SOLVED Setting up OpenVPN in jail (FreeNAS 9.3 + OpenVPN 2.3.10)

[jamarino94]

Hello, NAS'ers!

I recently put together my first FreeNAS machine, and I'm having fun learning the ropes :)

However, I'm at a bit of an impasse.

I'm trying to setup a jail with OpenVPN. I like being able to log on my home network and manage/access things when I'm out. Anyway, I have found a couple of guides on how to do exactly this, but it seems they are all either outdated, or I'm doing something wrong.

System details:
FreeNAS version 9.3 STABLE
OpenVPN version 2.3.10

Guides:
1) https://thealarmclocksixam.wordpress.com/2014/09/21/how-to-setup-a-vpn-server-in-a-freenas-jail/
2) https://www.kirkg.us/posts/building-an-openvpn-server-inside-a-freenas-jail/
3) https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/

These are listed in the order I found them, and incidentally also in order of ease (atleast to me).

Progress:
I have:
- Created a fresh jail (called it OpenVPN)
- SSH'd into my FreeNAS machine and "logged into the jail" (is there a better wording for this?) so my terminal now says: root@OpenVPN:/ #
- Installed OpenVPN with pkg install openvpn
- Created a folder called "openvpn" and copied the easy-rsa folder (and contents) to openvpn folder.
- Edited vars in openvpn/easy-rsa (using edit)

So far so good... But next step fails for me:
At this point all the guides say to start generating some keys doing something like:

Code:

# sh
# . vars
# ./clean-all
# ./build-ca
# ./build-key-server <server-name>
# ./build-dh
# openvpn --genkey --secret keys/ta.key

(Snippet from first guide.)

But, second line gives me an error message saying that "sourcing" is no longer needed and thus forbidden (I'm not familiar with this terminology nor concept). Additionally, neither of the other commands "are found" (clean-all, build-ca etc.).

I've read the file comments as suggested, but I didn't gather much from it.

Have there been some major changes that render these guides useless, or have I missed something completely? :S

Any help much appreciated!

 

[dlavigne]

AFAIK, once you copy your keys to /usr/local/etc/openvpn, you should just have to start the service with service openvpn onestart. If that command fails, post the associated error message.

 

[jamarino94]

AFAIK, once you copy your keys to /usr/local/etc/openvpn, you should just have to start the service with service openvpn onestart. If that command fails, post the associated error message.

I'm not sure what keys you are referring to, I don't think I have any at this point :(

 

[dlavigne]

Created a folder called "openvpn" and copied the easy-rsa folder (and contents) to openvpn folder.

What exactly did you copy over? Wasn't it your keys? If so, make sure they are in the /usr/local/etc/openvpn folder.

 

[jamarino94]

What exactly did you copy over? Wasn't it your keys? If so, make sure they are in the /usr/local/etc/openvpn folder.

As I understand I have only copied the *tools* for generating keys, namely easy-rsa. I have yet to generate anything, since this is the step causing me trouble. Sorry if that wasn't clear from the original post.

I don't have access to jail at the moment, I will come back later and clarify what I *do* have.

 

[jamarino94]

Following screenshot shows the contents of the easy-rsa folder, both original and copy in openvpn folder.

From the steps in the guides I would expect there to be some scripts (clean-all, build-ca ?), but it seems not.

Any ideas?

 

[dlavigne]

- Created a folder called "openvpn" and copied the easy-rsa folder (and contents) to openvpn folder.

Where did that easy-rsa folder come from? If you pkg install easy-rsa it should install a bunch of scripts.

 

[jamarino94]

I'm pretty sure it was installed automatically during openvpn install. (Either that, or it is there by default, which I doubt)

Edit: It is installed automatically with pkg install openvpn

 

[dlavigne]

Not according to its plist: https://svnweb.freebsd.org/ports/head/security/openvpn/pkg-plist?revision=385432&view=markup. If you want the easy-rsa scripts, you'll need to pkg install easy-rsa.

 

[jamarino94]

Not according to its plist: https://svnweb.freebsd.org/ports/head/security/openvpn/pkg-plist?revision=385432&view=markup. If you want the easy-rsa scripts, you'll need to pkg install easy-rsa.

Either way, it is definitely installed, and it wasn't by my hands:

Should I try giving it a reinstall?

 

[dlavigne]

Aah, I see. easy-rsa installs barely anything, but pkg install easy-rsa2 installs what you want. Freshports is helpful for viewing plists...

 

[jamarino94]

I've played around with the packages a bit now, and you are correct in that security/easy-rsa2 has the scripts I was looking for.
However, installing the latest version of openvpn automatically installs the new easy-rsa as well.
I've done a bit of reading and I am more confident now, compared to when I opened this thread.
I will close this thread and try on my own for a bit.
Thanks for sticking with me and bringing suggestions ;)

 

[Gabi]

I've played around with the packages a bit now, and you are correct in that security/easy-rsa2 has the scripts I was looking for.
However, installing the latest version of openvpn automatically installs the new easy-rsa as well.
I've done a bit of reading and I am more confident now, compared to when I opened this thread.
I will close this thread and try on my own for a bit.
Thanks for sticking with me and bringing suggestions ;)

Hi jamarino,
How did you get it working? I am facing the same problem you described in the first post and I'm unable to find a solution nor follow any of the guides to install openvpn server in a FN jail.
Any help will me extremely helpful!:)

 

[jamarino94]

Hi jamarino,
How did you get it working? I am facing the same problem you described in the first post and I'm unable to find a solution nor follow any of the guides to install openvpn server in a FN jail.
Any help will me extremely helpful!:)

I never did get it to work :(
I eventually gave up, and opted for another vpn solution. I marked this thread as solved so others wouldn't offer advice when I had already given up, but I guess that is a bit misleading for those with the same problem. Sorry pal.

 

[Gabi]

I never did get it to work :(
I eventually gave up, and opted for another vpn solution. I marked this thread as solved so others wouldn't offer advice when I had already given up, but I guess that is a bit misleading for those with the same problem. Sorry pal.

Oh, okay then haha
So, how did you set the VPN server? I guess you wanted to use it to access your files securel when not home. If that's the case, I would really appreciate a clue to find an alternative way to do it because I'm running out of ideas. Thanks for your reply :)

 

[jamarino94]

Oh, okay then haha
So, how did you set the VPN server? I guess you wanted to use it to access your files securel when not home. If that's the case, I would really appreciate a clue to find an alternative way to do it because I'm running out of ideas. Thanks for your reply :)

I found a solution called MPD, but I haven't actually gotten around to setting it up yet. From the guides I've seen (some time ago) it seems fairly straight forward, but again, I haven't tried yet.
Hmm.. I have a guide bookmarked, you can give it a shot if you want: https://dnaeon.github.io/installing-and-configuring-a-pptp-server-with-mpd5-on-freebsd/
Good luck ;)

 

[Gabi]

Thanks for the info jamarino :)
I'll give it a try as soon as I can