Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Resource icon

TrueNAS and OpenVPN client configuration

Pitfrr

Neophyte Sage
Joined
Feb 10, 2014
Messages
877
Pitfrr submitted a new resource:

TrueNAS and OpenVPN client configuration - How to configure the OpenVPN client in TrueNAS 12.0

Here is a short tutorial to configure the OpenVPN client on TrueNAS 12.0.

Prerequisite: an OpenVPN server running with a similar configuration:
Code:
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote vpn.domain.org 1194 udp
lport 0
verify-x509-name "vpn.domain.org " name
auth-user-pass
remote-cert-tls server
comp-lzo adaptive

<ca>
-----BEGIN CERTIFICATE-----...
Read more about this resource...
 

profwalken

Member
Joined
Nov 19, 2013
Messages
196
Hi,

I've updated my FN 11.3 to TN 12 and would like to enable openvpn server to give remote access to user with OpenVPN connect software on windows 10 PC.

Have no knowledge about VPN settings, and steps to follow, is your tutorial usable in the same way to set an OpenVPN server side ?
 

Pitfrr

Neophyte Sage
Joined
Feb 10, 2014
Messages
877
Well, I don't think so because the server configuration is different to the client configuration.
I'm not using the OpenVPN server in TrueNAS since I already have a separate OpenVPN server running.

I checked it out though...
I'd say (at least for me) the most complicated would be to get the certificates sorted out, the root certificate and the client certificate but for that I'd check out the link given in the tool tip in the GUI. Maybe those can be generated in the System>CA or System>Certificates??
Then the next part would be the remote address. There, if you have a fixed (public) IP, then it's easy. If you don't have a fixed IP then you'll need to couple that with a dynDNS service. That I don't know how it works.
Maybe you can find some resources in the OpenVPN forum (or some tutorial on setting an OpenVPN server)?
The rest of the parameters are more related to the encryption (authentication algorithm, cipher) and more global settings (compression, protocol and device).

Again, I would try to find an openVPN server tutorial and use it as basis.
 

profwalken

Member
Joined
Nov 19, 2013
Messages
196
Merci pour cette réponse rapide.: clin d'œil:
Je ne suis pas sur de tout maitriser, j'ai déjà passé une après-midi à chercher tous azimuts ce qui pourrait être une solution pour mettre en œuvre openvpn.
Oui j'ai des Ip publiques fixe et liens internet Fibre.
Je verrai demain si j'ai de la chance pour tester cela.
Merci pour l'aide
 

Astrodonkey

Member
Joined
Jul 18, 2017
Messages
52
My VPN provider provides only the CRL, certificate, and user password/login. How can I configure the OpenVPN client service in TrueNAS 12.0 without a private key? It isn't possible to add the cert in step 2 without one.
 

Pitfrr

Neophyte Sage
Joined
Feb 10, 2014
Messages
877
Sorry but I don't know how you can add it without the private key... :-(
 

dnilgreb

Member
Joined
Mar 29, 2016
Messages
116
Awesome guide! Got it running on my frst try! thank you thank you thank you thank you thank you!
 

greysave

Neophyte
Joined
Aug 26, 2020
Messages
9
Have you gotten this to work with a third party VPN provider? I have tried at least 6 or 7 providers and no luck. Here is an example of my configuration. Each time I get an error stating
Code:
Client certificate must have "TLS Web Client Authentication" set in ExtendedKeyUsage extension.


Here are some screenshots of the steps that I have completed.
1606513066267.png

1606513139594.png

1606513167167.png
 
Last edited:

Pitfrr

Neophyte Sage
Joined
Feb 10, 2014
Messages
877
Sorry haven't used it with any third party VPN provider. I tried it only with OpenVPN and the server I have running. I don't have any third party VPN...
 

smcclos

Neophyte
Joined
Jan 22, 2021
Messages
8
My VPN provider provides only the CRL, certificate, and user password/login. How can I configure the OpenVPN client service in TrueNAS 12.0 without a private key? It isn't possible to add the cert in step 2 without one.
I have fixed that problem, you need to add a dummy key. The VPN provider doesn't care about it, it will be just used for the encryption tunnel.
 

smcclos

Neophyte
Joined
Jan 22, 2021
Messages
8
I have a different issue. Here is what I see in my /var/log/messages, when I attempt to start the OpenVPN client service


Code:
Feb  3 20:03:59 truenas 1 2021-02-03T20:03:59.736193-05:00 truenas.local root 12685 - - /usr/local/etc/rc.d/openvpn_client: WARNING: /usr/local/etc/openvpn/client/openvpn_client.conf is not readable.
Feb  3 20:03:59 truenas 1 2021-02-03T20:03:59.738272-05:00 truenas.local root 12686 - - /usr/local/etc/rc.d/openvpn_client: WARNING: failed precmd routine for openvpn_client
 

smcclos

Neophyte
Joined
Jan 22, 2021
Messages
8
Have you gotten this to work with a third party VPN provider? I have tried at least 6 or 7 providers and no luck. Here is an example of my configuration. Each time I get an error stating
Code:
Client certificate must have "TLS Web Client Authentication" set in ExtendedKeyUsage extension.


Here are some screenshots of the steps that I have completed.
View attachment 43035
View attachment 43038
View attachment 43039
I got around this problem. You need to create a certificate. It looks like you cannot create it in TrueNas. I created a new Internal CA on pfSense, and then using that Internal CA, created a new certificate.

Then I exported the CA and Certificate from pfSense, and then imported it into TrueNAS. I a little cumbersome, but it works.
 

ymestechwey

Newbie
Joined
Feb 24, 2021
Messages
1
I have a different issue. Here is what I see in my /var/log/messages, when I attempt to start the OpenVPN client service


Code:
Feb  3 20:03:59 truenas 1 2021-02-03T20:03:59.736193-05:00 truenas.local root 12685 - - /usr/local/etc/rc.d/openvpn_client: WARNING: /usr/local/etc/openvpn/client/openvpn_client.conf is not readable.
Feb  3 20:03:59 truenas 1 2021-02-03T20:03:59.738272-05:00 truenas.local root 12686 - - /usr/local/etc/rc.d/openvpn_client: WARNING: failed precmd routine for openvpn_client
How did you fix this?
 
Top