Transmission jail with OpenVPN loses connection / DNS

[Dobbie]

Ok so I've got a new server and I'm trying to recreate what I have running on my old server. My old is running TrueNAS Core 12.0 U8 with transmission plugin running OpenVPN on top with PIA, without issues. I spun up a new TrueNAS Core 12.0 U8 but it seemed like the jail would lose connection / DNS after OpenVPN connected. I tried a bunch of stuff to no avail. I even exported the jail working in my old server, imported it, did the changes required for the fstab for the jail, got it to start, but same thing, appeared to lose connection / DNS. Even creating a new transmission jail on the old server does the same, as in it doesn't work but the old jail works fine.

So currently I spun up a new TrueNAS Core 13.0 U3 (fresh, only setup a storage pool, and transmission jail, that's all), ran through the normal setup for transmission and OpenVPN, and still run into the same issue. /var/log/messages does show something about ipv6 not configured but my old server has those messages as well so it's unrelated.

I'm willing to try all suggestions on the new setup to get this working.

Here is how I went about ssetting up OpenVPN in the transmission jail;

Code:

root@truenas[~]# jexec 1 tcsh
root@transmisssion:/ # pkg update
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
root@transmisssion:/ # pkg upgrade
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
Checking for upgrades (0 candidates): 100%
Processing candidates (0 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
root@transmisssion:/ # pkg install -y wget openvpn
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        easy-rsa: 3.1.2
        liblz4: 1.9.4,1
        lzo2: 2.10_1
        openvpn: 2.6.0
        pkcs11-helper: 1.29.0
        wget: 1.21.3_1

Number of packages to be installed: 6

The process will require 7 MiB more space.
2 MiB to be downloaded.
[transmisssion] [1/6] Fetching wget-1.21.3_1.pkg: 100%  687 KiB 703.9kB/s    00:01
[transmisssion] [2/6] Fetching openvpn-2.6.0.pkg: 100%  580 KiB 593.5kB/s    00:01
[transmisssion] [3/6] Fetching liblz4-1.9.4,1.pkg: 100%  145 KiB 148.0kB/s    00:01
[transmisssion] [4/6] Fetching pkcs11-helper-1.29.0.pkg: 100%   95 KiB  97.8kB/s    00:01
[transmisssion] [5/6] Fetching lzo2-2.10_1.pkg: 100%  113 KiB 115.7kB/s    00:01
[transmisssion] [6/6] Fetching easy-rsa-3.1.2.pkg:  52%   32 KiB  32.8kB/s    00[transmisssion] [6/6] Fetching easy-rsa-3.1.2.pkg: 100%   61 KiB  62.5kB/s    00:01
Checking integrity... done (0 conflicting)
[transmisssion] [1/6] Installing liblz4-1.9.4,1...
[transmisssion] [1/6] Extracting liblz4-1.9.4,1: 100%
[transmisssion] [2/6] Installing pkcs11-helper-1.29.0...
[transmisssion] [2/6] Extracting pkcs11-helper-1.29.0: 100%
[transmisssion] [3/6] Installing lzo2-2.10_1...
[transmisssion] [3/6] Extracting lzo2-2.10_1: 100%
[transmisssion] [4/6] Installing easy-rsa-3.1.2...
[transmisssion] [4/6] Extracting easy-rsa-3.1.2: 100%
[transmisssion] [5/6] Installing wget-1.21.3_1...
[transmisssion] [5/6] Extracting wget-1.21.3_1: 100%
[transmisssion] [6/6] Installing openvpn-2.6.0...
===> Creating groups.
Creating group 'openvpn' with gid '301'.
===> Creating users
Creating user 'openvpn' with uid '301'.
[transmisssion] [6/6] Extracting openvpn-2.6.0: 100%
=====
Message from easy-rsa-3.1.2:

--
NOTE: easy-rsa will require you to initialize a pki ONLY UPON FIRST USE.
The packaging itself no longer does this because that would confuse easy-rsa,
and easy-rsa expects the vars not to be per-installation, but per-PKI.

ONLY for the very first run for a new PKI, do something such as:

  easyrsa --pki-dir=~/my_new_pki init-pki # DANGEROUS - DESTROYS ~/my_new_pki
  which will copy vars.example both into ~/my_new_pki
  and create another copy named ~/my/new_pki/vars for you to edit for this PKI.

  Then, edit ~/my/new_pki/vars to set the defaults.

After upgrades, use other commands, explained by running: easyrsa help.
to explain options such as --pki-dir (see above), run: easyrsa help options
=====
Message from openvpn-2.6.0:

--
Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
startup. See /usr/local/etc/rc.d/openvpn for details.

Connect to VPN server as a client with this command to include
the client.up/down scripts in the initialization:
openvpn-client <spec>.ovpn

For compatibility notes when interoperating with older OpenVPN
versions, please see <http://openvpn.net/relnotes.html>

Note that OpenVPN does not officially support LibreSSL.

Note that OpenVPN configures a separate user and group "openvpn",
which should be used instead of the NFS user "nobody"
when an unprivileged user account is desired.

You may want to add user openvpn and group openvpn when creating your
configuration files, the example configuration shows this only as comments.
root@transmisssion:/ # cat > /etc/rc.conf.d/openvpn
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
^C
root@transmisssion:/ # cd /tmp
root@transmisssion:/tmp # mkdir openvpn;cd openvpn
root@transmisssion:/tmp/openvpn # wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
--2023-03-06 12:11:31--  https://www.privateinternetaccess.com/openvpn/openvpn.zip
Resolving www.privateinternetaccess.com (www.privateinternetaccess.com)... 104.18.14.49, 104.18.15.49
Connecting to www.privateinternetaccess.com (www.privateinternetaccess.com)|104.18.14.49|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 192173 (188K) [application/zip]
Saving to: ‘openvpn.zip’

openvpn.zip         100%[===================>] 187.67K  --.-KB/s    in 0.07s

2023-03-06 12:11:31 (2.55 MB/s) - ‘openvpn.zip’ saved [192173/192173]

root@transmisssion:/tmp/openvpn # unzip openvpn.zip
Archive:  openvpn.zip
 extracting: albania.ovpn
 extracting: algeria.ovpn
 extracting: andorra.ovpn
 extracting: argentina.ovpn
 extracting: armenia.ovpn
 extracting: au_melbourne.ovpn
 extracting: au_perth.ovpn
 extracting: au_sydney.ovpn
 extracting: austria.ovpn
 extracting: bahamas.ovpn
 extracting: bangladesh.ovpn
 extracting: belgium.ovpn
 extracting: brazil.ovpn
 extracting: bulgaria.ovpn
 extracting: ca.rsa.2048.crt
 extracting: ca_montreal.ovpn
 extracting: ca_ontario.ovpn
 extracting: ca_toronto.ovpn
 extracting: ca_vancouver.ovpn
 extracting: cambodia.ovpn
 extracting: china.ovpn
 extracting: crl.rsa.2048.pem
 extracting: cyprus.ovpn
 extracting: czech_republic.ovpn
 extracting: de_berlin.ovpn
 extracting: de_frankfurt.ovpn
 extracting: denmark.ovpn
 extracting: egypt.ovpn
 extracting: estonia.ovpn
 extracting: finland.ovpn
 extracting: france.ovpn
 extracting: georgia.ovpn
 extracting: greece.ovpn
 extracting: greenland.ovpn
 extracting: hong_kong.ovpn
 extracting: hungary.ovpn
 extracting: iceland.ovpn
 extracting: india.ovpn
 extracting: ireland.ovpn
 extracting: isle_of_man.ovpn
 extracting: israel.ovpn
 extracting: italy.ovpn
 extracting: japan.ovpn
 extracting: kazakhstan.ovpn
 extracting: latvia.ovpn
 extracting: liechtenstein.ovpn
 extracting: lithuania.ovpn
 extracting: luxembourg.ovpn
 extracting: macao.ovpn
 extracting: macedonia.ovpn
 extracting: malta.ovpn
 extracting: mexico.ovpn
 extracting: moldova.ovpn
 extracting: monaco.ovpn
 extracting: mongolia.ovpn
 extracting: montenegro.ovpn
 extracting: morocco.ovpn
 extracting: netherlands.ovpn
 extracting: new_zealand.ovpn
 extracting: nigeria.ovpn
 extracting: norway.ovpn
 extracting: panama.ovpn
 extracting: philippines.ovpn
 extracting: poland.ovpn
 extracting: portugal.ovpn
 extracting: qatar.ovpn
 extracting: romania.ovpn
 extracting: saudi_arabia.ovpn
 extracting: serbia.ovpn
 extracting: singapore.ovpn
 extracting: slovakia.ovpn
 extracting: south_africa.ovpn
 extracting: spain.ovpn
 extracting: sri_lanka.ovpn
 extracting: sweden.ovpn
 extracting: switzerland.ovpn
 extracting: taiwan.ovpn
 extracting: turkey.ovpn
 extracting: uk_london.ovpn
 extracting: uk_manchester.ovpn
 extracting: uk_southampton.ovpn
 extracting: ukraine.ovpn
 extracting: united_arab_emirates.ovpn
 extracting: us_atlanta.ovpn
 extracting: us_california.ovpn
 extracting: us_chicago.ovpn
 extracting: us_denver.ovpn
 extracting: us_east.ovpn
 extracting: us_florida.ovpn
 extracting: us_houston.ovpn
 extracting: us_las_vegas.ovpn
 extracting: us_new_york.ovpn
 extracting: us_seattle.ovpn
 extracting: us_silicon_valley.ovpn
 extracting: us_texas.ovpn
 extracting: us_washington_dc.ovpn
 extracting: us_west.ovpn
 extracting: venezuela.ovpn
 extracting: vietnam.ovpn
root@transmisssion:/tmp/openvpn # sed -i .bak 's/auth-user-pass/auth-user-pass pass.txt/' ca_toronto.ovpn
root@transmisssion:/tmp/openvpn # printf "ID\nPASS\n" > pass.txt
root@transmisssion:/tmp/openvpn # mkdir /usr/local/etc/openvpn/
root@transmisssion:/tmp/openvpn # cp ca.rsa.2048.crt crl.rsa.2048.pem pass.txt /usr/local/etc/openvpn/
root@transmisssion:/tmp/openvpn # cp ca_toronto.ovpn /usr/local/etc/openvpn/openvpn.conf
root@transmisssion:/tmp/openvpn # pkg search speedtest
py39-speedtest-cli-2.1.3       Command line interface for testing internet bandwidth
root@transmisssion:/tmp/openvpn # pkg install -y py39-speedtest-cli-2.1.3
Updating iocage-plugins repository catalogue...
iocage-plugins repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        libffi: 3.4.4
        mpdecimal: 2.5.1
        py39-setuptools: 63.1.0
        py39-speedtest-cli: 2.1.3
        python39: 3.9.16_2
        readline: 8.2.0

Number of packages to be installed: 6

The process will require 132 MiB more space.
19 MiB to be downloaded.
[transmisssion] [1/6] Fetching py39-setuptools-63.1.0.pkg:  47%  512 KiB 524.3kB[transmisssion] [1/6] Fetching py39-setuptools-63.1.0.pkg: 100%    1 MiB   1.1MB/s    00:01
[transmisssion] [2/6] Fetching mpdecimal-2.5.1.pkg:  84%  272 KiB 278.5kB/s    0[transmisssion] [2/6] Fetching mpdecimal-2.5.1.pkg: 100%  320 KiB 327.7kB/s    00:01
[transmisssion] [3/6] Fetching python39-3.9.16_2.pkg:   3%  696 KiB 712.7kB/s   [transmisssion] [3/6] Fetching python39-3.9.16_2.pkg:  12%    2 MiB   1.6MB/s   [transmisssion] [3/6] Fetching python39-3.9.16_2.pkg:  26%    5 MiB   2.5MB/s   [transmisssion] [3/6] Fetching python39-3.9.16_2.pkg:  43%    8 MiB   3.2MB/s   [transmisssion] [3/6] Fetching python39-3.9.16_2.pkg:  66%   12 MiB   4.2MB/s   [transmisssion] [3/6] Fetching python39-3.9.16_2.pkg:  92%   16 MiB   4.8MB/s   [transmisssion] [3/6] Fetching python39-3.9.16_2.pkg: 100%   18 MiB   3.1MB/s    00:06
[transmisssion] [4/6] Fetching py39-speedtest-cli-2.1.3.pkg: 100%   36 KiB  37.0kB/s    00:01
[transmisssion] [5/6] Fetching libffi-3.4.4.pkg: 100%   42 KiB  42.5kB/s    00:01
[transmisssion] [6/6] Fetching readline-8.2.0.pkg:   6%   24 KiB  24.6kB/s    00[transmisssion] [6/6] Fetching readline-8.2.0.pkg: 100%  367 KiB 376.1kB/s    00:01
Checking integrity... done (0 conflicting)
[transmisssion] [1/6] Installing mpdecimal-2.5.1...
[transmisssion] [1/6] Extracting mpdecimal-2.5.1: 100%
[transmisssion] [2/6] Installing libffi-3.4.4...
[transmisssion] [2/6] Extracting libffi-3.4.4: 100%
[transmisssion] [3/6] Installing readline-8.2.0...
[transmisssion] [3/6] Extracting readline-8.2.0: 100%
[transmisssion] [4/6] Installing python39-3.9.16_2...
[transmisssion] [4/6] Extracting python39-3.9.16_2: 100%
[transmisssion] [5/6] Installing py39-setuptools-63.1.0...
[transmisssion] [5/6] Extracting py39-setuptools-63.1.0: 100%
[transmisssion] [6/6] Installing py39-speedtest-cli-2.1.3...
[transmisssion] [6/6] Extracting py39-speedtest-cli-2.1.3: 100%
=====
Message from python39-3.9.16_2:

--
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py39-gdbm       databases/py-gdbm@py39
py39-sqlite3    databases/py-sqlite3@py39
py39-tkinter    x11-toolkits/py-tkinter@py39
root@transmisssion:/tmp/openvpn # wget -qO - http://wtfismyip.com/text
47.54.237.64
root@transmisssion:/tmp/openvpn # speedtest
Retrieving speedtest.net configuration...
Testing from Bell Canada (x.x.x.x)...       #edited to hide public address
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Bell Aliant (Moncton, NB) [138.82 km]: 6.264 ms
Testing download speed................................................................................
Download: 847.14 Mbit/s
Testing upload speed......................................................................................................
Upload: 409.57 Mbit/s
root@transmisssion:/tmp/openvpn # service openvpn start
Starting openvpn.
root@transmisssion:/tmp/openvpn # wget -qO - http://wtfismyip.com/text
^C
root@transmisssion:/tmp/openvpn # ping google.ca
ping: Unknown host
root@transmisssion:/tmp/openvpn #

Can't ping my router but can ping google.ca (got the IP from a ping on my other server)

Code:

root@transmisssion:/tmp/openvpn # ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
^C
--- 192.168.2.1 ping statistics ---
11 packets transmitted, 0 packets received, 100.0% packet loss
root@transmisssion:/tmp/openvpn # ping 142.250.64.67
PING 142.250.64.67 (142.250.64.67): 56 data bytes
64 bytes from 142.250.64.67: icmp_seq=0 ttl=117 time=55.471 ms
64 bytes from 142.250.64.67: icmp_seq=1 ttl=117 time=52.622 ms
64 bytes from 142.250.64.67: icmp_seq=2 ttl=117 time=52.597 ms

Edit:
I forgot to note that the new TrueNAS and the jail are using DHCP just for keeping things simple until there is a working solution. There are no subnets in use, straight forward home network Bell Fiber.

 

[dak180]

Some questions: did you set up the jail via the command line, if so what is the command (if gui what option did you set)? You may want to take a look at some of the scripts I use for this (you will need to make some changes to fit your system).

 

[Dobbie]

Some questions: did you set up the jail via the command line, if so what is the command (if gui what option did you set)? You may want to take a look at some of the scripts I use for this (you will need to make some changes to fit your system).

I first setup the jail from the gui. I only selected DHCP (which makes Berkeley Packet Filter required and selected as well) and then under custom, allow tun. I just tested with static IP through the gui, which meant disabling DHCP and BPF, but still no change.

 

[dak180]

I just tested with static IP through the gui, which meant disabling DHCP and BPF, but still no change.

Did you take a look at the script I use to setup my jail? In particular the stuff involving ipfw and network configuration?

 

[Dobbie]

Did you take a look at the script I use to setup my jail? In particular the stuff involving ipfw and network configuration?

I did not.

There has to be something simple that I'm missing here because this used to work just fine.

 

[dak180]

On the working jail what is the output of pkg prime-list?

 

[Dobbie]

On the working jail what is the output of pkg prime-list?

Code:

root@transmission:/ # pkg prime-list
openvpn
pkg
py39-speedtest-cli
transmission-daemon
transmission-web
wget

 

[dak180]

On the working jail what is the output of sysrc -a?

And the output of iocage get -a <WorkingJail>?

 

[Dobbie]

On the working jail what is the output of sysrc -a?

And the output of iocage get -a <WorkingJail>?

A quick compare makes me wonder if it's defaultrouter. The working jail has it set to auto and the non working one has my router's IP set. I'm guessing this has changed in the way the jails are created

From working jail

Code:

root@transmission:/ # sysrc -a
cron_flags:  -J 15
ipv6_activate_all_interfaces: YES
sendmail_enable: NO
sendmail_msp_queue_enable: NO
sendmail_outbound_enable: NO
sendmail_submit_enable: NO
syslogd_flags: -c -ss
transmission_download_dir: /usr/local/etc/transmission/home/Downloads
transmission_enable: YES

Code:

root@MyNAS:~ # iocage get -a transmission
CONFIG_VERSION:28
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:0
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:1
allow_vmm:0
assign_localhost:0
available:readonly
basejail:1
boot:1
bpf:0
children_max:0
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:auto
defaultrouter6:auto
depends:none
devfs_ruleset:4
dhcp:0
enforce_statfs:2
exec_clean:1
exec_created:/usr/bin/true
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:transmission
host_hostuuid:transmission
host_time:1
hostid:aae6d987-8a66-11e7-ba0a-d4ae52cd140c
hostid_strict_check:0
interfaces:vnet0:bridge0
ip4:new
ip4_addr:192.168.2.3/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
ip_hostname:0
jail_zfs:0
jail_zfs_dataset:iocage/jails/transmission/data
jail_zfs_mountpoint:none
last_started:2023-02-28 23:41:55
localhost_ip:none
login_flags:-f root
mac_prefix:d6ae52
maxproc:off
memorylocked:off
memoryuse:off
min_dyn_devfs_ruleset:1000
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nat:0
nat_backend:ipfw
nat_forwards:tcp(9091:9091)
nat_interface:none
nat_prefix:172.16
nmsgq:off
notes:none
nsem:off
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
plugin_name:transmission
plugin_repository:https://github.com/ix-plugin-hub/iocage-plugin-index.git
priority:99
pseudoterminals:off
quota:none
readbps:off
readiops:off
release:12.3-RELEASE-p11
reservation:none
resolver:/etc/resolv.conf
rlimits:off
rtsold:0
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:0
type:pluginv2
used:readonly
vmemoryuse:off
vnet:1
vnet0_mac:d6ae5203aa46 d6ae5203aa47
vnet0_mtu:auto
vnet1_mac:none
vnet1_mtu:auto
vnet2_mac:none
vnet2_mtu:auto
vnet3_mac:none
vnet3_mtu:auto
vnet_default_interface:auto
vnet_default_mtu:1500
vnet_interfaces:none
wallclock:off
writebps:off
writeiops:off

Non working jail

Code:

root@transmisssion:/ # sysrc -a
cron_flags:  -J 15
ipv6_activate_all_interfaces: YES
sendmail_enable: NO
sendmail_msp_queue_enable: NO
sendmail_outbound_enable: NO
sendmail_submit_enable: NO
syslogd_flags: -c -ss
transmission_download_dir: /usr/local/etc/transmission/home/Downloads
transmission_enable: YES

Code:

root@truenas[~]# iocage get -a transmisssion
CONFIG_VERSION:28
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:0
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:1
allow_vmm:0
assign_localhost:0
available:readonly
basejail:1
boot:1
bpf:0
children_max:0
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:192.168.2.1
defaultrouter6:auto
depends:none
devfs_ruleset:4
dhcp:0
enforce_statfs:2
exec_clean:1
exec_created:/usr/bin/true
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:transmisssion
host_hostuuid:transmisssion
host_time:1
hostid:1bf34d56-2f22-dd70-4fcc-562ef1e917e5
hostid_strict_check:0
interfaces:vnet0:bridge0
ip4:new
ip4_addr:192.168.2.131/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
ip_hostname:0
jail_zfs:0
jail_zfs_dataset:iocage/jails/transmisssion/data
jail_zfs_mountpoint:none
last_started:2023-03-06 23:28:57
localhost_ip:none
login_flags:-f root
mac_prefix:020c29
maxproc:off
memorylocked:off
memoryuse:off
min_dyn_devfs_ruleset:1000
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nat:0
nat_backend:ipfw
nat_forwards:none
nat_interface:none
nat_prefix:172.16
nmsgq:off
notes:none
nsem:off
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
plugin_name:transmission
plugin_repository:https://github.com/ix-plugin-hub/iocage-plugin-index.git
priority:99
pseudoterminals:off
quota:none
readbps:off
readiops:off
release:13.1-RELEASE-p7
reservation:none
resolver:/etc/resolv.conf
rlimits:off
rtsold:0
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:0
type:pluginv2
used:readonly
vmemoryuse:off
vnet:1
vnet0_mac:020c296cbd93 020c296cbd94
vnet0_mtu:auto
vnet1_mac:none
vnet1_mtu:auto
vnet2_mac:none
vnet2_mtu:auto
vnet3_mac:none
vnet3_mtu:auto
vnet_default_interface:auto
vnet_default_mtu:1500
vnet_interfaces:none
wallclock:off
writebps:off
writeiops:off

 

[dak180]

Well, from what I can see you have two issues: one, plugins are not really supported anymore hand rolled jails are though and that would be what I would recommend; two, openvpn in both the old and new jails is not properly setup automatically start and force routing of traffic over the vpn connection.

Given the configs you posted my guess is that the vpn on the "working" jail is not actually routing traffic.

You should be able to get a working jail from the scripts I have previously linked with very minor modification (change the network settings for jail creation to your desired addresses). I can guarantee that this will get you a jail with transmission running correctly over a PIA vpn because I have been using (and testing) it for years. It is even the recommend script for exactly such a setup by PIA themselves.

 

[Dobbie]

Is there any documentation on how to use your scripts? I didn't see any listed with them and find myself just reviewing jls.tool itself

 

[dak180]

Is there any documentation on how to use your scripts?

At the moment there is not beyond what is in the scripts themselves, it is something that I am currently working on. feel free to ask questions though it will help with knowing what I need to make sure is in the documentation.

 

[Dobbie]

What needs to be configured beforehand? like vlans / bridges, etc.
I'm guessing I'll need to adjust the mounts as well.

 

[dak180]

What needs to be configured beforehand? like vlans / bridges, etc.

Any vlans would need to be setup in the network interface section of the main GUI.

I'm guessing I'll need to adjust the mounts as well.

Yes, you will likely find it easier to do so with the latest commit I pushed.

 

[Dobbie]

Ok so I'm trying to set it up for my network (standard 192.168.2.X) so changed resolvers to the following as well as the other changes (not including mount changes as that doesn't matter at this point);

Code:

resolver60="nameserver 192.168.2.1"
resolver04="nameserver 192.168.2.1"
interfaces="vnet0:bridge0"
vnet_default_interface="vmx0" #since that is the only interface I have setup on my TrueNAS.

I'm guessing I'm completely wrong in doing that because I'm getting the jail created but getting a DHCP failed which I'm guessing means it's not able to reach 192.168.2.1;

Code:

transmission successfully created!
  + Acquiring DHCP address: FAILED, address received: 0.0.0.0/8


Stopped transmission due to DHCP failure

 

[dak180]

Ok so I'm trying to set it up for my network (standard 192.168.2.X) so changed resolvers to the following as well as the other changes (not including mount changes as that doesn't matter at this point);


resolver60="nameserver 192.168.2.1"
resolver04="nameserver 192.168.2.1"
interfaces="vnet0:bridge0"
vnet_default_interface="vmx0" #since that is the only interface I have setup on my TrueNAS.

If you do not need it to be a different vlan than the main one you can use a jail creation line like the following (if you do not need a fixed mac address you can omit that as well):

Code:

    if ! sudo iocage create -b -n "${jlName}" -p "/tmp/pkg.json" -r "${ioRelease}" vnet="1" bpf="1" dhcp="1" allow_raw_sockets="1" allow_set_hostname="1" ip6="disable" allow_tun="1" priority="3" vnet0_mac="<new mac 1> <new mac2>"; then

 

[Dobbie]

So I tried that (removed mac) and still no go for connection

Code:

if ! sudo iocage create -b -n "${jlName}" -p "/tmp/pkg.json" -r "${ioRelease}" vnet="1" bpf="1" dhcp="1" allow_raw_sockets="1" allow_set_hostname="1" ip6="disable" allow_tun="1" priority="3"; then

Gives

Code:

transmission successfully created!
  + Acquiring DHCP address: FAILED, address received: 0.0.0.0/8

Stopped transmission due to DHCP failure

 

[dak180]

What is the output of ifconfig on the man system?

 

[Dobbie]

Code:

root@truenas[~]# ifconfig
vmx0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:0c:29:fd:37:bf
        inet 192.168.2.120 netmask 0xffffff00 broadcast 192.168.2.255
        media: Ethernet autoselect
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
        groups: pflog
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:ff:9a
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vmx0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 2000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>

 

[dak180]

I did not realize that you were running TrueNAS as a VM; there is likely some configuration in there that needs to be fixed (unfortunately I know little about that end of things). As a general rule I would recommend that anytime you want to go beyond a simple file server you should run on bare metal and even then probably not something you should do.