Thank you for responding, i did apply the rules however i still have no traffic, only access to the truenas GUI. i am providing the rules i applied. There are duplicates in trying to get traffic to flow. ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any icmp6types 1 00997 allow ip from 172.16.1.0 to 192.168.2.9 445 00997 allow ip from 172.16.1.0/24 to 192.168.2.9 445 00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24 00998 allow ip from 172.16.1.0 to 192.168.2.0 00998 allow ip from 172.16.1.0 to 192.168.2.1 00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24 00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 65535 allow ip from any to any
After wading through forums, blogs, YT channels for days this was the first and only solution I have found to safely access my files remotely through a VPN. Thank you so very much Techworks!
This is by far the highest quality tutorial currently available on setting up an OpenVPN server for TrueNAS. Any bit of doubt I had about parameters I saw in other tutorials was taken away, in particular the IP parameter (which, from my current understanding, just creates another "mini subnet" within the local subnet under the specified prefix).
I don't know that I've ever felt compelled to comment on a RUclips video before, but I had to on this one. I have spent hours and hours watching videos, looking through forums, and following tutorials to setup OpenVPN on my TrueNas. And I've never gotten it to work how I wanted it to. This video explained exactly what to do and was very detailed and helpful. The only thing I had to change was my natd_interface to em0 like some of the other comments said. Thanks so much for making this video.
Thank you ❤ I have been trying to do this for several days and couldn't until I found this tutorial. Thanks for explaining the reason for each parameter, this way I could easily change it to the values for my setup
Dude you have no idea how much time I spent on this, trying to make my nextcloud only accessible by VPN and it was IMPOSSIBLE. But then you appeared and saved the day, thank you so so much
Amazing step-by-step video for the entire process. Did not falter anywhere. I would never have been able to do this on my own just by reading the manuals and adjusting the settings. Thanks for posting this.
Seriously man thanks for this video, I got like 80% of this setup on my own but couldn't figure out why I was unable to connect to my locally host services.
Thank you! Just watched a different tutorial before and while it did work, this worked in every aspect! Plus, your video was much easier to follow, better explained and a lot nicer to listen to.
Thank you so much for this! This got OpenVPN working on my machine with the ability to access my files remotely without fail. That being said, I, like some other users on here and on your website, experienced issues with jails (Plex in my case), not working properly. Oddly, it took a day for it to break (all was working fine when I first set it up). The ONLY way I could access my Plex remotely was when connected to the VPN. Originally I could connect to Plex without connecting to the VPN. Again... it took about a day for this to break. I did see your description comment about adding a jail with NAT selected. This fixed it! However, I read on a thread on Reddit of someone having an issue as well, and they were able to fix it instead by changing out their network interface identifier in the natd_interface tunable for vnetO. I disabled the added jail and tried this, and everything is still working properly. Now it's been less than a day, so I'll update here if it breaks again, but I figured I'd bring to your attention. Reddit post from TheRealStiffCookie below. "I had an extremely similar issue, in that I couldn't have OpenVPN and Plex set up on my Truenas at the same time. First step I tried was deleting the natd_interface tunable (mentioned on another site), which fixed Plex, but of course broke OpenVPN. I then re-added the tunable, but instead of setting the value to my physical interface (em0 - which I followed from a guide), I set it to vnet0 instead. All of my plugins, and OpenVPN have been working alongside each other since! Hope that helps anyone else that may stumble across this issue."
This has been working for me at the moment. I am not 100 percent sure what this does to the networking layout of the config, but hopefully its a stable solution. Thanks.
As an absolute novice to this kind of stuff, thank you for providing a very clear and concise walk-through of adding a vpn service here. I was struggling trying to figure out why the config file wasn't enough for trueNas charts and it seems I totally skipped the whole certificate step 😅
mate this tutorial has been an absolute god send, very detailed and precise EVERY step of the way, and bous points for having the additional params in the bottom becuase I couldn't tell if it was a 1,l or i. this has made the whole experince of being able to get access to my NAS to edit my photos on the go abosoltely painless. you get a 15/10 rating from me.
@@TechworksOnline I followed like 3 other tutorials and nothing worked after following them, then after watching yours it worked first go 👌 brilliant work you earnt a sub haha
Take me a day and half to set this up, my first problem is I didn’t watch the complete video. My bad. Then second problem was the Additional Parameters I took the quotation marks as asterisks and def1 as defl. It was hard to see these in video but found the correct parameters in the text. Once I fixed my errors it worked like a charm. So watch the whole video till the end before setting this up and you should have no problems. This one is complete as other videos leaves stuff out. Made notes and added these “Lessons Learned File” for future reference.
i've done everything you did, and can connect to my samba share, but nothing else... no internet through the server or internet outside of the server... no connections to other jails on the server or other computers on the network. any idea what i might have done wrong?
Thanks for the detailed tutorial! Though after having the OpenVPN server and the firewall rules applied as shown in the video I'm having issues with the jails (plugin installation fails when getting "pkg" (No address record error) and I can't even ping 1.1.1.1 with success). Is there a workaround for this? Or it ends up being a tradeoff for setting up OpenVPN this way? Also what's the difference and advantages/disadvantages of setting up the OpenVPN server from TrueNAS natively or inside a Jail?
You can manually add the options to the openvpn.conf file in a Shell on Truenas Navigate to /usr/local/etc/openvpn/server/openvpn_server.conf Add the options as is to the bottom of the file. Save, and restart the openvpn service in truenas
i can connect to the network (with correct IP), can open the truenas UI in browser on the remote machine, i can kind of access truenas with its IP, but i can't access the shares via win explorer, all accounts return "wrong credentials".... what could be the problem?
Thank you so much for the tuorial ! At 16:30 is it : push "redirect-gateway def1 bypass-dhcp" or push "redirect-gateway defl bypass-dhcp" with lowercase "L" ?
@@TechworksOnline might wanna have said that.... i had to google it too. that's THE single point where it's very likely people will misread, and it's the one point where you don't say what you're typing :/
Hi, this was nearly perfect, the vpn setup certainly works. However something to do with the tuneables breaks network acess to any virtual machines I have installed on the freenas box. They wont assign dhcp, i can acess them via ssh when setting a manual ip in the vm's however they do not get internet access. Just wont ping google, it will however ping local lan machines So i think something is blocking them/ firewall related I imagine. It seems similar to some issues others are having on here with jails breaking. As soon as I remove the tuneables, dhcp is back and the vm's have full internet acess. it would be great if you could help / advise on this, thanks
Same issue with the tunables. Solution I found was adding second NIC and setting one to auto DHCP, then use that for plex and other plugins. The other using a static IP and setting the natd_interface to it for VPN. Depending on setup you might need a switch to add the second cable to your router. Not sure if there is a setting to get around this but this was an easy/quick solution.
I don't understand why this cannot be written in TrueNAS documentation. I was struggling with RootCA, as I always wanted to use the NAS root CA (cause ... why the hell not?) And I didn't understand why it wasn't working...
Followed everything till 14:33, just like I did with Spacerex's tutorial. Still not able to connect. The connection gets timed out. No logs either. What am I doing wrong?
@@TechworksOnline I figured out what the issue was. I was actually trying to check if there are any updates available for truenas. But that was failing. Then I checked the network settings. For some reason gateway and nameservers were empty. I added those two things and now I can connect with openvpn. Feel like a huge load lifted from my head.
if anyones having any issues connecting to the other servers outside of truenas's ip make sure that the 'natd_interface' tunable matches your config. Mine was 're0' instead of 'le0' so I had to change the value inside of that to get it to work.
@@Xworkofme hey, don't know if you're still tryna figure this out but you can find it on the 'interfaces' tile on the dashboard above your network traffic speed indicator
Awesome tutorial. Very clear and concise. Unfortunately I can only access the Truenas server. SMB etc works but I can't access and other network devices including jails. I set the NAT tunable to bridge0 which is the name of my Truenas NIC but no dice.
I followed this step by step and got the connection established perfectly. Only problem is as soon as i apply the changes to the tunables, my pi hole wich i run in an VM on the TrueNas stopps working. The vm has a static IP. After tunables changes i cannot use it as a nameserver and the VM itself cannot resolve anymore. any help is welcome, im really stuck at this :/
I am having the same problem. I did find that if I disable "firewall_enable" -> "yes", I am able to access my truenas's gui, but my IP address doesn't change when I connect
Is there a way to preserve my home connection while accessing the remote server through the VPN? Because when using the VPN my internet access becomes only what is at the end of the tunnel.
Thanks for the very clear tutorial. However there is one major issue with the tunables in this setup: The option 'natd_interface' breaks the DNS access of the jails. That's why there are plenty of people having issues with their jails after configuring the openvpn service. Should the interface be set to the physical network connection or should we use a virtual interface in this tunable? It's not really clear and if you select the physical interface, the openvpn service runs but the jails lose the DNS access.
@@Catalyph that is what's being used in my case, but as said this causes and issue with the name resolution in the jails (see numerous posts with jail issues)
@@jackscan4358 I set my Jails up after setting up the VPN, and they work fine, I wonder if deploying a new jail after the setting the tunables will work ?
I finally managed to resolve it if anyone want the solution: Go to jail > Edit > and activate the following options: - DHCP Autoconfigure IPv4 - VNET - Berkeley Packet Filter Check configurations: - Venet_default_interface = auto - IPv4 Interface = empty - Ipv4 Address = assigned automatically when you chose DHCP Autoconfigure Ipv4. This will be your Nextcloud management IP - Ipv4 Default router = it will have your last IPv4 default router ip, but it will not be used... - IPv6 = all options disabled Now go to your router and assign to the DHCP the Ipv4 IP address in order to be sure that it will not change on nextcloud restarts. Finally, if you go to the IP address it will probably show that you need to add it to the Nextcloud trusted_domains. From TrueNas shell or SSH to TrueNas perform the following actions: vi /usr/local/www/nextcloud/config/config.php go to the line: 'trusted_domains' => array ( 0 => 'localhost', 1 => 'old nextcloud ip', Update the 1 => with the new ip address, or add a new line 2 => with the new ip address
hi, i am trying to follow your instructions. however i am unable to start the OPENVPN server like you did at 8:05 .. it gives me error "OPENVPN Server service failed to start" .. not sure what is wrong and how to fix this. Would you be able to help me with this please?
Great tutorial, thanks! VPN works nicely, but alas, a virtual machine runnin on Truenas completely lost network. So removed the tunables and VM's network works again. Something about those tunables seems to screw the VM - host bridge big time
@@TechworksOnline hmm not sure how to do that, AFAIK Truenas handles the VM network automatically. I did try re-creating the VM's NIC but that didn't help
Well can't get this to work. DHCP inside the VM doesn't work and when I set the VM to use static IP, I can connect to the VM from other machines BUT the VM cannot communicate with any other IP that the host. I'll have to set up another VM to run the OpenVPN because this just doesn't work
I think it was done on purpose, but what is the public IP address shown in the OpenVPN connect software. I’ve been struggling to get this to work and while I am in a unique double NAT scenario (so port forward on both router and router/modem combo) I am wondering if this setup will work if you are connect from an IP outside of the 192.168.x.x range. I was able to connect to my trueNAS remotely using openVPN configured on my router, but I want to figure out how to use the trueNAS service. To clarify, I no longer am running the openVPN configuration on my router, so that is not the problem. Furthermore, does having uPNP enabled or disabled have any bearing on if this setup will work?
The only problem I am having now is that the server is assigning the same IP address on the intermediate network behind a NAT translation to all clients that connect. So, the server takes 10.8.0.1 on this network, and provisions 10.8.0.2 for the first client joining. However, if a second client joins, with its own client certificate, still the server assigns 10.8.0.2 for the second and subsequent client connections.
On Truenas Scale, where can I setup the tunables? Please advise. By the way, your tutorial is the best so far I have found on RUclips. Thanks a lot for your sharing.
Quick question: Is this series of steps also what one needs to do if one has chosen the plugin OpenVPN, or is this for a manual installation of an OpenVPN server via panels and webpages in the TrueNAS CORE WebUI? I have set up an OpenVPN server using the plugin that is available. I see how to enter a shell for this OpenVPN that is running in a jail from the plugin I installed. Since this OpenVPN server from the plugin is running in a jail, will I need to do all the configuring by command line in that shell?
@richardbennett4365 yes there is. You would need to connect to the jail to configure it just as you would from the openvpn config guide on the openvpn site
@@TechworksOnline Hello! I could not get the jail-ed (i.e., OpenVPN Community plugin) to work on TrueNAS CORE. It just is difficult to work with a FreeBSD-based system when so much of the "world" is linux-based. No matter. Your excellent instructions helped me to set up an OpenVPN server, and I even got an intermediate network set up behind a NAT translation for use by the client. Amazing. I almost gave up, but with some careful thinking about all the steps, I realized the reason why things weren't working at the very end was due to my having forgotten to start the OpenVPN server as a service in TrueNAS CORE. Duh! Then, it worked. Perfectly. I am heading out with a laptop to test it on a network off my home network as that will be the true test. But, thank you so much for your words of encouragement and this fine tutorial and demonstration. Now, I don't need to set up a Cloudron-based OpenVPN on some paid Virtual Private Server. I have my own right here now on my own networked attached server.
I don't seem to have internet access through my TrueNAS server, regardless of whether the redirect gateway parameter is set or not. I can access the NAS itself, but not the internet and no other devices on the local network that TrueNAS is on. Any advice?
I am trying to set it up on Truenas Scale right now. But I do not know where or how to set up the tunables. I am able to connect to the OpenVPN but I am not getting any axess to the network itself. Any ideas?
You can use your IP address. But that might change at any time. Ddns will prevent you from not knowing the IP because it keep the IP updated to the ddns url every 30 minutes or so.
I have a VPN at home, and my TrueNAS is remote. I want TrueNAS to connect as a client to my already existing VPN here. Is this possible? Every video and tutorial seem to want the truenas side to have the VPN.
@@TechworksOnline Hi, many thanks for the quick response...Just 'viewed' the Description (should've done this before posting...doh!). Long time since I clicked on, 'Show more' :-D
Very new to Truenas - up and running and just set up a OpenVpn server on my TP Link router - I can vpn in and access internet as well as the settings for my Truenas server no issue. Can I access files as well with this approach or do I need to activate the Open VPN server on Truenas as in the video. Need a little guidance.
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
@@TechworksOnline When I am on local network - no issues. I hotspot on my phone and have set up Open VPN server on new TP link router. I can VPN into home network, use internet and log into the dashboard of Truenas no issue. Not able to load the SMB share to see my actual stored files on Truenas.
Awesome clear and concise tutorial ! Thank you so much for sharing this. I can now access all my files (even from my iphone) when travelling ;) Just a point, when configuring System/Tunables/natd_interface, of course enter your interface (not necessary le0, you should have shown that we must check in Network/interfaces for the right name) ;)
Thank you for the tuturial! Works like a charm..but I’m now having problems with installed plugins (Plex and qbittorrent) - it seems both services cannot access the internet anymore. Can it be because of added static route / tunnables entries?
you can try to add the subnet the jails are on to the static routes. so if your jails are on subnet 172.168.0.1 add that Subnet just like you did with the VPN subnet.
@@TechworksOnline I’ll give it a try, although my jails use the same subnet as the host. All my network is on 10.42.10.0 and my openvpn server is on 10.42.11.0
What's the difference (excluding a cost) between this and using a remote desktop software or app such as AnyDesk, Chrome Remote Desktop or TeamViewer etc?
One is remote desktop. This is a VPN. I'm sure those software use encryption. There is no "Desktop" on the VPN. It is like extending your private network to you location.
@@TechworksOnline Now I understand. But can I access my local network and TrueNas folders by using a remote desktop connection like the ones I mentioned instead of following your method as show in the video? Not taking away anything from your method as it seems very impressive. But which method do you advise to access your local account and TrueNas folders when outside of your local network or in another country? Tks!
Weird question, but I followed the guide to a T, however I can only access the local network while on the VPN, and can't access the internet on the computer unless I disconnect from the VPN. Any suggestions?
Hello, I come back today to try to get an help with cert expiration date is done. So now i tried to remove Old OpenVPn_root _CA and OpenvPN_server certs and it's always impossible even nothing else on TN13 core than Openvpn was using these certs. So how can i manage a clean deletion to restart from scratch your tutorial ? Thanks in advance for your time
Hello. I've recently completed this tutorial and I have my server OpenVPN server running in TrueNAS. the only problem that I'm encountering is that every device that I connect to my VPN is given the address 192.168.25.2 no matter how many devices are connected. If I have 2 devices on the same network trying to connect to the VPN, both devices are unable to connect. I've set up the Tunables, I've done the first push route command but didn't use the others because I didn't want to route internet traffic through my VPN. My TrueNAS server has a static IP set up and the proper static route set up to allow the TrueNAS server to be used as a gateway onto my LAN. I'm not sure what is causing this IP addressing issue. Any ideas on what can be done to remedy this?
Sorry for the late reply. Change the certificate for the user to have a different CName and SUBJECT Alternative Name.they should then get different IPs
@@TechworksOnline Thank you for the response. I have a tplink 4G router and in the settings I have nat forwording and in this category I have virtual servers and port triggering. Only in the virtual servers I can specify the port fowarding but it doesn't work!
Yes in the virtual server port forwarding internal port and service port should be the port of the VPN service on truenas and the ip should be the truenas ip. NAT should be enabled.
Great video. I was able to get the VPN working to the server only. Got any thoughts on how to get access to other local resources and the internet? I am sure it is an easy fix but I been searching around and trying things for a while now.
Thanks for this tutorial! I hit a bit of a snag during it however. Around 18:10 I added the Static Route, and immediately my web UI crashed. I am now unable to connect to it through the web, and my previously working OpenVPN connection is now down as well. Interestingly, my SMB share and FTP processes are still functioning. I've been looking for a few hours on a fix besides connecting a monitor and keyboard straight to the server. Anyone have advice on how to fix it?
Are you able to ssh to the machine, if your static route took down the webUI. You may have input the incorrect network in the correct order. You might have to keyboard and monitor to resolve.
@@TechworksOnline Did that and got nothing. Weirdly, I DNS flushed my remote machine for an unrelated reason, and I was able to access the server again despite it being on my local net. Thank you for the advice, and the really useful tutorial!
wow, big kudos!! the only thing i had to change was the network interface. it is igc0 for me (tunable natd_interface) worked out of the box! thank you so much!!! i never ever could make this on my own.
Hi all, strange things occur to me... i ve done all the steps, OpevnVPN works, access the remote subnet either and i can upload and download file from the tunnel; BUT when i try to download anthing from the shares locally from a PC in the same subnet of the truenas, its simply hang! instead i can upload anything at high speed over LAN and VPN network, any hints? it seems disabling the Tunable variable of the firewall fix the local smb browsing and file sharing, but then it break the access of the remote subnet from the VPN Tunnel.. ( i can access only the Truenas )
I really liked your tutorial. It's really detailed. So followed it, I also have DDNS setup on google domains from my NAS. I opened the port for the OpenVPN, but still can't connect from a remote computer :/ any ideas?
@@TechworksOnline I am having the same issue. I followed everything up to where we connected. It keeps timing out. Any suggestions? How do you check if you are using the correct ethernet port? On my dashboard, mine is saying re0.
Then you should reference re0 in all of the settings that I used le0 in the video. You can test your routers port forwarding by also forwarding port 22 temporarily and just try to ssh to your public IP address . If you get in. Then you know your port forwarding is correct. Make sure to disable it afterwards
If you watch part 2, you can do it either way, it is kind of both. The remote machine will use it's public IP to access the VPN connection to the truenas. And you can set it up to either have internet access from the truenas VPN which to the internet would look like your IP is coming from the public IP of the Truenas or you can have your remote machine access the internet from its own public IP and only access the TrueNAS' files and services over the VPN.
Thank you so much for this great tutorial, really well done. However, I've spent a lot of time trying to get it to work without success. Well, it works, but either NAS subnet IPs are reachable and jails lost access to the Internet, either jails have access but no way to reach other LAN IPs. I give up. Note: the workaround with creating a jail to generate a NAT interface did not work.
this is a really good tutorial. my usecase would be to have a work-arround for a ISP level port-forwarding block, so i can forward a specific service to possible clients without giving full access to my entire local network with a VPN (which works even with the ISP block). :^) gonna try this when i get the time to try it! thanks for the video!
Thanks so much for the tutorial! Was wondering if you could do one for TrueNas SCALE. I got as far as the tunables, which is not available on SCALE. As a result, in testing this from my office, I can connect to my home TrueNas VPN, and access the TrueNas server itself, but nothing else on my home network. While connected, I have no internet, but can still access all of the devices on my office LAN. Any idea how to fix that on SCALE?
Thank you for the video! I got a question when I connect to the VPN, I can access my storage data, however, I can only access websites like google, youtube, and Facebook, but not others. I think this is an issue with DNS, but I am not sure, can you help, please?
@@TechworksOnline Thank you for your reply! I have the issue fixed. Another question I have is how safe is it to use this VPN method in your video to connect back to the NAS at home? I am not an IT expert at all, just want to get a general idea.
@@TechworksOnline Thank you again for your reply. If someone got my openvpn setting file, then I guess the only thing stopping them is the NAS username and password, how safe is that? Also, is there a way to see the VPN log-in activities history from Truenas? It will be very helpful for monitoring. Thank you!
If someone got the config file to connect to the VPN. Then they would be able to connect yes. How ever if you want the 2nd video. There is a way to implement a way to block specific files from connecting.
If you have more than 1 nics, say 2 nics 1 for internet, 1 for lan only... in tunables, do you make 2 entries 1 for each nic? I want to pass vpn access to my private non-internet network.
I did follow this tutorial, the VPN work with a single user connected but when I add a second user one of the two cannot longer connect to anything. User A and user B are both connected, but only User B can access the LAN. I use two certificates for both user with a different CN. Cannot figure out why.
I tried to follow everything in the video. When I add the downloaded profile to OpenVPN, I get an error message "crypto_alg: RSA-SHA256: not found". Can someone explain what I am doing wrongly?
This means that the client that OpenVPN may not have the algorithm needed. in the downloaded .ovpn open it in a text edit and find the line "auth RSA-SHA256" and try changing it to "auth SHA256" see if that helps
@@TechworksOnline Thank you! That worked! But now I have another problem as Plex stopped working. Is it because of the configuration made to run the OpenVPN server?
Hi there, I'm just following the tutorial to setup OpenVPN on my Truenas13 box, I found once I add the additional parameters as instructed, my OpenVPN server wont start any more. I checked everything but could not figure out why, once removed the Additional parameters, the server starts fine. Anybody could help please? Regards, Bob
i did all the same, but when it comes to downloading the avpn config file i get an error. I can't download the config file. Here's an error: 1) Client certificate must have keyusage xtension 2) client certificate must have extebdedkeyusage extension set. 3) Client certificate must have "digital signature" and/or "key agreement" set for keyusafe extension. 4) Client certificate must have "tls web client authentication" set in extendedkeyusage extension. although I checked more than once everything is in place. Guys can anyone help me to solve this problem?
I followed the steps/ My OpenVPN on the client side connects, but drops the connection every minute or so (it reconnects automatically., I get a CONNECTED notification every time). I can't ping my NAS from the client, internet access is very shakey down the VPN too, also no access to my SMB share.
Awesome clear and concise tutorial! Thank you for sharing this.
Thanks, Appreciate it !
Thank you for responding, i did apply the rules however i still have no traffic, only access to the truenas GUI. i am providing the rules i applied. There are duplicates in trying to get traffic to flow.
ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any icmp6types 1
00997 allow ip from 172.16.1.0 to 192.168.2.9 445
00997 allow ip from 172.16.1.0/24 to 192.168.2.9 445
00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24
00998 allow ip from 172.16.1.0 to 192.168.2.0
00998 allow ip from 172.16.1.0 to 192.168.2.1
00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24
00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24
01000 allow ipv6-icmp from any to any icmp6types 2,135,136
65535 allow ip from any to any
Help! my clients have different certificates but get the same ip addresses (192.168.1.2) when connecting to openvpn. What to do?
@@alanhiggins2521 - I had similar issue, but was due to using the wrong interface name
@@артемблизнюк-т1о create a different client certificate with a different Common Name and different subject alternative name
After wading through forums, blogs, YT channels for days this was the first and only solution I have found to safely access my files remotely through a VPN. Thank you so very much Techworks!
Great to hear!
How this only has 2400 views is beyond me. This is clear, concise, top quality. One of the best on RUclips. Thank you!!
Thanks ! I really appreciate it !
This is by far the highest quality tutorial currently available on setting up an OpenVPN server for TrueNAS. Any bit of doubt I had about parameters I saw in other tutorials was taken away, in particular the IP parameter (which, from my current understanding, just creates another "mini subnet" within the local subnet under the specified prefix).
I don't know that I've ever felt compelled to comment on a RUclips video before, but I had to on this one. I have spent hours and hours watching videos, looking through forums, and following tutorials to setup OpenVPN on my TrueNas. And I've never gotten it to work how I wanted it to. This video explained exactly what to do and was very detailed and helpful. The only thing I had to change was my natd_interface to em0 like some of the other comments said. Thanks so much for making this video.
Thanks! This means a lot to me!
This absoulutley saved my bacon. Could not for the life of me get this to work until I found this video. Much appreciated.
Thank you ❤ I have been trying to do this for several days and couldn't until I found this tutorial. Thanks for explaining the reason for each parameter, this way I could easily change it to the values for my setup
Dude you have no idea how much time I spent on this, trying to make my nextcloud only accessible by VPN and it was IMPOSSIBLE. But then you appeared and saved the day, thank you so so much
You absolutely ripped other VPN tutorials to shreds, this fit my scenario and worked really well, my hero for 2022!
Took me a few tries, but your tutorial made it possible to connect from the internet. Thanks!
Glad I could help!
After fighting for weeks, I found this video. Thank you for using your covid time so helpfully!!!
Thank you so much!!! the bit from 16:00 was missing from other tutorials. Great stuff!
Amazing step-by-step video for the entire process. Did not falter anywhere. I would never have been able to do this on my own just by reading the manuals and adjusting the settings. Thanks for posting this.
Huge thanks dude. I finaly got it working. I tried so many other tutorials and they confused me. Yours was straight forward and Thorough!
Seriously man thanks for this video, I got like 80% of this setup on my own but couldn't figure out why I was unable to connect to my locally host services.
This is the best OpenVPN tutorial for TrueNAS I've found. Thank you!
Thanks for the comment ! Appreciate it.
This video helped me resolved the issue I had struggled for a week. Thanks!
Amazing, glad It helped !
Thank you! Just watched a different tutorial before and while it did work, this worked in every aspect!
Plus, your video was much easier to follow, better explained and a lot nicer to listen to.
Glad it helped!
Thank you so much for this! This got OpenVPN working on my machine with the ability to access my files remotely without fail.
That being said, I, like some other users on here and on your website, experienced issues with jails (Plex in my case), not working properly. Oddly, it took a day for it to break (all was working fine when I first set it up). The ONLY way I could access my Plex remotely was when connected to the VPN. Originally I could connect to Plex without connecting to the VPN. Again... it took about a day for this to break.
I did see your description comment about adding a jail with NAT selected. This fixed it! However, I read on a thread on Reddit of someone having an issue as well, and they were able to fix it instead by changing out their network interface identifier in the natd_interface tunable for vnetO. I disabled the added jail and tried this, and everything is still working properly. Now it's been less than a day, so I'll update here if it breaks again, but I figured I'd bring to your attention. Reddit post from TheRealStiffCookie below.
"I had an extremely similar issue, in that I couldn't have OpenVPN and Plex set up on my Truenas at the same time.
First step I tried was deleting the natd_interface tunable (mentioned on another site), which fixed Plex, but of course broke OpenVPN.
I then re-added the tunable, but instead of setting the value to my physical interface (em0 - which I followed from a guide), I set it to vnet0 instead. All of my plugins, and OpenVPN have been working alongside each other since!
Hope that helps anyone else that may stumble across this issue."
This has been working for me at the moment. I am not 100 percent sure what this does to the networking layout of the config, but hopefully its a stable solution. Thanks.
Amazing thanks for the great find !! I will add this to the description!
I changed mine to vnet0 and although I can access my network drives and truenas I can't access the plug-ins. I guess I have some digging to do.
As an absolute novice to this kind of stuff, thank you for providing a very clear and concise walk-through of adding a vpn service here. I was struggling trying to figure out why the config file wasn't enough for trueNas charts and it seems I totally skipped the whole certificate step 😅
mate this tutorial has been an absolute god send, very detailed and precise EVERY step of the way, and bous points for having the additional params in the bottom becuase I couldn't tell if it was a 1,l or i. this has made the whole experince of being able to get access to my NAS to edit my photos on the go abosoltely painless. you get a 15/10 rating from me.
Awesome! Glad it helped you.
@@TechworksOnline I followed like 3 other tutorials and nothing worked after following them, then after watching yours it worked first go 👌 brilliant work you earnt a sub haha
Take me a day and half to set this up, my first problem is I didn’t watch the complete video. My bad. Then second problem was the Additional Parameters I took the quotation marks as asterisks and def1 as defl. It was hard to see these in video but found the correct parameters in the text. Once I fixed my errors it worked like a charm. So watch the whole video till the end before setting this up and you should have no problems. This one is complete as other videos leaves stuff out. Made notes and added these “Lessons Learned File” for future reference.
Thank you so much! Worked the first time from this tutorial, I never got it to work before,
i've done everything you did, and can connect to my samba share, but nothing else... no internet through the server or internet outside of the server... no connections to other jails on the server or other computers on the network. any idea what i might have done wrong?
Thanks for the detailed tutorial!
Though after having the OpenVPN server and the firewall rules applied as shown in the video I'm having issues with the jails (plugin installation fails when getting "pkg" (No address record error) and I can't even ping 1.1.1.1 with success). Is there a workaround for this? Or it ends up being a tradeoff for setting up OpenVPN this way?
Also what's the difference and advantages/disadvantages of setting up the OpenVPN server from TrueNAS natively or inside a Jail?
Hi, same issue here. @Techworks, any clue?
Same issue!
Any advice on why when I try to put anything in the additional parameters under openVPN under Services it crashes when I go to save?
You can manually add the options to the openvpn.conf file
in a Shell on Truenas Navigate to /usr/local/etc/openvpn/server/openvpn_server.conf
Add the options as is to the bottom of the file.
Save, and restart the openvpn service in truenas
i can connect to the network (with correct IP), can open the truenas UI in browser on the remote machine, i can kind of access truenas with its IP, but i can't access the shares via win explorer, all accounts return "wrong credentials".... what could be the problem?
Make sure the user you are using has permissions on thr directories is TrueNAS shares
Clear and understable! Thank you very much! By far one of the best tutorials!
It's a great tutorial
Thank you so much for the tuorial !
At 16:30 is it : push "redirect-gateway def1 bypass-dhcp" or push "redirect-gateway defl bypass-dhcp" with lowercase "L" ?
One 1
@@TechworksOnline might wanna have said that.... i had to google it too. that's THE single point where it's very likely people will misread, and it's the one point where you don't say what you're typing :/
@@PrivatePaul I will enter the details into the Description of the video.
Hi, this was nearly perfect, the vpn setup certainly works. However something to do with the tuneables breaks network acess to any virtual machines I have installed on the freenas box. They wont assign dhcp, i can acess them via ssh when setting a manual ip in the vm's however they do not get internet access. Just wont ping google, it will however ping local lan machines So i think something is blocking them/ firewall related I imagine. It seems similar to some issues others are having on here with jails breaking. As soon as I remove the tuneables, dhcp is back and the vm's have full internet acess. it would be great if you could help / advise on this, thanks
Same issue with the tunables. Solution I found was adding second NIC and setting one to auto DHCP, then use that for plex and other plugins. The other using a static IP and setting the natd_interface to it for VPN. Depending on setup you might need a switch to add the second cable to your router. Not sure if there is a setting to get around this but this was an easy/quick solution.
People like you are what make this world great!
I don't understand why this cannot be written in TrueNAS documentation. I was struggling with RootCA, as I always wanted to use the NAS root CA (cause ... why the hell not?) And I didn't understand why it wasn't working...
Thanks so much man, I always struggle with networking stuff since I rarely do it. This was very clear and concise.
Very good tutorial, very concise, thank you for all your efforts, much appreciated.
agree fully.
Followed everything till 14:33, just like I did with Spacerex's tutorial. Still not able to connect. The connection gets timed out. No logs either. What am I doing wrong?
Did you get port forwarding on your home router completed? That is usually the first thing I would check
@@TechworksOnline yes I did
@@TechworksOnline I figured out what the issue was. I was actually trying to check if there are any updates available for truenas. But that was failing. Then I checked the network settings. For some reason gateway and nameservers were empty. I added those two things and now I can connect with openvpn. Feel like a huge load lifted from my head.
wow thanks so much. this was the best one around that made the process a hell of a lot easier to understand and get working.
Thanks !
if anyones having any issues connecting to the other servers outside of truenas's ip make sure that the 'natd_interface' tunable matches your config. Mine was 're0' instead of 'le0' so I had to change the value inside of that to get it to work.
Hi, where i can find this information on my Truenas Dashboard ?
@@Xworkofme hey, don't know if you're still tryna figure this out but you can find it on the 'interfaces' tile on the dashboard above your network traffic speed indicator
Es el video mas detallado y completo que he visto para configurar la VPN en treuenas. Gracias por el aporte
Gracias! tu comentario significa mucho
Awesome tutorial. Very clear and concise. Unfortunately I can only access the Truenas server. SMB etc works but I can't access and other network devices including jails. I set the NAT tunable to bridge0 which is the name of my Truenas NIC but no dice.
Hi enabling natd is preventing me from getting dhcp for my plugins, anyway around that?
I followed this step by step and got the connection established perfectly. Only problem is as soon as i apply the changes to the tunables, my pi hole wich i run in an VM on the TrueNas stopps working. The vm has a static IP. After tunables changes i cannot use it as a nameserver and the VM itself cannot resolve anymore. any help is welcome, im really stuck at this :/
I am having the same problem. I did find that if I disable "firewall_enable" -> "yes", I am able to access my truenas's gui, but my IP address doesn't change when I connect
Is there a way to preserve my home connection while accessing the remote server through the VPN? Because when using the VPN my internet access becomes only what is at the end of the tunnel.
Amazing, clear step-by-step process! I wish I had watched this before attempting it on my own.
Thanks for the very clear tutorial. However there is one major issue with the tunables in this setup: The option 'natd_interface' breaks the DNS access of the jails. That's why there are plenty of people having issues with their jails after configuring the openvpn service. Should the interface be set to the physical network connection or should we use a virtual interface in this tunable? It's not really clear and if you select the physical interface, the openvpn service runs but the jails lose the DNS access.
You will want to use the interface your TrueNAS is connected to physically. In the TrueNAS dashboard.
@@Catalyph that is what's being used in my case, but as said this causes and issue with the name resolution in the jails (see numerous posts with jail issues)
@@jackscan4358 I set my Jails up after setting up the VPN, and they work fine, I wonder if deploying a new jail after the setting the tunables will work ?
Same issue, with vpn working i loss jail access, is like the ports are not redirected
I finally managed to resolve it if anyone want the solution:
Go to jail > Edit > and activate the following options:
- DHCP Autoconfigure IPv4
- VNET
- Berkeley Packet Filter
Check configurations:
- Venet_default_interface = auto
- IPv4 Interface = empty
- Ipv4 Address = assigned automatically when you chose DHCP Autoconfigure Ipv4. This will be your Nextcloud management IP
- Ipv4 Default router = it will have your last IPv4 default router ip, but it will not be used...
- IPv6 = all options disabled
Now go to your router and assign to the DHCP the Ipv4 IP address in order to be sure that it will not change on nextcloud restarts.
Finally, if you go to the IP address it will probably show that you need to add it to the Nextcloud trusted_domains.
From TrueNas shell or SSH to TrueNas perform the following actions:
vi /usr/local/www/nextcloud/config/config.php
go to the line:
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'old nextcloud ip',
Update the 1 => with the new ip address, or add a new line 2 => with the new ip address
This is excellent, but I have a problem, mi internet provider put me in a NAT and I Don have a public IP, is there a solution for my issue?
in 24:04, what means allow the client to connect to the entire subnet
hi, i am trying to follow your instructions. however i am unable to start the OPENVPN server like you did at 8:05 .. it gives me error "OPENVPN Server service failed to start" .. not sure what is wrong and how to fix this. Would you be able to help me with this please?
Usually means that one of the configuration items is incorrectly set.
How am I able to SSH into other servers through this VPN?
Great tutorial, thanks! VPN works nicely, but alas, a virtual machine runnin on Truenas completely lost network. So removed the tunables and VM's network works again. Something about those tunables seems to screw the VM - host bridge big time
I think if you just reapply the network with the tunables in place it will start to work again
@@TechworksOnline hmm not sure how to do that, AFAIK Truenas handles the VM network automatically. I did try re-creating the VM's NIC but that didn't help
Well can't get this to work. DHCP inside the VM doesn't work and when I set the VM to use static IP, I can connect to the VM from other machines BUT the VM cannot communicate with any other IP that the host. I'll have to set up another VM to run the OpenVPN because this just doesn't work
Clear and simply, thanks for sharing! LOL @TrueNAS comented also, that's god sign!
Can you accesses the gui as well remotely ?
There is more on that in part 2.
you should be able to.
ruclips.net/video/it0HdDiutIE/видео.html
Hello. In the common name should I put my public ip address? (in my case it is static) or should I associate the ip to a service like dyndns or noIP?
You can put what ever you want. BUT wait for tomorrow's video ! It has something for you !
@@Catalyph Thanks
Help! my clients have different certificates but get the same ip addresses (192.168.1.2) when connecting to openvpn. What to do?
Do I need to do the steps in Part 2? My goal was to access my TrueNAS outside of my local network and this worked like a charm!
I think it was done on purpose, but what is the public IP address shown in the OpenVPN connect software. I’ve been struggling to get this to work and while I am in a unique double NAT scenario (so port forward on both router and router/modem combo) I am wondering if this setup will work if you are connect from an IP outside of the 192.168.x.x range. I was able to connect to my trueNAS remotely using openVPN configured on my router, but I want to figure out how to use the trueNAS service. To clarify, I no longer am running the openVPN configuration on my router, so that is not the problem. Furthermore, does having uPNP enabled or disabled have any bearing on if this setup will work?
The only problem I am having now is that the server is assigning the same IP address on the intermediate network behind a NAT translation to all clients that connect. So, the server takes 10.8.0.1 on this network, and provisions 10.8.0.2 for the first client joining. However, if a second client joins, with its own client certificate, still the server assigns 10.8.0.2 for the second and subsequent client connections.
New certs with different common name and subject alt names should assign diff ips
Hi, I have error next error: SSL Routines: certificate verify failed, what to do?
Its the best Video i have Sean for this toppig👍👍👍👍
On Truenas Scale, where can I setup the tunables? Please advise. By the way, your tutorial is the best so far I have found on RUclips. Thanks a lot for your sharing.
I got the same problem. Do you found out, how to do it?
@@robink.1475 no
Quick question: Is this series of steps also what one needs to do if one has chosen the plugin OpenVPN, or is this for a manual installation of an OpenVPN server via panels and webpages in the TrueNAS CORE WebUI?
I have set up an OpenVPN server using the plugin that is available. I see how to enter a shell for this OpenVPN that is running in a jail from the plugin I installed. Since this OpenVPN server from the plugin is running in a jail, will I need to do all the configuring by command line in that shell?
No, the jail is different amd dhould not need these steps.
The jail is like a container.
@@TechworksOnlineit must need other steps, certainly.
@richardbennett4365 yes there is. You would need to connect to the jail to configure it just as you would from the openvpn config guide on the openvpn site
@@TechworksOnline Hello!
I could not get the jail-ed (i.e., OpenVPN Community plugin) to work on TrueNAS CORE. It just is difficult to work with a FreeBSD-based system when so much of the "world" is linux-based. No matter. Your excellent instructions helped me to set up an OpenVPN server, and I even got an intermediate network set up behind a NAT translation for use by the client.
Amazing. I almost gave up, but with some careful thinking about all the steps, I realized the reason why things weren't working at the very end was due to my having forgotten to start the OpenVPN server as a service in TrueNAS CORE. Duh! Then, it worked. Perfectly. I am heading out with a laptop to test it on a network off my home network as that will be the true test. But, thank you so much for your words of encouragement and this fine tutorial and demonstration. Now, I don't need to set up a Cloudron-based OpenVPN on some paid Virtual Private Server. I have my own right here now on my own networked attached server.
I don't seem to have internet access through my TrueNAS server, regardless of whether the redirect gateway parameter is set or not. I can access the NAS itself, but not the internet and no other devices on the local network that TrueNAS is on. Any advice?
There is a part 2 ro this video that should help
I am trying to set it up on Truenas Scale right now.
But I do not know where or how to set up the tunables.
I am able to connect to the OpenVPN but I am not getting any axess to the network itself.
Any ideas?
So I need a DDNS or public domain to access my NAS outside of my home network? There's no other way to access it directly?
You can use your IP address. But that might change at any time. Ddns will prevent you from not knowing the IP because it keep the IP updated to the ddns url every 30 minutes or so.
I have a VPN at home, and my TrueNAS is remote. I want TrueNAS to connect as a client to my already existing VPN here. Is this possible? Every video and tutorial seem to want the truenas side to have the VPN.
Great video tutorial! Following this and trying myself, however, at around 16:15 in text is added. What are the quotations? " or ' ? Many thanks
Double quote - Please check the link to my website in the description or in the description itself, that will have all the text copy and paste-able
@@TechworksOnline Hi, many thanks for the quick response...Just 'viewed' the Description (should've done this before posting...doh!). Long time since I clicked on, 'Show more' :-D
Could you tell me where can I find this tunable on Truenas Scale please?
Very new to Truenas - up and running and just set up a OpenVpn server on my TP Link router - I can vpn in and access internet as well as the settings for my Truenas server no issue. Can I access files as well with this approach or do I need to activate the Open VPN server on Truenas as in the video. Need a little guidance.
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
@@TechworksOnline When I am on local network - no issues. I hotspot on my phone and have set up Open VPN server on new TP link router. I can VPN into home network, use internet and log into the dashboard of Truenas no issue. Not able to load the SMB share to see my actual stored files on Truenas.
i got a new Internet Provider wich only gave me an ipv6 hosting, so i am limited to ipv6. is there any way to connect via vpn using ipv6 ?
Awesome clear and concise tutorial ! Thank you so much for sharing this. I can now access all my files (even from my iphone) when travelling ;)
Just a point, when configuring System/Tunables/natd_interface, of course enter your interface (not necessary le0, you should have shown that we must check in Network/interfaces for the right name) ;)
Thank you for the tuturial! Works like a charm..but I’m now having problems with installed plugins (Plex and qbittorrent) - it seems both services cannot access the internet anymore. Can it be because of added static route / tunnables entries?
you can try to add the subnet the jails are on to the static routes. so if your jails are on subnet 172.168.0.1 add that Subnet just like you did with the VPN subnet.
@@TechworksOnline I’ll give it a try, although my jails use the same subnet as the host. All my network is on 10.42.10.0 and my openvpn server is on 10.42.11.0
@@fxk44 is this a /16 or /24 network ?
@@TechworksOnline it’s a /24 network
In a shell prompt.
ipfw list
See if enabling the firewall blocked something. If not I will need to test it out.
What's the difference (excluding a cost) between this and using a remote desktop software or app such as AnyDesk, Chrome Remote Desktop or TeamViewer etc?
One is remote desktop. This is a VPN. I'm sure those software use encryption. There is no "Desktop" on the VPN. It is like extending your private network to you location.
@@TechworksOnline Now I understand. But can I access my local network and TrueNas folders by using a remote desktop connection like the ones I mentioned instead of following your method as show in the video? Not taking away anything from your method as it seems very impressive. But which method do you advise to access your local account and TrueNas folders when outside of your local network or in another country? Tks!
Weird question, but I followed the guide to a T, however I can only access the local network while on the VPN, and can't access the internet on the computer unless I disconnect from the VPN. Any suggestions?
Try part 2, it should help.
ruclips.net/video/it0HdDiutIE/видео.html
Hello, I come back today to try to get an help with cert expiration date is done. So now i tried to remove Old OpenVPn_root _CA and OpenvPN_server certs and it's always impossible even nothing else on TN13 core than Openvpn was using these certs. So how can i manage a clean deletion to restart from scratch your tutorial ?
Thanks in advance for your time
Hello. I've recently completed this tutorial and I have my server OpenVPN server running in TrueNAS. the only problem that I'm encountering is that every device that I connect to my VPN is given the address 192.168.25.2 no matter how many devices are connected. If I have 2 devices on the same network trying to connect to the VPN, both devices are unable to connect. I've set up the Tunables, I've done the first push route command but didn't use the others because I didn't want to route internet traffic through my VPN. My TrueNAS server has a static IP set up and the proper static route set up to allow the TrueNAS server to be used as a gateway onto my LAN. I'm not sure what is causing this IP addressing issue. Any ideas on what can be done to remedy this?
Sorry for the late reply.
Change the certificate for the user to have a different CName and SUBJECT Alternative Name.they should then get different IPs
Hello, I have this issue : connection timeout, dns resolution error with open VPN connect when I imported the conf file. Any ideas ?
Sounds like you dns is not resolving to your IP or your router is not correctly port forwarding to the trunas open vpn ip in your network
@@TechworksOnline Thank you for the response.
I have a tplink 4G router and in the settings I have nat forwording and in this category I have virtual servers and port triggering. Only in the virtual servers I can specify the port fowarding but it doesn't work!
Yes in the virtual server port forwarding internal port and service port should be the port of the VPN service on truenas and the ip should be the truenas ip.
NAT should be enabled.
Great video. I was able to get the VPN working to the server only. Got any thoughts on how to get access to other local resources and the internet? I am sure it is an easy fix but I been searching around and trying things for a while now.
Can I use OpenVPN client on my phone and access the TrueNAS?
Thanks for this tutorial! I hit a bit of a snag during it however. Around 18:10 I added the Static Route, and immediately my web UI crashed. I am now unable to connect to it through the web, and my previously working OpenVPN connection is now down as well. Interestingly, my SMB share and FTP processes are still functioning. I've been looking for a few hours on a fix besides connecting a monitor and keyboard straight to the server. Anyone have advice on how to fix it?
Are you able to ssh to the machine, if your static route took down the webUI. You may have input the incorrect network in the correct order.
You might have to keyboard and monitor to resolve.
@@TechworksOnline Yes, I am able to SSH to the machine. It seems just the web GUI is unresponsive.
Try rebooting the trunas if the website is unresponsive
@@TechworksOnline Did that and got nothing. Weirdly, I DNS flushed my remote machine for an unrelated reason, and I was able to access the server again despite it being on my local net. Thank you for the advice, and the really useful tutorial!
What if you need to access your TrueNAS server GUI from remote?
Watch Part 2 here: ruclips.net/video/it0HdDiutIE/видео.html
It has a section that explains the firewall rules and more access options!
on Truenas Scale, what is the Tunable's equivalent? What I found in the system/advance/ is systcl. Any help is apprecicated
wow, big kudos!!
the only thing i had to change was the network interface. it is igc0 for me (tunable natd_interface)
worked out of the box! thank you so much!!! i never ever could make this on my own.
Hi all, strange things occur to me... i ve done all the steps, OpevnVPN works, access the remote subnet either and i can upload and download file from the tunnel; BUT when i try to download anthing from the shares locally from a PC in the same subnet of the truenas, its simply hang! instead i can upload anything at high speed over LAN and VPN network, any hints? it seems disabling the Tunable variable of the firewall fix the local smb browsing and file sharing, but then it break the access of the remote subnet from the VPN Tunnel.. ( i can access only the Truenas )
I really liked your tutorial. It's really detailed. So followed it, I also have DDNS setup on google domains from my NAS. I opened the port for the OpenVPN, but still can't connect from a remote computer :/ any ideas?
Make sure you are using the correct ethernet port you see on the dashboard of the TrueNAS, mine was le0, yours may be different.
@@TechworksOnline I am having the same issue. I followed everything up to where we connected. It keeps timing out. Any suggestions? How do you check if you are using the correct ethernet port? On my dashboard, mine is saying re0.
Then you should reference re0 in all of the settings that I used le0 in the video.
You can test your routers port forwarding by also forwarding port 22 temporarily and just try to ssh to your public IP address . If you get in. Then you know your port forwarding is correct. Make sure to disable it afterwards
thanks man, keep the tutorials coming. They are super useful
Would this only route traffic to the local network or would the public ip of the remote device also change?
If you watch part 2, you can do it either way, it is kind of both. The remote machine will use it's public IP to access the VPN connection to the truenas. And you can set it up to either have internet access from the truenas VPN which to the internet would look like your IP is coming from the public IP of the Truenas or you can have your remote machine access the internet from its own public IP and only access the TrueNAS' files and services over the VPN.
@@TechworksOnline Thank you. I will check out Part 2. ~
Thanks for the tutorial! I'm surprised there are not more likes on this video.
Thank you so much for this great tutorial, really well done. However, I've spent a lot of time trying to get it to work without success. Well, it works, but either NAS subnet IPs are reachable and jails lost access to the Internet, either jails have access but no way to reach other LAN IPs. I give up.
Note: the workaround with creating a jail to generate a NAT interface did not work.
this is a really good tutorial. my usecase would be to have a work-arround for a ISP level port-forwarding block, so i can forward a specific service to possible clients without giving full access to my entire local network with a VPN (which works even with the ISP block). :^) gonna try this when i get the time to try it! thanks for the video!
Thanks so much for the tutorial! Was wondering if you could do one for TrueNas SCALE. I got as far as the tunables, which is not available on SCALE. As a result, in testing this from my office, I can connect to my home TrueNas VPN, and access the TrueNas server itself, but nothing else on my home network. While connected, I have no internet, but can still access all of the devices on my office LAN. Any idea how to fix that on SCALE?
You may not need the tunable. Just add the options in the openvpn settings from part 2 video
On the client side, allow the port in the firewall. It helped me.
Thank you for the video! I got a question when I connect to the VPN, I can access my storage data, however, I can only access websites like google, youtube, and Facebook, but not others. I think this is an issue with DNS, but I am not sure, can you help, please?
Make sure the default gateway on the truenas is correctly set for all destination traffic to go out the primary link to your internet.
@@TechworksOnline Thank you for your reply! I have the issue fixed.
Another question I have is how safe is it to use this VPN method in your video to connect back to the NAS at home? I am not an IT expert at all, just want to get a general idea.
This is very safe. The data transmitted while over the VPN would be encrypted so anyone that intercepts the data would get noting but garbled mess.
@@TechworksOnline Thank you again for your reply. If someone got my openvpn setting file, then I guess the only thing stopping them is the NAS username and password, how safe is that? Also, is there a way to see the VPN log-in activities history from Truenas? It will be very helpful for monitoring. Thank you!
If someone got the config file to connect to the VPN. Then they would be able to connect yes. How ever if you want the 2nd video. There is a way to implement a way to block specific files from connecting.
If you have more than 1 nics, say 2 nics 1 for internet, 1 for lan only... in tunables, do you make 2 entries 1 for each nic? I want to pass vpn access to my private non-internet network.
I did follow this tutorial, the VPN work with a single user connected but when I add a second user one of the two cannot longer connect to anything.
User A and user B are both connected, but only User B can access the LAN.
I use two certificates for both user with a different CN. Cannot figure out why.
Make sure the Common name AND the Subject Alternative names are different
@@TechworksOnline Okay, gonna give a try
No luck , same issue
I tried to follow everything in the video. When I add the downloaded profile to OpenVPN, I get an error message "crypto_alg: RSA-SHA256: not found". Can someone explain what I am doing wrongly?
This means that the client that OpenVPN may not have the algorithm needed.
in the downloaded .ovpn open it in a text edit and find the line "auth RSA-SHA256" and try changing it to "auth SHA256" see if that helps
@@TechworksOnline Thank you! That worked!
But now I have another problem as Plex stopped working. Is it because of the configuration made to run the OpenVPN server?
Thank you for this excellent tutorial. Great work here.
Hi there,
I'm just following the tutorial to setup OpenVPN on my Truenas13 box, I found once I add the additional parameters as instructed, my OpenVPN server wont start any more. I checked everything but could not figure out why, once removed the Additional parameters, the server starts fine. Anybody could help please?
Regards,
Bob
Syntax issue usually if it wo t start.. try copy paste from description or website link
i did all the same, but when it comes to downloading the avpn config file i get an error. I can't download the config file. Here's an error:
1) Client certificate must have keyusage xtension 2) client certificate must have extebdedkeyusage extension set. 3) Client certificate must have "digital signature" and/or "key agreement" set for keyusafe extension. 4) Client certificate must have "tls web client authentication" set in extendedkeyusage extension. although I checked more than once everything is in place.
Guys can anyone help me to solve this problem?
Can we configure multi user with usename and password authenticaton?
I followed the steps/ My OpenVPN on the client side connects, but drops the connection every minute or so (it reconnects automatically., I get a CONNECTED notification every time). I can't ping my NAS from the client, internet access is very shakey down the VPN too, also no access to my SMB share.
Would you have a dns step by step tutorial for this exact video?
I used parameter for VPN Server Service like you but after save i can't start service. How can i fix it, please?
If it is not starting then it is likely syntax error.