Virtual Router and VPN

[Patrol02]

Hi Guys,

I want some of my devices to access the Internet via VPN. My modem and router don't have VPN support, and these devices don't have it either.
So my idea was to setup some kind of a virtual router on my FreeNAS which would have VPN and make these devices go through it instead of going through my "real" modem/router. This way I expect VPN to be transparent for the clients and I will not have to upgrade my hardware :)

Do you know if it is possible to do? Can you suggest where I can look for guidance, which software may be useful and would work well with FreeNAS etc.?

UPDATE: I am not looking for creating my own home VPN. I want to use the existing "external" VPN which I have access to, and I want to let other devices use this existing VPN.

Regards, Alexey.

 

[m0nkey_]

There are plenty of OpenVPN jail how-to's on this forum.

 

[Patrol02]

I see that, but I wasn't able to find anything regarding the "virtual router" part of the story. Or are you suggesting that OpenVPN can do this too? I am a noob in networking so I could completely miss it if you say so...

 

[Patrol02]

I managed to install OpenVPN in a jail and configured it to use my VPN provider configuration.
What should I do next to be able to use it with my devices which have no knowledge about VPN? Do I need to setup DHCP and forward all the traffic somehow?

 

[Patrol02]

I've been told that once I have OpenVPN set up in a jail I can use that jail's IP address as a default gateway on my devices and it will route all the traffic via VPN.

I tried to do so and it is only half truth: running tcpdump inside the jail I see all the outgoing traffic, but nothing comes back.
For example, if I use jail's IP as a gateway on my laptop (192.168.1.5) I get this dump:

Code:

21:41:44.049425 IP 192.168.1.5.53369 > d.v.dropbox.com.https: Flags [R.], seq 1, ack 1, win 16384, length 0
21:41:50.524255 IP 192.168.1.5.49616 > server-54-192-233-104.nrt12.r.cloudfront.net.https: Flags [F.], seq 0, ack 1, win 4096, options [nop,nop,TS val 1077581659 ecr 432558380], length 0
21:41:50.580936 IP 192.168.1.5.49399 > 204.109.59.195.https: Flags [F.], seq 0, ack 1, win 4096, options [nop,nop,TS val 1077581717 ecr 202510690], length 0
21:41:51.530235 IP 192.168.1.5.59909 > 13.77.95.51.https: Flags [FP.], seq 0:386, ack 1, win 4096, options [nop,nop,TS val 1077582663 ecr 74266852], length 386
21:41:55.970597 IP 192.168.1.5.61328 > 91.108.56.105.https: Flags [FP.], seq 0:73, ack 1, win 4096, options [nop,nop,TS val 1077587092 ecr 1658039269], length 73

The local network, however, works: I can access the FreeNAS itself via web UI and/or SSH.

Here is my network configuration inside the jail:

Code:

[root@openvpn /]# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 1e:42:24:4f:4f:a9
    inet 192.168.1.70 netmask 0xffffff00 broadcast 192.168.1.255
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet 10.18.6.158 --> 10.18.6.157 netmask 0xffffffff
    nd6 options=9<PERFORMNUD,IFDISABLED>
    Opened by PID 6219
   
[root@openvpn /]# ipfw list
00100 nat 1 ip from 172.16.8.0/24 to any out via epair1b
00200 nat 1 ip from any to any in via epair1b
65535 allow ip from any to any

Does anyone know how to configure jail so the traffic can go both ways?

Cheers,
Alexey.

 

[depasseg]

My guess is you are going to need NAT setup in the jail. I'm pretty sure someone wrote up a howto on the forums.