itskando
Contributor
- Joined
- Apr 30, 2018
- Messages
- 172
Followed this well-established guide to start.
Since I clearly do not have remote access running (heh),
I'll post jail parameters later when I get local access.
.
.
.
With regard to:
Should I be seeing something under the
(Restarted entire system.)
.
.
.
Additionally, the subsequent instructions:
Let's send our OpenVPN client files and test connection from outside
[/QUOTE]
did not result in any email sent:
I assumed the command was to be run from the openVPN jail on the freeNAS server
and would result in an email sent to my personal email address (substituted for me@mydomain.com)
Nothing was found in my inbox or spam folder.
.
.
.
Less urgent matters, but still worth asking:
.
.
.
• How complex should Password1 and Password2 be?
8 chars? 12? 16+?
Upper and lowercase?
Numbers?
Symbols?
• What are alternative NAT addresses one might use (and why)?
• What are alternative VPN server port one might use (and why)?
• What are alternative VPN outside access port one might use (and why)?
• What are alternatives to Bibi40k (why did you choose it)?
.
.
.
• Is VNET necessary if DHCP is not used?
Since I clearly do not have remote access running (heh),
I'll post jail parameters later when I get local access.
.
.
.
With regard to:
SSH to your FreeNAS box and make some checks
Code:% jls JID IP Address Hostname Path ... 5 OpenVPN /mnt/Vol1-Z2/jails/OpenVPN % sudo jexec 5 sh Password: # ipfw list 00100 nat 1 IP from 10.8.0.0/24 to any out via epair0b 00200 nat 1 IP from any to any in via epair0b 65535 allow IP from any to any # sockstat -4 -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS nobody openvpn 64842 7 udp46 *:1194 *:* root syslogd 64803 7 udp4 *:514 *:*
Should I be seeing something under the
sockstat -4 -l
command?(Restarted entire system.)
Code:
[root@Deetz ~]# iocage restart openVPN * Stopping openVPN + Running prestop OK + Stopping services OK + Tearing down VNET OK + Removing devfs_ruleset: 6 OK + Removing jail process OK + Running poststop OK * Starting openVPN + Started OK + Configuring VNET OK + Starting services OK [root@Deetz ~]# iocage console openVPN Last login: Sat Jan 5 15:39:56 on pts/1 root@openVPN:~ # ipfw list00100 nat 1 ip from 10.8.0.0/24 to any out via epair0b 00200 nat 1 ip from any to any in via epair0b 65535 allow ip from any to any root@openVPN:~ # sockstat -4 -l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS root@openVPN:~ #
.
.
.
Additionally, the subsequent instructions:
Let's send our OpenVPN client files and test connection from outside
Code:
# cd /usr/local/etc/openvpn/ # tar cvf Bibi40k.tar Bibi40k.conf -C keys/ ca.crt Bibi40k.crt Bibi40k.key ta.key a Bibi40k.conf a ca.crt a Bibi40k.crt a Bibi40k.key a ta.key # service sendmail onestart # mpack -s "Bibi40k OpenVPN files" Bibi40k.tar me@mydomain.com
did not result in any email sent:
Code:
root@openVPN:~ # cd /usr/local/etc/openvpn/root@openVPN:/usr/local/etc/openvpn # tar cvf Bibi40k.tar Bibi40k.conf -C keys/ ca.crt Bibi40k.crt Bibi40k.key ta.key a Bibi40k.conf a ca.crt a Bibi40k.crt a Bibi40k.key a ta.key root@openVPN:/usr/local/etc/openvpn # service sendmail onestart Starting sendmail.Starting sendmail_msp_queue. root@openVPN:/usr/local/etc/openvpn # mpack -s "Bibi40k OpenVPN files" Bibi40k.tar me@mydomain.com root@openVPN:/usr/local/etc/openvpn # mpack -s "Bibi40k OpenVPN files" Bibi40k.t ar nate.kando@gmail.com root@openVPN:/usr/local/etc/openvpn #
I assumed the command was to be run from the openVPN jail on the freeNAS server
and would result in an email sent to my personal email address (substituted for me@mydomain.com)
Nothing was found in my inbox or spam folder.
.
.
.
Less urgent matters, but still worth asking:
.
.
.
Relevant data to use later in this tutorial ( use your own, this is just for reference )
- Home Network: 192.168.1.0/24 ( LAN where is your FreeNAS )
- NAT Network: 10.8.0.0/24 ( virtual LAN between VPN clients and your LAN )
- Domain: nas.mydomain.com
- VPN Server Port: 1194 UDP
- VPN Outside Access Port: 443 UDP
- Certificate Authority Password: Password1
- Bibi40k Client Certificate Password: Password2
• How complex should Password1 and Password2 be?
8 chars? 12? 16+?
Upper and lowercase?
Numbers?
Symbols?
• What are alternative NAT addresses one might use (and why)?
• What are alternative VPN server port one might use (and why)?
• What are alternative VPN outside access port one might use (and why)?
• What are alternatives to Bibi40k (why did you choose it)?
.
.
.
Use FreeNAS Web GUI
Jails -> Add Jail
( Jail Name: OpenVPN, keep default settings )
• Is VNET necessary if DHCP is not used?
Last edited: