TrueNas OpenVPN & Local network access not working complete Noob looking for help

[feron]

I'm new to both TrueNAS and OpenVPN, so if any wrong conclusion is written in my questions it's probably due to a lack of experience with either.
So I built up TrueNas and OpenVPN, everything is working perfect. There is a lot of information over internet. But for my issue I have not find working solution.
I have two Lan cards (NICs) one is with internet access(NIC: em0) and the another (NIC: re0) is without. I have no DHCP server on my local network.

Nic: em0 with internet access
10.10.10.0 < my Router DHPC
10.10.10.90 < my TrueNas & OpenVPN

Nic: re0
10.11.12.13< my TrueNas (Local system IP)

My VPN server is set 10.11.12.0
When the connections is established with the client, everything is working. The internet traffic is going through the client network, there is access and ping to 10.11.12.13 (TrueNas shares) but have not access to the local network for example to 10.11.12.133.
The main questions is what is necessary to be done? I supposed that it is something like a bridge but I am not familiar with it. Every help will be appreciated.

 

[homer27081990]

This is an OpenVPN configuration concern. Please consult their manual and forums.

 

[feron]

To be honest this issues I have fixed. It is necessary to be added some additional rules in the IPFW.
In my case:

ipfw -q 0050 add nat 1 all from 10.11.12.0/24 to any out via re0

ipfw -q 0060 add nat 1 all from any to any in via re0

This thread help me very much: https://www.truenas.com/community/threads/openvpn-service-failing-to-connect-to-local-subnet.98819/

The next problem which I have is that when more than one VPN client is connected the second has no access to the network (truenas server and local network.
There are several threads in the forum without answer like:

OpenVPN Multiple connections, is it possible?

I have OpenVPN service setup and running properly on TrueNAS core. I am able to access systems on the Private lan side with no issue. The issue happens when I connect a second connection to the VPN. The second connection seems to connect and I get a unique ip address but I'm unable to access...

www.truenas.com

Multiple VPN connections?

Not sure how I haven’t been able to find any discussion on this- but why can’t both myself and my employee connect to the server using openVPN simultaneously? Both users can connect and access files just fine, but we can’t remotely connect at the same time. The server gives both clients the...

www.truenas.com

I am in the process of studying of this issue. Every help will be appreciated.

 

[homer27081990]

To be honest this issues I have fixed. It is necessary to be added some additional rules in the IPFW.
In my case:

ipfw -q 0050 add nat 1 all from 10.11.12.0/24 to any out via re0

ipfw -q 0060 add nat 1 all from any to any in via re0

This thread help me very much: https://www.truenas.com/community/threads/openvpn-service-failing-to-connect-to-local-subnet.98819/

The next problem which I have is that when more than one VPN client is connected the second has no access to the network (truenas server and local network.
There are several threads in the forum without answer like:

OpenVPN Multiple connections, is it possible?

I have OpenVPN service setup and running properly on TrueNAS core. I am able to access systems on the Private lan side with no issue. The issue happens when I connect a second connection to the VPN. The second connection seems to connect and I get a unique ip address but I'm unable to access...

www.truenas.com

Multiple VPN connections?

Not sure how I haven’t been able to find any discussion on this- but why can’t both myself and my employee connect to the server using openVPN simultaneously? Both users can connect and access files just fine, but we can’t remotely connect at the same time. The server gives both clients the...

www.truenas.com

I am in the process of studying of this issue. Every help will be appreciated.

I *think* that by default, OpenVPN allows only 1 client at a time in the non-Enterprise edition. Might want to try IPsec, its a pain to setup, but the rewards are great.
I would also highly recommend setting up your VPN on a firewall or dedicated VM (I have mine on a Pfsense VM that also acts as the main router).

 

[feron]

I *think* that by default, OpenVPN allows only 1 client at a time in the non-Enterprise edition. Might want to try IPsec, its a pain to setup, but the rewards are great.
I would also highly recommend setting up your VPN on a firewall or dedicated VM (I have mine on a Pfsense VM that also acts as the main router).

Where could be checked how many client at a time is allowed? I spent a lot of time to find a solution.

 

[homer27081990]

Link here

I have an idea, but, ironically, have no idea if it would work. To basically use TrueNAS SCALE, create a docker container template with OpenVPN, create a single configuration file and have a reverse proxy (maybe haproxy?) raise a new container for each new incoming connection and give it a new VPN IP. There would have to be a limit to the maximum number of containers with successful connections and another limit (1, 2?) for containers in the negotiation phase of the connection.

It could also be easier to use IPsec or WireGuard or any other VPN solution that does not place any limit in the number of active connections.

 

[homer27081990]

You could also use your router to expose a number of OpenVPN instances on different ports (port forwarding). Or each on a different subdomain (a.vpn.you.aaa b.vpn.you.aaa c.vpn.you.aaa...)

 

[homer27081990]

...raise a new container for each new incoming connection and give it a new VPN IP. There would have to be a limit to the maximum number of containers with successful connections and another limit (1, 2?) for containers in the negotiation phase of the connection.

There would also need to be at least one container ready to negotiate a new connection at any given time. That means a connection to that container raises a new one to negotiate the next client.