNAS server?

Does your router allow you to install things?

It doesn't matter where in your network the openvpn server is. There just needs to be an openvpn server somewhere on your network.

Let that sink in for a moment.

This isn't a difficult concept, but you need to think about it for a moment.

If your router doesn't support VPN, then you would need to install it on something that is running 24/7, like your FreeNAS server.

 

[Mirfster]

So would I install OpenVpn on my router or my FreeNAS server?

For your router, only if it is capable of doing so. Would want to check the documentation and/or forums on that. For FreeNas, you may consider installing PFSense in a Jail/VM and then use that with OpenVPN.

Before jumping head first into this, I would suggest to take a little time to do some research to see what works best for you and is within your scope of capabilities.

Post your router make/model and that may help in suggestions.

 

[Epicness35]

I have a TP Link Archer C7

 

[Mirfster]

I have a TP Link Archer C7

Take a look at this: http://www.tp-link.com/resources/document/VPN_Config_Guide.pdf

 

[Epicness35]

So should I use an IPSec VPN, as I have heard that this is one of the most famous and most widely used type? If yes, which one in the Config guide should I use> OR should I use something different entirely>

 

[Epicness35]

Or should I use PPTP?

 

[Mirfster]

Your choice, only you can really decide what is best for you. While PPTP is easier, it is not as safe and not very dependable (likes to drop connections a lot).

 

[Robert Smith]

So would I install OpenVpn on my router or my FreeNAS server?

Your router seems to be on the OpenWrt compatibility list (though check the revision).

As such, indeed, you can install OpenWrt, and then install OpenVPN---on the router. This is a somewhat involved process that requires a bit of planning; not a couple of clicks type of thing.

 

[Epicness35]

Does installing OpenWrt affect the actual internet portion, so that the people in my house cannot use regular internet? And, after I install OpenWrt and OpenVPN, then I can connect to OpenVPN, making the computer that I am connecting from make it look like I am on the local network?

 

[Epicness35]

Also, should I get like a second cheap router, like an On Networks 150R? Would it affect anything?

 

[adrianwi]

This thread has everything you need to get OpenVPN running in a FreeNAS jail > https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/

Probably not the easiest one to follow as the openssl steps changed at some point from the original guide, but if you read through the threads all the information is there to get it up and running.

 

[pirateghost]

Does installing OpenWrt affect the actual internet portion, so that the people in my house cannot use regular internet? And, after I install OpenWrt and OpenVPN, then I can connect to OpenVPN, making the computer that I am connecting from make it look like I am on the local network?

Open wrt is merely a firmware for your router. It doesn't make normal usage stop. Your other users will have no problems getting to the internet the same as they are today.

Once you have VPN running as a server (like on your router), yes that's precisely what VPN does. It makes your client machine "on the same network" from remote locations...that's basically the entire point of VPN.

 

[zoomzoom]

This thread has everything you need to get OpenVPN running in a FreeNAS jail > https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/

Probably not the easiest one to follow as the openssl steps changed at some point from the original guide, but if you read through the threads all the information is there to get it up and running.

I have a prebuilt OpenSSL.cnf on my GitHub, which also has all commands needed included at the bottom of the file. I built that config specifically to be a secure config to create CAs, ICAs, and certs from.

The end user needs to customize:

• alt_name sections to the devices one is issuing certs for
  • Needs to ensure they utilize the vpn server alt_name for the vpn server
    • not doing so will result in an insecure SSL VPN connection
    • [ alt_vpn_server ]
      IP.1 = 10.0.0.1
      DNS.1 = your.ddns.com
    • [ v3_vpn_server ]
      basicConstraints = critical, CA:FALSE
      subjectKeyIdentifier = hash
      authorityKeyIdentifier = keyid:always, issuer:always
      keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
      extendedKeyUsage = critical, serverAuth
      subjectAltName = @alt_vpn_server
  • Needs to ensure they utilize the vpn client alt_name for vpn clients
    • not doing so will result in an insecure SSL VPN connection
    • I recommend creating separate alt_names for each VPN client, i.e. alt_vpn_client_specificname
      • [ alt_vpn_client_PC1 ]
        email.1 = user@email.com
        DNS.1 = VPNserver-Client1-Device-Hostname1
        DNS.2 = VPNserver-Client1-Device-Hostname2
      • [ v3_vpn_client_PC1 ]
        basicConstraints = critical, CA:FALSE
        subjectKeyIdentifier = hash
        authorityKeyIdentifier = keyid:always, issuer:always
        keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
        extendedKeyUsage = critical, clientAuth
        subjectAltName = @alt_vpn_client_PC1
• Nothing with v3 in front of it should be edited
  • The ONLY exception to this is subjectAltName = @alt_vpn_server needs to match the alt_name you're using under the alt_names section