Truenas network config breaks nextcloud installation

[mitchell13]

Hello, I have a working TrueNAS system with Nextcloud installed via the plugin. Everything has been working fine until I setup OpenVPN server. I wanted to be able to access the LAN behind my openVPN subnet and followed this reddit comment to do so. However, after including the tunables mentioned there, I am now having trouble accessing Nextcloud. When it does connect, no weather information is shown and I am not able to access the apps section to download new apps.

It seems like there is some networking issues going on here because of the tunables I included, although I need help understand what is happening. Is there a good way to fix this or a better way setup my OpenVPN?

I am happy to include any logs if necessary.

Thank you.

 

[mitchell13]

I should also mention, everything starts working correctly after disabling the tunables, the openVPN service even works fine and lets me access the LAN behind it. Is there a reason for these tunables that I am missing or is it ok to just not include them?

 

[Patrick M. Hausen]

Most of these tutorials recommend setting up NAT by manually messing with the FreeBSD firewall. I call BS. All you need is - in the typical consumer situation - a static route for the OpenVPN network in your Internet router. If yours does not support static routes, get one that does. No NAT needed, perfect LAN access ...

 

[mitchell13]

Most of these tutorials recommend setting up NAT by manually messing with the FreeBSD firewall. I call BS. All you need is - in the typical consumer situation - a static route for the OpenVPN network in your Internet router. If yours does not support static routes, get one that does. No NAT needed, perfect LAN access ...

Thank you for the quick reply, My router does support static routes and I can set one up. Although, before I research exactly what needs to be done, i figure I might ask for a quick solution.

I would assume I need to keep some of the additional parameters such as push "route 10.0.0.0 255.255.255.0" on the VPN server. Can the others be removed or should they be kept? specifically push "redirect-gateway def1 bypass-dhcp" | push "dhcp-option DNS 1.1.1.1" | push "dhcp-option DNS 1.0.0.1"

lastly, if my LAN is a 192.168.1.x range and OpenVpn uses 10.20.0.x, what would the static routing on the router look like?

I apologize if these questions are pretty basic. Im happy to do my own research into it but thought I would ask first.

 

[Patrick M. Hausen]

Why would you push route 10.0.0.0/24 when your LAN is 192.168.1.0/24? I would push that. If you redirect gateway, you don't need to push any routes, though, because redirect gateway is equivalent to push 0.0.0.0/0 (i.e. default into the tunnel). If the latter is what you want, i.e. road warrior dials in, then all Internet traffic goes THROUGH the tunnel - fine. That works in most cases. Some people prefer "split tunnel", i.e. route only the home networks and access the Internet wherever the client happens to be.

And the static route would be 10.20.0.0/24, gateway: IP address of your TrueNAS in the 192.168.1.0/24 network.

 

[mitchell13]

Why would you push route 10.0.0.0/24 when your LAN is 192.168.1.0/24? I would push that. If you redirect gateway, you don't need to push any routes, though, because redirect gateway is equivalent to push 0.0.0.0/0 (i.e. default into the tunnel). If the latter is what you want, i.e. road warrior dials in, then all Internet traffic goes THROUGH the tunnel - fine. That works in most cases. Some people prefer "split tunnel", i.e. route only the hime networks and access the Internet wherever the client happens to be.

Thank you! and sorry i meant to type push route 192.168.1.0/24 as that is what I have, but had copied and pasted the incorrect addresses from the tutorial I was following into this thread.

And the static route would be 10.20.0.0/24, gateway: IP address of your TrueNAS in the 192.168.1.0/24 network.

I will get this added as well. Thank you for you help again.