How to Configure OpenVPN on TrueNas 12 - Setup your own Home VPN - Part 1

Awesome clear and concise tutorial! Thank you for sharing this.

This is by far the highest quality tutorial currently available on setting up an OpenVPN server for TrueNAS. Any bit of doubt I had about parameters I saw in other tutorials was taken away, in particular the IP parameter (which, from my current understanding, just creates another "mini subnet" within the local subnet under the specified prefix).

Seriously man thanks for this video, I got like 80% of this setup on my own but couldn't figure out why I was unable to connect to my locally host services.

How this only has 2400 views is beyond me. This is clear, concise, top quality. One of the best on RUclips. Thank you!!

After wading through forums, blogs, YT channels for days this was the first and only solution I have found to safely access my files remotely through a VPN. Thank you so very much Techworks!

I don't know that I've ever felt compelled to comment on a RUclips video before, but I had to on this one. I have spent hours and hours watching videos, looking through forums, and following tutorials to setup OpenVPN on my TrueNas. And I've never gotten it to work how I wanted it to. This video explained exactly what to do and was very detailed and helpful. The only thing I had to change was my natd_interface to em0 like some of the other comments said. Thanks so much for making this video.

Thank you so much for this! This got OpenVPN working on my machine with the ability to access my files remotely without fail.
That being said, I, like some other users on here and on your website, experienced issues with jails (Plex in my case), not working properly. Oddly, it took a day for it to break (all was working fine when I first set it up). The ONLY way I could access my Plex remotely was when connected to the VPN. Originally I could connect to Plex without connecting to the VPN. Again... it took about a day for this to break.
I did see your description comment about adding a jail with NAT selected. This fixed it! However, I read on a thread on Reddit of someone having an issue as well, and they were able to fix it instead by changing out their network interface identifier in the natd_interface tunable for vnetO. I disabled the added jail and tried this, and everything is still working properly. Now it's been less than a day, so I'll update here if it breaks again, but I figured I'd bring to your attention. Reddit post from TheRealStiffCookie below.
"I had an extremely similar issue, in that I couldn't have OpenVPN and Plex set up on my Truenas at the same time.
First step I tried was deleting the natd_interface tunable (mentioned on another site), which fixed Plex, but of course broke OpenVPN.
I then re-added the tunable, but instead of setting the value to my physical interface (em0 - which I followed from a guide), I set it to vnet0 instead. All of my plugins, and OpenVPN have been working alongside each other since!
Hope that helps anyone else that may stumble across this issue."

This absoulutley saved my bacon. Could not for the life of me get this to work until I found this video. Much appreciated.

if anyones having any issues connecting to the other servers outside of truenas's ip make sure that the 'natd_interface' tunable matches your config. Mine was 're0' instead of 'le0' so I had to change the value inside of that to get it to work.

Take me a day and half to set this up, my first problem is I didn’t watch the complete video. My bad. Then second problem was the Additional Parameters I took the quotation marks as asterisks and def1 as defl. It was hard to see these in video but found the correct parameters in the text. Once I fixed my errors it worked like a charm. So watch the whole video till the end before setting this up and you should have no problems. This one is complete as other videos leaves stuff out. Made notes and added these “Lessons Learned File” for future reference.

Thank you ❤ I have been trying to do this for several days and couldn't until I found this tutorial. Thanks for explaining the reason for each parameter, this way I could easily change it to the values for my setup

Dude you have no idea how much time I spent on this, trying to make my nextcloud only accessible by VPN and it was IMPOSSIBLE. But then you appeared and saved the day, thank you so so much

Took me a few tries, but your tutorial made it possible to connect from the internet. Thanks!

As an absolute novice to this kind of stuff, thank you for providing a very clear and concise walk-through of adding a vpn service here. I was struggling trying to figure out why the config file wasn't enough for trueNas charts and it seems I totally skipped the whole certificate step 😅

You absolutely ripped other VPN tutorials to shreds, this fit my scenario and worked really well, my hero for 2022!

This is the best OpenVPN tutorial for TrueNAS I've found. Thank you!

Amazing step-by-step video for the entire process. Did not falter anywhere. I would never have been able to do this on my own just by reading the manuals and adjusting the settings. Thanks for posting this.

After fighting for weeks, I found this video. Thank you for using your covid time so helpfully!!!

Es el video mas detallado y completo que he visto para configurar la VPN en treuenas. Gracias por el aporte

Huge thanks dude. I finaly got it working. I tried so many other tutorials and they confused me. Yours was straight forward and Thorough!

This video helped me resolved the issue I had struggled for a week. Thanks!

Thank you so much! Worked the first time from this tutorial, I never got it to work before,

mate this tutorial has been an absolute god send, very detailed and precise EVERY step of the way, and bous points for having the additional params in the bottom becuase I couldn't tell if it was a 1,l or i. this has made the whole experince of being able to get access to my NAS to edit my photos on the go abosoltely painless. you get a 15/10 rating from me.

Thank you! Just watched a different tutorial before and while it did work, this worked in every aspect!
Plus, your video was much easier to follow, better explained and a lot nicer to listen to.

Awesome tutorial. Very clear and concise. Unfortunately I can only access the Truenas server. SMB etc works but I can't access and other network devices including jails. I set the NAT tunable to bridge0 which is the name of my Truenas NIC but no dice.

Thank you so much!!! the bit from 16:00 was missing from other tutorials. Great stuff!

Very good tutorial, very concise, thank you for all your efforts, much appreciated.

Clear and understable! Thank you very much! By far one of the best tutorials!

Great tutorial, thanks! VPN works nicely, but alas, a virtual machine runnin on Truenas completely lost network. So removed the tunables and VM's network works again. Something about those tunables seems to screw the VM - host bridge big time

Thanks for the detailed tutorial!
Though after having the OpenVPN server and the firewall rules applied as shown in the video I'm having issues with the jails (plugin installation fails when getting "pkg" (No address record error) and I can't even ping 1.1.1.1 with success). Is there a workaround for this? Or it ends up being a tradeoff for setting up OpenVPN this way?
Also what's the difference and advantages/disadvantages of setting up the OpenVPN server from TrueNAS natively or inside a Jail?

wow thanks so much. this was the best one around that made the process a hell of a lot easier to understand and get working.

Thanks so much man, I always struggle with networking stuff since I rarely do it. This was very clear and concise.

Amazing, clear step-by-step process! I wish I had watched this before attempting it on my own.

Awesome clear and concise tutorial ! Thank you so much for sharing this. I can now access all my files (even from my iphone) when travelling ;)
Just a point, when configuring System/Tunables/natd_interface, of course enter your interface (not necessary le0, you should have shown that we must check in Network/interfaces for the right name) ;)

this is a really good tutorial. my usecase would be to have a work-arround for a ISP level port-forwarding block, so i can forward a specific service to possible clients without giving full access to my entire local network with a VPN (which works even with the ISP block). :^) gonna try this when i get the time to try it! thanks for the video!

Bravo majstore puno si pomogai i sve radi bezprijekorno.....

People like you are what make this world great!

i've done everything you did, and can connect to my samba share, but nothing else... no internet through the server or internet outside of the server... no connections to other jails on the server or other computers on the network. any idea what i might have done wrong?

Many thanks for this very very good tutorial, it worked almost on the spot. Almost, because my knowledge in this subject is "almost" not perfect... :-) (but getting better). You might have gone perhaps in 2-3 places slightly deeper in the explanation, so that an even larger audience would be able to follow. I mean by that explaining a little bit more for example what the different IP addresses mean that are being used throughout the installation (subnet etc.). Or why we can only use the config file to securely access our server in the end, without using the certificate as such, given that there is the option to download it. (I hope I understood correctly, that it is already included in the config file and not that all my secret cute-cat-videos are not open to the internet... :-) ). Of course I know, that it is also our responsibility to dig deeper, if something is not understood! It would have just kept the otherwise perfect flow of information.
Oh, and your voice is just perfect for tutorials!!!

Any advice on why when I try to put anything in the additional parameters under openVPN under Services it crashes when I go to save?

Hi, this was nearly perfect, the vpn setup certainly works. However something to do with the tuneables breaks network acess to any virtual machines I have installed on the freenas box. They wont assign dhcp, i can acess them via ssh when setting a manual ip in the vm's however they do not get internet access. Just wont ping google, it will however ping local lan machines So i think something is blocking them/ firewall related I imagine. It seems similar to some issues others are having on here with jails breaking. As soon as I remove the tuneables, dhcp is back and the vm's have full internet acess. it would be great if you could help / advise on this, thanks

Its the best Video i have Sean for this toppig👍👍👍👍

The best tutorial for customize OpenVPN on TrueNAS - thanx! But I have no understanding how to set up tunable parameters on TrueNAS SCALE. Could you update tutorial with SCALE settings?

Thanks a lot for this tutorial
I will try this with my own true as later this week

Thank you for this excellent tutorial. Great work here.

I don't understand why this cannot be written in TrueNAS documentation. I was struggling with RootCA, as I always wanted to use the NAS root CA (cause ... why the hell not?) And I didn't understand why it wasn't working...

very very goOOod tuto, now i untherstand more what to do, and what i do

Quero agradecer pelo excelente material. E também pela resposta rápida a uma duvida técnica minha. O detalhe que ele sempre atribuía o mesmo ip para qualquer conexão.

Many thanks for the video, this worked perfectly once I worked out a network peculiarity out with our wireless network provider. I found there IP address not my address inside there network.

Could you make a little video about how to revoke a client certificate? Simply deleting it won't stop the user from being able to connect to the vpn service.
BTW it's important to use an uncommon ip range for the local network, so avoid 192.168.0 and 192.168.1 since this could give routing issues when a user is tyring to log in from home or internet cafe if that location also uses this common ip range.

Do I need to do the steps in Part 2? My goal was to access my TrueNAS outside of my local network and this worked like a charm!

Thanks for the tutorial! I'm surprised there are not more likes on this video.

Thanks you for this amazing guide. Everything works. I have problems with setting up DDNS but turned out I gave my LAN mac address instead of WAN mac address. Thanks again my master!
BTW any idea how to add password requirement for openvpn? Is it secure without password?

Worked perfectly. Thank you very much.

This is a great tutorial, saved me much hair pulling. Now, not to be greedy, but do you have any idea how to add 2FA to the mix? I have some users who can't help themselves and keep getting spyware on their personal computers, so I don't feel at all comfortable about govong ANY of them access to the file server without 2FA of some sort.
Any advice you (or anyone else reading this) could give would be greatly appreciated.

This is excellent, but I have a problem, mi internet provider put me in a NAT and I Don have a public IP, is there a solution for my issue?

Thank you very much for this amazing tutorial. So clear and understandably

Great video. I was able to get the VPN working to the server only. Got any thoughts on how to get access to other local resources and the internet? I am sure it is an easy fix but I been searching around and trying things for a while now.

i did all the same, but when it comes to downloading the avpn config file i get an error. I can't download the config file. Here's an error:
1) Client certificate must have keyusage xtension 2) client certificate must have extebdedkeyusage extension set. 3) Client certificate must have "digital signature" and/or "key agreement" set for keyusafe extension. 4) Client certificate must have "tls web client authentication" set in extendedkeyusage extension. although I checked more than once everything is in place.
Guys can anyone help me to solve this problem?

tutorial worked well, though this seems to have stopped my openvpn CLIENT in a jail from working. removing the NAT tuneables makes it work again, but obviously that breaks the server. anyone have any ideas?

Works on Scale, without adding the tunables ! Fantastic THANK YOU !

wow, big kudos!!
the only thing i had to change was the network interface. it is igc0 for me (tunable natd_interface)
worked out of the box! thank you so much!!! i never ever could make this on my own.

I really liked your tutorial. It's really detailed. So followed it, I also have DDNS setup on google domains from my NAS. I opened the port for the OpenVPN, but still can't connect from a remote computer :/ any ideas?

I followed this step by step and got the connection established perfectly. Only problem is as soon as i apply the changes to the tunables, my pi hole wich i run in an VM on the TrueNas stopps working. The vm has a static IP. After tunables changes i cannot use it as a nameserver and the VM itself cannot resolve anymore. any help is welcome, im really stuck at this :/

Eres el mejor!!! Gracias

Thank you so much for this great tutorial, really well done. However, I've spent a lot of time trying to get it to work without success. Well, it works, but either NAS subnet IPs are reachable and jails lost access to the Internet, either jails have access but no way to reach other LAN IPs. I give up.
Note: the workaround with creating a jail to generate a NAT interface did not work.

Is there a way to preserve my home connection while accessing the remote server through the VPN? Because when using the VPN my internet access becomes only what is at the end of the tunnel.

Thank you so much for the tuorial !
At 16:30 is it : push "redirect-gateway def1 bypass-dhcp" or push "redirect-gateway defl bypass-dhcp" with lowercase "L" ?

Great got it working, many thanks for your video (though I had to put the same entry in to 'Common Name' and 'Subject Alternate Names' :-) Last question...To access through an Android phone...do you just install Openvpn app and drop a ovpn file?

Hi enabling natd is preventing me from getting dhcp for my plugins, anyway around that?

Thanks for the very clear tutorial. However there is one major issue with the tunables in this setup: The option 'natd_interface' breaks the DNS access of the jails. That's why there are plenty of people having issues with their jails after configuring the openvpn service. Should the interface be set to the physical network connection or should we use a virtual interface in this tunable? It's not really clear and if you select the physical interface, the openvpn service runs but the jails lose the DNS access.

sir what is the "common name" in certificate and other fields, is this random?

thanks man, keep the tutorials coming. They are super useful

i can connect to the network (with correct IP), can open the truenas UI in browser on the remote machine, i can kind of access truenas with its IP, but i can't access the shares via win explorer, all accounts return "wrong credentials".... what could be the problem?

On Truenas Scale, where can I setup the tunables? Please advise. By the way, your tutorial is the best so far I have found on RUclips. Thanks a lot for your sharing.

Thanks man, you helped me fix 90% of my issues. Super awesome! ++ subscribed

Your video = 100%. But I never set my default route on truenas… 8 hours later poring over router settings and wireshark pcaps, I inspect my truenas boot options…

Hello. In the common name should I put my public ip address? (in my case it is static) or should I associate the ip to a service like dyndns or noIP?

A very thorough walkthrough, thank you.
Every time I setup OpenVPN I have issues accessing my internal network.
One thing, le0 was bge0 on my system. I'm not sure if you mentioned it may be different on other systems.

Thanks, great video.

Just to add: i followed you tutorial and i went well, i was able to rdp in to my pc and acess my nas, but, after a reboot, my webui completly broke and truenas froze from inside out (like, literally, not even the console responded correctly). I managed to follow the problem to tunables, not sure what, but one of those configs caused the issue. Reinstalled and didnt put those in, i can acess the nas over vpn, but not the rest of local network, too afraid to brick stuck again.

Awesome guide works like a charm. Thank you

Many Thanks. Great tutorial and excellent work !

The only problem I am having now is that the server is assigning the same IP address on the intermediate network behind a NAT translation to all clients that connect. So, the server takes 10.8.0.1 on this network, and provisions 10.8.0.2 for the first client joining. However, if a second client joins, with its own client certificate, still the server assigns 10.8.0.2 for the second and subsequent client connections.

Help! my clients have different certificates but get the same ip addresses (192.168.1.2) when connecting to openvpn. What to do?

Best Tutorial about this!!

I think it was done on purpose, but what is the public IP address shown in the OpenVPN connect software. I’ve been struggling to get this to work and while I am in a unique double NAT scenario (so port forward on both router and router/modem combo) I am wondering if this setup will work if you are connect from an IP outside of the 192.168.x.x range. I was able to connect to my trueNAS remotely using openVPN configured on my router, but I want to figure out how to use the trueNAS service. To clarify, I no longer am running the openVPN configuration on my router, so that is not the problem. Furthermore, does having uPNP enabled or disabled have any bearing on if this setup will work?

on Truenas Scale, what is the Tunable's equivalent? What I found in the system/advance/ is systcl. Any help is apprecicated

Ouu very good video and tutorial but I have a problem I’m using Truenas 13 latest update but sometimes OpenVPN doesn’t work I don’t know why

I followed the steps/ My OpenVPN on the client side connects, but drops the connection every minute or so (it reconnects automatically., I get a CONNECTED notification every time). I can't ping my NAS from the client, internet access is very shakey down the VPN too, also no access to my SMB share.

I have a VPN at home, and my TrueNAS is remote. I want TrueNAS to connect as a client to my already existing VPN here. Is this possible? Every video and tutorial seem to want the truenas side to have the VPN.

Nicely done! I followed the steps and got it working. But i cannot seem to connect to the internet while connected to the VPN. How do i make that happen? I have a pihole as my DNS set up and i would like to use it "on the got". Also i would not like to have to switch between network access and internet access.

Hi. thanks for great video. my old rig , i5 5th gen with 16gb ram + raid1 250gb setup. Truenas web portal speed reduced 80% after openvpn setup. disabling tunables settings, corrected web portal experience back to normal. Do you have a suggestion on why? what can i do to test?

I am trying to set it up on Truenas Scale right now.
But I do not know where or how to set up the tunables.
I am able to connect to the OpenVPN but I am not getting any axess to the network itself.
Any ideas?

Can I use OpenVPN client on my phone and access the TrueNAS?

MAAAAAN!!! You are Legend. Thank you

subscribe and follow this man!!! he is awesome!!!

Followed everything till 14:33, just like I did with Spacerex's tutorial. Still not able to connect. The connection gets timed out. No logs either. What am I doing wrong?

Hi all, strange things occur to me... i ve done all the steps, OpevnVPN works, access the remote subnet either and i can upload and download file from the tunnel; BUT when i try to download anthing from the shares locally from a PC in the same subnet of the truenas, its simply hang! instead i can upload anything at high speed over LAN and VPN network, any hints? it seems disabling the Tunable variable of the firewall fix the local smb browsing and file sharing, but then it break the access of the remote subnet from the VPN Tunnel.. ( i can access only the Truenas )

Very insightful!!