Share OpenVPN (client) Internet Connection to Ethernet Port

faro

Cadet
Joined
Sep 19, 2020
Messages
1
I need your help to share **OpenVPN** connection from Freenas jail.
This is the situation:
1. I already created jail named **OpenVPN**. Inside this jail, there is an openvpn client succesfully connected to nordvpn. And this is result from ifconfig inside **OpenVPN**:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 1e:6f:65:9b:c8:80
hwaddr 02:2b:ff:00:0a:0b
inet 192.168.86.19 netmask 0xffffff00 broadcast 192.168.86.255
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.8.8.8 --> 10.8.8.1 netmask 0xffffff00
nd6 options=1<PERFORMNUD>
groups: tun
Opened by PID 2574
2. And this is my /etc/rc.conf from **OpenVPN** jail:
cron_flags="$cron_flags -J 15"

# Disable Sendmail by default
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# Run secure syslog
syslogd_flags="-c -ss"

# Enable IPv6
ipv6_activate_all_interfaces="YES"
hostname="OpenVPN"
ifconfig_epair0b="SYNCDHCP"
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/default.conf"
openvpn_dir="/usr/local/etc/openvpn/"
cloned_interfaces="tun"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
sysctl net.inet.ip.forwarding=1
kldload ipfw.ko
kldload ipfw_nat.ko
3. And this is result of ifconfig from **Freenas** host:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 4e:f1:31:df:f8:90
hwaddr 4e:f1:31:df:f8:90
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: no carrier
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 4e:f1:31:df:f8:80
hwaddr 4e:f1:31:df:f8:80
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: no carrier
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 4e:f1:31:df:f8:b0
hwaddr 4e:f1:31:df:f8:b0
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: no carrier
em3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 4e:f1:31:df:f8:a0
hwaddr 4e:f1:31:df:f8:a0
inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether c1:f6:56:9c:85:aa
hwaddr c1:f6:56:9c:85:aa
inet 192.168.86.200 netmask 0xffffff00 broadcast 192.168.86.255
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Attached to HomeAssistant
options=80000<LINKSTATE>
ether 00:db:f2:37:8f:00
hwaddr 00:db:f2:37:8f:00
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 1832
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 20:f4:56:1a:d2:00
nd6 options=1<PERFORMNUD>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0.3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 13 priority 128 path cost 2000
member: vnet0.2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 12 priority 128 path cost 2000
member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 11 priority 128 path cost 2000000
member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 2000000
member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 20000
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000000
vnet0.1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: OpenVPN as nic: epair0b
options=8<VLAN_MTU>
ether e1:f6:56:b9:8c:f7
hwaddr 20:6e:0d:00:90:a0
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Attached to PiHole
options=80000<LINKSTATE>
ether 00:db:92:38:8f:10
hwaddr 00:db:92:38:8f:10
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 2338
tap2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Attached to OpenVPN
options=80000<LINKSTATE>
ether 00:db:46:39:8f:20
hwaddr 00:db:46:39:8f:20
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 2590
vnet0.2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: plexmediaserver as nic: epair0b
options=8<VLAN_MTU>
ether e1:f6:56:d3:b6:aa
hwaddr 20:6e:0d:00:c0:a0
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
vnet0.3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: qbittorrent as nic: epair0b
options=8<VLAN_MTU>
ether ca:f6:56:b5:ac:5e
hwaddr 20:6e:0d:00:d0:a0
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
4. And this is /etc/rc.conf from **Freenas** host
hostname="freenas"
openssh_enable="YES"
sendmail_enable="NONE"
background_fsck="NO"
fsck_y_enable="YES"
synchronous_dhclient="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
vmware_guest_vmblock_enable="YES"
vmware_guest_vmhgfs_enable="YES"
vmware_guest_vmmemctl_enable="YES"
devfs_system_ruleset="usbrules"
clear_tmp_X="NO"
geli_autodetach="NO"
savecore_enable="NO"
dumpdev="NO"
dumpdir="/data/crash"
early_kld_list="dtraceall geom_multipath"
kld_list="hwpmc t3_tom t4_tom"
dbus_enable="YES"
mdnsd_enable="YES"
performance_cpu_freq="HIGH"
local_startup="/etc/ix.rc.d /usr/local/etc/rc.d"
early_late_divider="*"
root_rw_mount="YES"
syslogd_enable="NO"
syslog_ng_enable="YES"
nginx_enable="YES"
nginx_login_class="nginx"
devd_flags="-q"
cleanvar_enable="NO"
openssh_skipportscheck="YES"
inadyn_flags="--continue-on-error"
microcode_update_enable="YES"
rcshutdown_timeout=""
zfsd_enable="YES"
export LANG=en_US.UTF-8

I haven't create anything in OpenVPN Jail file : /usr/local/etc/ipfw.rules

I have:
1 onboard NIC re0
1 ethernet card with 4 lan port (em0,em1,em2,em3)
What I want to achieve is to share nordvpn internet access from **OpenVPN** Jail (vnet0.1) to ethernet port (em0). So I can connect my wireless router to ethernet port (em0), and share nordvpn internet access through the wireless router.

How can I achieve this?

Thank you in advance
 

nojohnny101

Wizard
Joined
Dec 3, 2015
Messages
1,478
If I'm not mistaken in what you are trying to do, that is kind of backwards. Jails in FreeNAS are supposed to be self-contained lightweight "vms" (not really vms but you get the point). They can talk to each other but were never really meant to share networking. This is actually one of the advantages of jails, they can have their own networking stack separate from the host and other jails.
 
Top