This is by far the highest quality tutorial currently available on setting up an OpenVPN server for TrueNAS. Any bit of doubt I had about parameters I saw in other tutorials was taken away, in particular the IP parameter (which, from my current understanding, just creates another "mini subnet" within the local subnet under the specified prefix).
Thank you for responding, i did apply the rules however i still have no traffic, only access to the truenas GUI. i am providing the rules i applied. There are duplicates in trying to get traffic to flow. ipfw list 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from any to ::1 00500 deny ip from ::1 to any 00600 allow ipv6-icmp from :: to ff02::/16 00700 allow ipv6-icmp from fe80::/10 to fe80::/10 00800 allow ipv6-icmp from fe80::/10 to ff02::/16 00900 allow ipv6-icmp from any to any icmp6types 1 00997 allow ip from 172.16.1.0 to 192.168.2.9 445 00997 allow ip from 172.16.1.0/24 to 192.168.2.9 445 00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24 00998 allow ip from 172.16.1.0 to 192.168.2.0 00998 allow ip from 172.16.1.0 to 192.168.2.1 00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24 00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24 01000 allow ipv6-icmp from any to any icmp6types 2,135,136 65535 allow ip from any to any
After wading through forums, blogs, YT channels for days this was the first and only solution I have found to safely access my files remotely through a VPN. Thank you so very much Techworks!
I don't know that I've ever felt compelled to comment on a TH-cam video before, but I had to on this one. I have spent hours and hours watching videos, looking through forums, and following tutorials to setup OpenVPN on my TrueNas. And I've never gotten it to work how I wanted it to. This video explained exactly what to do and was very detailed and helpful. The only thing I had to change was my natd_interface to em0 like some of the other comments said. Thanks so much for making this video.
Seriously man thanks for this video, I got like 80% of this setup on my own but couldn't figure out why I was unable to connect to my locally host services.
Dude you have no idea how much time I spent on this, trying to make my nextcloud only accessible by VPN and it was IMPOSSIBLE. But then you appeared and saved the day, thank you so so much
Thank you ❤ I have been trying to do this for several days and couldn't until I found this tutorial. Thanks for explaining the reason for each parameter, this way I could easily change it to the values for my setup
Amazing step-by-step video for the entire process. Did not falter anywhere. I would never have been able to do this on my own just by reading the manuals and adjusting the settings. Thanks for posting this.
Take me a day and half to set this up, my first problem is I didn’t watch the complete video. My bad. Then second problem was the Additional Parameters I took the quotation marks as asterisks and def1 as defl. It was hard to see these in video but found the correct parameters in the text. Once I fixed my errors it worked like a charm. So watch the whole video till the end before setting this up and you should have no problems. This one is complete as other videos leaves stuff out. Made notes and added these “Lessons Learned File” for future reference.
Thank you so much for this! This got OpenVPN working on my machine with the ability to access my files remotely without fail. That being said, I, like some other users on here and on your website, experienced issues with jails (Plex in my case), not working properly. Oddly, it took a day for it to break (all was working fine when I first set it up). The ONLY way I could access my Plex remotely was when connected to the VPN. Originally I could connect to Plex without connecting to the VPN. Again... it took about a day for this to break. I did see your description comment about adding a jail with NAT selected. This fixed it! However, I read on a thread on Reddit of someone having an issue as well, and they were able to fix it instead by changing out their network interface identifier in the natd_interface tunable for vnetO. I disabled the added jail and tried this, and everything is still working properly. Now it's been less than a day, so I'll update here if it breaks again, but I figured I'd bring to your attention. Reddit post from TheRealStiffCookie below. "I had an extremely similar issue, in that I couldn't have OpenVPN and Plex set up on my Truenas at the same time. First step I tried was deleting the natd_interface tunable (mentioned on another site), which fixed Plex, but of course broke OpenVPN. I then re-added the tunable, but instead of setting the value to my physical interface (em0 - which I followed from a guide), I set it to vnet0 instead. All of my plugins, and OpenVPN have been working alongside each other since! Hope that helps anyone else that may stumble across this issue."
This has been working for me at the moment. I am not 100 percent sure what this does to the networking layout of the config, but hopefully its a stable solution. Thanks.
if anyones having any issues connecting to the other servers outside of truenas's ip make sure that the 'natd_interface' tunable matches your config. Mine was 're0' instead of 'le0' so I had to change the value inside of that to get it to work.
@@Xworkofme hey, don't know if you're still tryna figure this out but you can find it on the 'interfaces' tile on the dashboard above your network traffic speed indicator
As an absolute novice to this kind of stuff, thank you for providing a very clear and concise walk-through of adding a vpn service here. I was struggling trying to figure out why the config file wasn't enough for trueNas charts and it seems I totally skipped the whole certificate step 😅
mate this tutorial has been an absolute god send, very detailed and precise EVERY step of the way, and bous points for having the additional params in the bottom becuase I couldn't tell if it was a 1,l or i. this has made the whole experince of being able to get access to my NAS to edit my photos on the go abosoltely painless. you get a 15/10 rating from me.
@@TechworksOnline I followed like 3 other tutorials and nothing worked after following them, then after watching yours it worked first go 👌 brilliant work you earnt a sub haha
Thank you! Just watched a different tutorial before and while it did work, this worked in every aspect! Plus, your video was much easier to follow, better explained and a lot nicer to listen to.
Thank you so much for the tuorial ! At 16:30 is it : push "redirect-gateway def1 bypass-dhcp" or push "redirect-gateway defl bypass-dhcp" with lowercase "L" ?
@@TechworksOnline might wanna have said that.... i had to google it too. that's THE single point where it's very likely people will misread, and it's the one point where you don't say what you're typing :/
Awesome tutorial. Very clear and concise. Unfortunately I can only access the Truenas server. SMB etc works but I can't access and other network devices including jails. I set the NAT tunable to bridge0 which is the name of my Truenas NIC but no dice.
Thanks for the detailed tutorial! Though after having the OpenVPN server and the firewall rules applied as shown in the video I'm having issues with the jails (plugin installation fails when getting "pkg" (No address record error) and I can't even ping 1.1.1.1 with success). Is there a workaround for this? Or it ends up being a tradeoff for setting up OpenVPN this way? Also what's the difference and advantages/disadvantages of setting up the OpenVPN server from TrueNAS natively or inside a Jail?
i've done everything you did, and can connect to my samba share, but nothing else... no internet through the server or internet outside of the server... no connections to other jails on the server or other computers on the network. any idea what i might have done wrong?
i can connect to the network (with correct IP), can open the truenas UI in browser on the remote machine, i can kind of access truenas with its IP, but i can't access the shares via win explorer, all accounts return "wrong credentials".... what could be the problem?
Hi, this was nearly perfect, the vpn setup certainly works. However something to do with the tuneables breaks network acess to any virtual machines I have installed on the freenas box. They wont assign dhcp, i can acess them via ssh when setting a manual ip in the vm's however they do not get internet access. Just wont ping google, it will however ping local lan machines So i think something is blocking them/ firewall related I imagine. It seems similar to some issues others are having on here with jails breaking. As soon as I remove the tuneables, dhcp is back and the vm's have full internet acess. it would be great if you could help / advise on this, thanks
Same issue with the tunables. Solution I found was adding second NIC and setting one to auto DHCP, then use that for plex and other plugins. The other using a static IP and setting the natd_interface to it for VPN. Depending on setup you might need a switch to add the second cable to your router. Not sure if there is a setting to get around this but this was an easy/quick solution.
You can manually add the options to the openvpn.conf file in a Shell on Truenas Navigate to /usr/local/etc/openvpn/server/openvpn_server.conf Add the options as is to the bottom of the file. Save, and restart the openvpn service in truenas
Great tutorial, thanks! VPN works nicely, but alas, a virtual machine runnin on Truenas completely lost network. So removed the tunables and VM's network works again. Something about those tunables seems to screw the VM - host bridge big time
@@TechworksOnline hmm not sure how to do that, AFAIK Truenas handles the VM network automatically. I did try re-creating the VM's NIC but that didn't help
Well can't get this to work. DHCP inside the VM doesn't work and when I set the VM to use static IP, I can connect to the VM from other machines BUT the VM cannot communicate with any other IP that the host. I'll have to set up another VM to run the OpenVPN because this just doesn't work
Followed everything till 14:33, just like I did with Spacerex's tutorial. Still not able to connect. The connection gets timed out. No logs either. What am I doing wrong?
@@TechworksOnline I figured out what the issue was. I was actually trying to check if there are any updates available for truenas. But that was failing. Then I checked the network settings. For some reason gateway and nameservers were empty. I added those two things and now I can connect with openvpn. Feel like a huge load lifted from my head.
Thanks for the very clear tutorial. However there is one major issue with the tunables in this setup: The option 'natd_interface' breaks the DNS access of the jails. That's why there are plenty of people having issues with their jails after configuring the openvpn service. Should the interface be set to the physical network connection or should we use a virtual interface in this tunable? It's not really clear and if you select the physical interface, the openvpn service runs but the jails lose the DNS access.
@@Catalyph that is what's being used in my case, but as said this causes and issue with the name resolution in the jails (see numerous posts with jail issues)
@@jackscan4358 I set my Jails up after setting up the VPN, and they work fine, I wonder if deploying a new jail after the setting the tunables will work ?
I finally managed to resolve it if anyone want the solution: Go to jail > Edit > and activate the following options: - DHCP Autoconfigure IPv4 - VNET - Berkeley Packet Filter Check configurations: - Venet_default_interface = auto - IPv4 Interface = empty - Ipv4 Address = assigned automatically when you chose DHCP Autoconfigure Ipv4. This will be your Nextcloud management IP - Ipv4 Default router = it will have your last IPv4 default router ip, but it will not be used... - IPv6 = all options disabled Now go to your router and assign to the DHCP the Ipv4 IP address in order to be sure that it will not change on nextcloud restarts. Finally, if you go to the IP address it will probably show that you need to add it to the Nextcloud trusted_domains. From TrueNas shell or SSH to TrueNas perform the following actions: vi /usr/local/www/nextcloud/config/config.php go to the line: 'trusted_domains' => array ( 0 => 'localhost', 1 => 'old nextcloud ip', Update the 1 => with the new ip address, or add a new line 2 => with the new ip address
Awesome clear and concise tutorial ! Thank you so much for sharing this. I can now access all my files (even from my iphone) when travelling ;) Just a point, when configuring System/Tunables/natd_interface, of course enter your interface (not necessary le0, you should have shown that we must check in Network/interfaces for the right name) ;)
this is a really good tutorial. my usecase would be to have a work-arround for a ISP level port-forwarding block, so i can forward a specific service to possible clients without giving full access to my entire local network with a VPN (which works even with the ISP block). :^) gonna try this when i get the time to try it! thanks for the video!
I don't understand why this cannot be written in TrueNAS documentation. I was struggling with RootCA, as I always wanted to use the NAS root CA (cause ... why the hell not?) And I didn't understand why it wasn't working...
On Truenas Scale, where can I setup the tunables? Please advise. By the way, your tutorial is the best so far I have found on TH-cam. Thanks a lot for your sharing.
Many thanks for this very very good tutorial, it worked almost on the spot. Almost, because my knowledge in this subject is "almost" not perfect... :-) (but getting better). You might have gone perhaps in 2-3 places slightly deeper in the explanation, so that an even larger audience would be able to follow. I mean by that explaining a little bit more for example what the different IP addresses mean that are being used throughout the installation (subnet etc.). Or why we can only use the config file to securely access our server in the end, without using the certificate as such, given that there is the option to download it. (I hope I understood correctly, that it is already included in the config file and not that all my secret cute-cat-videos are not open to the internet... :-) ). Of course I know, that it is also our responsibility to dig deeper, if something is not understood! It would have just kept the otherwise perfect flow of information. Oh, and your voice is just perfect for tutorials!!!
Is there a way to preserve my home connection while accessing the remote server through the VPN? Because when using the VPN my internet access becomes only what is at the end of the tunnel.
@@TechworksOnline Hi, many thanks for the quick response...Just 'viewed' the Description (should've done this before posting...doh!). Long time since I clicked on, 'Show more' :-D
Thank you for the tuturial! Works like a charm..but I’m now having problems with installed plugins (Plex and qbittorrent) - it seems both services cannot access the internet anymore. Can it be because of added static route / tunnables entries?
you can try to add the subnet the jails are on to the static routes. so if your jails are on subnet 172.168.0.1 add that Subnet just like you did with the VPN subnet.
@@TechworksOnline I’ll give it a try, although my jails use the same subnet as the host. All my network is on 10.42.10.0 and my openvpn server is on 10.42.11.0
I really liked your tutorial. It's really detailed. So followed it, I also have DDNS setup on google domains from my NAS. I opened the port for the OpenVPN, but still can't connect from a remote computer :/ any ideas?
@@TechworksOnline I am having the same issue. I followed everything up to where we connected. It keeps timing out. Any suggestions? How do you check if you are using the correct ethernet port? On my dashboard, mine is saying re0.
Then you should reference re0 in all of the settings that I used le0 in the video. You can test your routers port forwarding by also forwarding port 22 temporarily and just try to ssh to your public IP address . If you get in. Then you know your port forwarding is correct. Make sure to disable it afterwards
I followed this step by step and got the connection established perfectly. Only problem is as soon as i apply the changes to the tunables, my pi hole wich i run in an VM on the TrueNas stopps working. The vm has a static IP. After tunables changes i cannot use it as a nameserver and the VM itself cannot resolve anymore. any help is welcome, im really stuck at this :/
I am having the same problem. I did find that if I disable "firewall_enable" -> "yes", I am able to access my truenas's gui, but my IP address doesn't change when I connect
Quick question: Is this series of steps also what one needs to do if one has chosen the plugin OpenVPN, or is this for a manual installation of an OpenVPN server via panels and webpages in the TrueNAS CORE WebUI? I have set up an OpenVPN server using the plugin that is available. I see how to enter a shell for this OpenVPN that is running in a jail from the plugin I installed. Since this OpenVPN server from the plugin is running in a jail, will I need to do all the configuring by command line in that shell?
@richardbennett4365 yes there is. You would need to connect to the jail to configure it just as you would from the openvpn config guide on the openvpn site
@@TechworksOnline Hello! I could not get the jail-ed (i.e., OpenVPN Community plugin) to work on TrueNAS CORE. It just is difficult to work with a FreeBSD-based system when so much of the "world" is linux-based. No matter. Your excellent instructions helped me to set up an OpenVPN server, and I even got an intermediate network set up behind a NAT translation for use by the client. Amazing. I almost gave up, but with some careful thinking about all the steps, I realized the reason why things weren't working at the very end was due to my having forgotten to start the OpenVPN server as a service in TrueNAS CORE. Duh! Then, it worked. Perfectly. I am heading out with a laptop to test it on a network off my home network as that will be the true test. But, thank you so much for your words of encouragement and this fine tutorial and demonstration. Now, I don't need to set up a Cloudron-based OpenVPN on some paid Virtual Private Server. I have my own right here now on my own networked attached server.
Could you make a little video about how to revoke a client certificate? Simply deleting it won't stop the user from being able to connect to the vpn service. BTW it's important to use an uncommon ip range for the local network, so avoid 192.168.0 and 192.168.1 since this could give routing issues when a user is tyring to log in from home or internet cafe if that location also uses this common ip range.
I think it was done on purpose, but what is the public IP address shown in the OpenVPN connect software. I’ve been struggling to get this to work and while I am in a unique double NAT scenario (so port forward on both router and router/modem combo) I am wondering if this setup will work if you are connect from an IP outside of the 192.168.x.x range. I was able to connect to my trueNAS remotely using openVPN configured on my router, but I want to figure out how to use the trueNAS service. To clarify, I no longer am running the openVPN configuration on my router, so that is not the problem. Furthermore, does having uPNP enabled or disabled have any bearing on if this setup will work?
Great video. I was able to get the VPN working to the server only. Got any thoughts on how to get access to other local resources and the internet? I am sure it is an easy fix but I been searching around and trying things for a while now.
Hello, I come back today to try to get an help with cert expiration date is done. So now i tried to remove Old OpenVPn_root _CA and OpenvPN_server certs and it's always impossible even nothing else on TN13 core than Openvpn was using these certs. So how can i manage a clean deletion to restart from scratch your tutorial ? Thanks in advance for your time
hi, i am trying to follow your instructions. however i am unable to start the OPENVPN server like you did at 8:05 .. it gives me error "OPENVPN Server service failed to start" .. not sure what is wrong and how to fix this. Would you be able to help me with this please?
I am trying to set it up on Truenas Scale right now. But I do not know where or how to set up the tunables. I am able to connect to the OpenVPN but I am not getting any axess to the network itself. Any ideas?
I have a VPN at home, and my TrueNAS is remote. I want TrueNAS to connect as a client to my already existing VPN here. Is this possible? Every video and tutorial seem to want the truenas side to have the VPN.
i did all the same, but when it comes to downloading the avpn config file i get an error. I can't download the config file. Here's an error: 1) Client certificate must have keyusage xtension 2) client certificate must have extebdedkeyusage extension set. 3) Client certificate must have "digital signature" and/or "key agreement" set for keyusafe extension. 4) Client certificate must have "tls web client authentication" set in extendedkeyusage extension. although I checked more than once everything is in place. Guys can anyone help me to solve this problem?
Thanks for this tutorial! I hit a bit of a snag during it however. Around 18:10 I added the Static Route, and immediately my web UI crashed. I am now unable to connect to it through the web, and my previously working OpenVPN connection is now down as well. Interestingly, my SMB share and FTP processes are still functioning. I've been looking for a few hours on a fix besides connecting a monitor and keyboard straight to the server. Anyone have advice on how to fix it?
Are you able to ssh to the machine, if your static route took down the webUI. You may have input the incorrect network in the correct order. You might have to keyboard and monitor to resolve.
@@TechworksOnline Did that and got nothing. Weirdly, I DNS flushed my remote machine for an unrelated reason, and I was able to access the server again despite it being on my local net. Thank you for the advice, and the really useful tutorial!
Very new to Truenas - up and running and just set up a OpenVpn server on my TP Link router - I can vpn in and access internet as well as the settings for my Truenas server no issue. Can I access files as well with this approach or do I need to activate the Open VPN server on Truenas as in the video. Need a little guidance.
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
@@TechworksOnline When I am on local network - no issues. I hotspot on my phone and have set up Open VPN server on new TP link router. I can VPN into home network, use internet and log into the dashboard of Truenas no issue. Not able to load the SMB share to see my actual stored files on Truenas.
Thanks for this video. I am having an issue though. When I set up the additional parameters in OpenVPN server, add the static route and the tuneables as you describe them in the video i'm able to access everything in my network flawlessly. The issue, though, is when I'm back on my LAN the TrueNAS server becomes completely unstable. I mostly can write to the samba fine, but can't read files and the GUI takes minutes to load if it will load at all. I do video editing from the TrueNAS and Final Cut Pro will lock up for several minutes and then crash. If I can get the GUI to load long enough to let me disable the Tuneables and reboot things recover and work as expected but then I'm no longer able to reach other services in my network have you experienced something like this before?
@@fernandoferrari3477 I never did. I ended up setting two different types of VPNs. One on Truenas for others to connect to gain access to share drives on that, and a wireguard VPN on m pfsense box for me to connect to my whole network with.
Thank you so much for this great tutorial, really well done. However, I've spent a lot of time trying to get it to work without success. Well, it works, but either NAS subnet IPs are reachable and jails lost access to the Internet, either jails have access but no way to reach other LAN IPs. I give up. Note: the workaround with creating a jail to generate a NAT interface did not work.
Hi, I follow your tutorial and everything worked as you described. Thanks a lot! I have only one issue: with this conf I am not able to browse the Internet while connected to the VPN. Do you know how to solve it ?
Make sure the IP you have in the OpenVPN client is on a different network than the IP of the Client machines regular network. you should be able to browse the internet but it will be using the VPN connection and the OpenVPN SERVERS access to the internet, so if the OpenVPN server does not have internet access this wont work, you will need to remove the line "push redirect-gateway defl bypass-dhcp" from the OpenVPN additional Parameters section
If you want access to the client internet and network and not ONLY the VPN network, remove the line: "push redirect-gateway defl bypass-dhcp" from the OpenVPN additional Parameters section
I am not shure how to interprete the result... Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.141 25 0.0.0.0 128.0.0.0 192.168.178.1 192.168.178.2 257 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 128.0.0.0 128.0.0.0 192.168.178.1 192.168.178.2 257 192.168.1.0 255.255.255.0 On-link 192.168.1.141 281 192.168.1.141 255.255.255.255 On-link 192.168.1.141 281 192.168.1.255 255.255.255.255 On-link 192.168.1.141 281 192.168.178.0 255.255.255.0 192.168.178.1 192.168.178.2 257 192.168.178.2 255.255.255.255 On-link 192.168.178.2 257 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.1.141 281 224.0.0.0 240.0.0.0 On-link 192.168.178.2 257 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.1.141 281 255.255.255.255 255.255.255.255 On-link 192.168.178.2 257 192.168.1.1 is my router 192.168.178.2 is shown as my private IP in the VPN 192.168.1.110 would be my TrueNAS Also I am constantly dropping in and out of the VPN. Like there are conflicting settings or something...? Thank you for taking the time!
Thanks so much for the tutorial! Was wondering if you could do one for TrueNas SCALE. I got as far as the tunables, which is not available on SCALE. As a result, in testing this from my office, I can connect to my home TrueNas VPN, and access the TrueNas server itself, but nothing else on my home network. While connected, I have no internet, but can still access all of the devices on my office LAN. Any idea how to fix that on SCALE?
Nicely done! I followed the steps and got it working. But i cannot seem to connect to the internet while connected to the VPN. How do i make that happen? I have a pihole as my DNS set up and i would like to use it "on the got". Also i would not like to have to switch between network access and internet access.
If you are connected to the VPN as per my setup, Make sure you are connected remotely. Most providers will not redirect public IP from inside the LAN. Subscribe I have a video coming on Sunday that has more setups including client and server internet access options.
Also make sure your syntax is correct in the additional Parameters, the syntax could be incorrect and not give an error, it just wont works for those options. push "route 192.168.0.0 255.255.255.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-options DNS 8.8.8.8" push "dhcp-options DNS 1.1.1.1"
@@TechworksOnline Thanks for your reply! My provider does actually let me connect from inside my LAN to the public IP. But I can confirm that my smartphone (via cellular service) ist able to connect to the VPN and reach my SMB shares on the other subnet. But it is unable to reach any internet services while connected to the VPN. I copied your settings to the letter with the exeption, that 192.168.1.0 is the subnet for my regular LAN and 192.168.0.0 is used for VPN devices. I have set up a VPN in the past with pivpn wich worked flawlessly but was a bit too slow for my taste. I am currenty paying for 150 Mbit symmetrical via fibre. The TrueNAS box is already running 24/7. So I want to take advantage of the extra horsepower. XD Looking forward to your next video!
@@TechworksOnline Thank you for the response. I have a tplink 4G router and in the settings I have nat forwording and in this category I have virtual servers and port triggering. Only in the virtual servers I can specify the port fowarding but it doesn't work!
Yes in the virtual server port forwarding internal port and service port should be the port of the VPN service on truenas and the ip should be the truenas ip. NAT should be enabled.
You can use your IP address. But that might change at any time. Ddns will prevent you from not knowing the IP because it keep the IP updated to the ddns url every 30 minutes or so.
I don't seem to have internet access through my TrueNAS server, regardless of whether the redirect gateway parameter is set or not. I can access the NAS itself, but not the internet and no other devices on the local network that TrueNAS is on. Any advice?
Weird question, but I followed the guide to a T, however I can only access the local network while on the VPN, and can't access the internet on the computer unless I disconnect from the VPN. Any suggestions?
Great got it working, many thanks for your video (though I had to put the same entry in to 'Common Name' and 'Subject Alternate Names' :-) Last question...To access through an Android phone...do you just install Openvpn app and drop a ovpn file?
Thank you for the video! I got a question when I connect to the VPN, I can access my storage data, however, I can only access websites like google, youtube, and Facebook, but not others. I think this is an issue with DNS, but I am not sure, can you help, please?
@@TechworksOnline Thank you for your reply! I have the issue fixed. Another question I have is how safe is it to use this VPN method in your video to connect back to the NAS at home? I am not an IT expert at all, just want to get a general idea.
@@TechworksOnline Thank you again for your reply. If someone got my openvpn setting file, then I guess the only thing stopping them is the NAS username and password, how safe is that? Also, is there a way to see the VPN log-in activities history from Truenas? It will be very helpful for monitoring. Thank you!
If someone got the config file to connect to the VPN. Then they would be able to connect yes. How ever if you want the 2nd video. There is a way to implement a way to block specific files from connecting.
A very thorough walkthrough, thank you. Every time I setup OpenVPN I have issues accessing my internal network. One thing, le0 was bge0 on my system. I'm not sure if you mentioned it may be different on other systems.
What's the difference (excluding a cost) between this and using a remote desktop software or app such as AnyDesk, Chrome Remote Desktop or TeamViewer etc?
One is remote desktop. This is a VPN. I'm sure those software use encryption. There is no "Desktop" on the VPN. It is like extending your private network to you location.
@@TechworksOnline Now I understand. But can I access my local network and TrueNas folders by using a remote desktop connection like the ones I mentioned instead of following your method as show in the video? Not taking away anything from your method as it seems very impressive. But which method do you advise to access your local account and TrueNas folders when outside of your local network or in another country? Tks!
This is by far the highest quality tutorial currently available on setting up an OpenVPN server for TrueNAS. Any bit of doubt I had about parameters I saw in other tutorials was taken away, in particular the IP parameter (which, from my current understanding, just creates another "mini subnet" within the local subnet under the specified prefix).
Awesome clear and concise tutorial! Thank you for sharing this.
Thanks, Appreciate it !
Thank you for responding, i did apply the rules however i still have no traffic, only access to the truenas GUI. i am providing the rules i applied. There are duplicates in trying to get traffic to flow.
ipfw list
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any icmp6types 1
00997 allow ip from 172.16.1.0 to 192.168.2.9 445
00997 allow ip from 172.16.1.0/24 to 192.168.2.9 445
00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24
00998 allow ip from 172.16.1.0 to 192.168.2.0
00998 allow ip from 172.16.1.0 to 192.168.2.1
00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24
00998 allow ip from 172.16.1.0/24 to 192.168.2.0/24
01000 allow ipv6-icmp from any to any icmp6types 2,135,136
65535 allow ip from any to any
Help! my clients have different certificates but get the same ip addresses (192.168.1.2) when connecting to openvpn. What to do?
@@alanhiggins2521 - I had similar issue, but was due to using the wrong interface name
@@артемблизнюк-т1о create a different client certificate with a different Common Name and different subject alternative name
After wading through forums, blogs, YT channels for days this was the first and only solution I have found to safely access my files remotely through a VPN. Thank you so very much Techworks!
Great to hear!
How this only has 2400 views is beyond me. This is clear, concise, top quality. One of the best on TH-cam. Thank you!!
Thanks ! I really appreciate it !
I don't know that I've ever felt compelled to comment on a TH-cam video before, but I had to on this one. I have spent hours and hours watching videos, looking through forums, and following tutorials to setup OpenVPN on my TrueNas. And I've never gotten it to work how I wanted it to. This video explained exactly what to do and was very detailed and helpful. The only thing I had to change was my natd_interface to em0 like some of the other comments said. Thanks so much for making this video.
Thanks! This means a lot to me!
This absoulutley saved my bacon. Could not for the life of me get this to work until I found this video. Much appreciated.
Seriously man thanks for this video, I got like 80% of this setup on my own but couldn't figure out why I was unable to connect to my locally host services.
Dude you have no idea how much time I spent on this, trying to make my nextcloud only accessible by VPN and it was IMPOSSIBLE. But then you appeared and saved the day, thank you so so much
You absolutely ripped other VPN tutorials to shreds, this fit my scenario and worked really well, my hero for 2022!
Thank you ❤ I have been trying to do this for several days and couldn't until I found this tutorial. Thanks for explaining the reason for each parameter, this way I could easily change it to the values for my setup
After fighting for weeks, I found this video. Thank you for using your covid time so helpfully!!!
Took me a few tries, but your tutorial made it possible to connect from the internet. Thanks!
Glad I could help!
Amazing step-by-step video for the entire process. Did not falter anywhere. I would never have been able to do this on my own just by reading the manuals and adjusting the settings. Thanks for posting this.
Take me a day and half to set this up, my first problem is I didn’t watch the complete video. My bad. Then second problem was the Additional Parameters I took the quotation marks as asterisks and def1 as defl. It was hard to see these in video but found the correct parameters in the text. Once I fixed my errors it worked like a charm. So watch the whole video till the end before setting this up and you should have no problems. This one is complete as other videos leaves stuff out. Made notes and added these “Lessons Learned File” for future reference.
This is the best OpenVPN tutorial for TrueNAS I've found. Thank you!
Thanks for the comment ! Appreciate it.
Thank you so much for this! This got OpenVPN working on my machine with the ability to access my files remotely without fail.
That being said, I, like some other users on here and on your website, experienced issues with jails (Plex in my case), not working properly. Oddly, it took a day for it to break (all was working fine when I first set it up). The ONLY way I could access my Plex remotely was when connected to the VPN. Originally I could connect to Plex without connecting to the VPN. Again... it took about a day for this to break.
I did see your description comment about adding a jail with NAT selected. This fixed it! However, I read on a thread on Reddit of someone having an issue as well, and they were able to fix it instead by changing out their network interface identifier in the natd_interface tunable for vnetO. I disabled the added jail and tried this, and everything is still working properly. Now it's been less than a day, so I'll update here if it breaks again, but I figured I'd bring to your attention. Reddit post from TheRealStiffCookie below.
"I had an extremely similar issue, in that I couldn't have OpenVPN and Plex set up on my Truenas at the same time.
First step I tried was deleting the natd_interface tunable (mentioned on another site), which fixed Plex, but of course broke OpenVPN.
I then re-added the tunable, but instead of setting the value to my physical interface (em0 - which I followed from a guide), I set it to vnet0 instead. All of my plugins, and OpenVPN have been working alongside each other since!
Hope that helps anyone else that may stumble across this issue."
This has been working for me at the moment. I am not 100 percent sure what this does to the networking layout of the config, but hopefully its a stable solution. Thanks.
Amazing thanks for the great find !! I will add this to the description!
I changed mine to vnet0 and although I can access my network drives and truenas I can't access the plug-ins. I guess I have some digging to do.
if anyones having any issues connecting to the other servers outside of truenas's ip make sure that the 'natd_interface' tunable matches your config. Mine was 're0' instead of 'le0' so I had to change the value inside of that to get it to work.
Hi, where i can find this information on my Truenas Dashboard ?
@@Xworkofme hey, don't know if you're still tryna figure this out but you can find it on the 'interfaces' tile on the dashboard above your network traffic speed indicator
Huge thanks dude. I finaly got it working. I tried so many other tutorials and they confused me. Yours was straight forward and Thorough!
As an absolute novice to this kind of stuff, thank you for providing a very clear and concise walk-through of adding a vpn service here. I was struggling trying to figure out why the config file wasn't enough for trueNas charts and it seems I totally skipped the whole certificate step 😅
This video helped me resolved the issue I had struggled for a week. Thanks!
Amazing, glad It helped !
Es el video mas detallado y completo que he visto para configurar la VPN en treuenas. Gracias por el aporte
Gracias! tu comentario significa mucho
mate this tutorial has been an absolute god send, very detailed and precise EVERY step of the way, and bous points for having the additional params in the bottom becuase I couldn't tell if it was a 1,l or i. this has made the whole experince of being able to get access to my NAS to edit my photos on the go abosoltely painless. you get a 15/10 rating from me.
Awesome! Glad it helped you.
@@TechworksOnline I followed like 3 other tutorials and nothing worked after following them, then after watching yours it worked first go 👌 brilliant work you earnt a sub haha
Thank you! Just watched a different tutorial before and while it did work, this worked in every aspect!
Plus, your video was much easier to follow, better explained and a lot nicer to listen to.
Glad it helped!
Thank you so much! Worked the first time from this tutorial, I never got it to work before,
People like you are what make this world great!
Clear and understable! Thank you very much! By far one of the best tutorials!
It's a great tutorial
Thank you so much!!! the bit from 16:00 was missing from other tutorials. Great stuff!
Thank you so much for the tuorial !
At 16:30 is it : push "redirect-gateway def1 bypass-dhcp" or push "redirect-gateway defl bypass-dhcp" with lowercase "L" ?
One 1
@@TechworksOnline might wanna have said that.... i had to google it too. that's THE single point where it's very likely people will misread, and it's the one point where you don't say what you're typing :/
@@PrivatePaul I will enter the details into the Description of the video.
Awesome tutorial. Very clear and concise. Unfortunately I can only access the Truenas server. SMB etc works but I can't access and other network devices including jails. I set the NAT tunable to bridge0 which is the name of my Truenas NIC but no dice.
Very good tutorial, very concise, thank you for all your efforts, much appreciated.
agree fully.
Thanks for the detailed tutorial!
Though after having the OpenVPN server and the firewall rules applied as shown in the video I'm having issues with the jails (plugin installation fails when getting "pkg" (No address record error) and I can't even ping 1.1.1.1 with success). Is there a workaround for this? Or it ends up being a tradeoff for setting up OpenVPN this way?
Also what's the difference and advantages/disadvantages of setting up the OpenVPN server from TrueNAS natively or inside a Jail?
Hi, same issue here. @Techworks, any clue?
Same issue!
i've done everything you did, and can connect to my samba share, but nothing else... no internet through the server or internet outside of the server... no connections to other jails on the server or other computers on the network. any idea what i might have done wrong?
Thanks so much man, I always struggle with networking stuff since I rarely do it. This was very clear and concise.
i can connect to the network (with correct IP), can open the truenas UI in browser on the remote machine, i can kind of access truenas with its IP, but i can't access the shares via win explorer, all accounts return "wrong credentials".... what could be the problem?
Make sure the user you are using has permissions on thr directories is TrueNAS shares
wow thanks so much. this was the best one around that made the process a hell of a lot easier to understand and get working.
Thanks !
Clear and simply, thanks for sharing! LOL @TrueNAS comented also, that's god sign!
Amazing, clear step-by-step process! I wish I had watched this before attempting it on my own.
Hi, this was nearly perfect, the vpn setup certainly works. However something to do with the tuneables breaks network acess to any virtual machines I have installed on the freenas box. They wont assign dhcp, i can acess them via ssh when setting a manual ip in the vm's however they do not get internet access. Just wont ping google, it will however ping local lan machines So i think something is blocking them/ firewall related I imagine. It seems similar to some issues others are having on here with jails breaking. As soon as I remove the tuneables, dhcp is back and the vm's have full internet acess. it would be great if you could help / advise on this, thanks
Same issue with the tunables. Solution I found was adding second NIC and setting one to auto DHCP, then use that for plex and other plugins. The other using a static IP and setting the natd_interface to it for VPN. Depending on setup you might need a switch to add the second cable to your router. Not sure if there is a setting to get around this but this was an easy/quick solution.
Any advice on why when I try to put anything in the additional parameters under openVPN under Services it crashes when I go to save?
You can manually add the options to the openvpn.conf file
in a Shell on Truenas Navigate to /usr/local/etc/openvpn/server/openvpn_server.conf
Add the options as is to the bottom of the file.
Save, and restart the openvpn service in truenas
Great tutorial, thanks! VPN works nicely, but alas, a virtual machine runnin on Truenas completely lost network. So removed the tunables and VM's network works again. Something about those tunables seems to screw the VM - host bridge big time
I think if you just reapply the network with the tunables in place it will start to work again
@@TechworksOnline hmm not sure how to do that, AFAIK Truenas handles the VM network automatically. I did try re-creating the VM's NIC but that didn't help
Well can't get this to work. DHCP inside the VM doesn't work and when I set the VM to use static IP, I can connect to the VM from other machines BUT the VM cannot communicate with any other IP that the host. I'll have to set up another VM to run the OpenVPN because this just doesn't work
Followed everything till 14:33, just like I did with Spacerex's tutorial. Still not able to connect. The connection gets timed out. No logs either. What am I doing wrong?
Did you get port forwarding on your home router completed? That is usually the first thing I would check
@@TechworksOnline yes I did
@@TechworksOnline I figured out what the issue was. I was actually trying to check if there are any updates available for truenas. But that was failing. Then I checked the network settings. For some reason gateway and nameservers were empty. I added those two things and now I can connect with openvpn. Feel like a huge load lifted from my head.
Thanks for the very clear tutorial. However there is one major issue with the tunables in this setup: The option 'natd_interface' breaks the DNS access of the jails. That's why there are plenty of people having issues with their jails after configuring the openvpn service. Should the interface be set to the physical network connection or should we use a virtual interface in this tunable? It's not really clear and if you select the physical interface, the openvpn service runs but the jails lose the DNS access.
You will want to use the interface your TrueNAS is connected to physically. In the TrueNAS dashboard.
@@Catalyph that is what's being used in my case, but as said this causes and issue with the name resolution in the jails (see numerous posts with jail issues)
@@jackscan4358 I set my Jails up after setting up the VPN, and they work fine, I wonder if deploying a new jail after the setting the tunables will work ?
Same issue, with vpn working i loss jail access, is like the ports are not redirected
I finally managed to resolve it if anyone want the solution:
Go to jail > Edit > and activate the following options:
- DHCP Autoconfigure IPv4
- VNET
- Berkeley Packet Filter
Check configurations:
- Venet_default_interface = auto
- IPv4 Interface = empty
- Ipv4 Address = assigned automatically when you chose DHCP Autoconfigure Ipv4. This will be your Nextcloud management IP
- Ipv4 Default router = it will have your last IPv4 default router ip, but it will not be used...
- IPv6 = all options disabled
Now go to your router and assign to the DHCP the Ipv4 IP address in order to be sure that it will not change on nextcloud restarts.
Finally, if you go to the IP address it will probably show that you need to add it to the Nextcloud trusted_domains.
From TrueNas shell or SSH to TrueNas perform the following actions:
vi /usr/local/www/nextcloud/config/config.php
go to the line:
'trusted_domains' =>
array (
0 => 'localhost',
1 => 'old nextcloud ip',
Update the 1 => with the new ip address, or add a new line 2 => with the new ip address
Awesome clear and concise tutorial ! Thank you so much for sharing this. I can now access all my files (even from my iphone) when travelling ;)
Just a point, when configuring System/Tunables/natd_interface, of course enter your interface (not necessary le0, you should have shown that we must check in Network/interfaces for the right name) ;)
Thanks for the tutorial! I'm surprised there are not more likes on this video.
this is a really good tutorial. my usecase would be to have a work-arround for a ISP level port-forwarding block, so i can forward a specific service to possible clients without giving full access to my entire local network with a VPN (which works even with the ISP block). :^) gonna try this when i get the time to try it! thanks for the video!
I don't understand why this cannot be written in TrueNAS documentation. I was struggling with RootCA, as I always wanted to use the NAS root CA (cause ... why the hell not?) And I didn't understand why it wasn't working...
Hi enabling natd is preventing me from getting dhcp for my plugins, anyway around that?
Bravo majstore puno si pomogai i sve radi bezprijekorno.....
Odlično, drago mi je da vam je pomoglo.
Do I need to do the steps in Part 2? My goal was to access my TrueNAS outside of my local network and this worked like a charm!
Thank you for this excellent tutorial. Great work here.
Thanks a lot for this tutorial
I will try this with my own true as later this week
On Truenas Scale, where can I setup the tunables? Please advise. By the way, your tutorial is the best so far I have found on TH-cam. Thanks a lot for your sharing.
I got the same problem. Do you found out, how to do it?
@@robink.1475 no
Many thanks for this very very good tutorial, it worked almost on the spot. Almost, because my knowledge in this subject is "almost" not perfect... :-) (but getting better). You might have gone perhaps in 2-3 places slightly deeper in the explanation, so that an even larger audience would be able to follow. I mean by that explaining a little bit more for example what the different IP addresses mean that are being used throughout the installation (subnet etc.). Or why we can only use the config file to securely access our server in the end, without using the certificate as such, given that there is the option to download it. (I hope I understood correctly, that it is already included in the config file and not that all my secret cute-cat-videos are not open to the internet... :-) ). Of course I know, that it is also our responsibility to dig deeper, if something is not understood! It would have just kept the otherwise perfect flow of information.
Oh, and your voice is just perfect for tutorials!!!
Is there a way to preserve my home connection while accessing the remote server through the VPN? Because when using the VPN my internet access becomes only what is at the end of the tunnel.
thanks man, keep the tutorials coming. They are super useful
Great video tutorial! Following this and trying myself, however, at around 16:15 in text is added. What are the quotations? " or ' ? Many thanks
Double quote - Please check the link to my website in the description or in the description itself, that will have all the text copy and paste-able
@@TechworksOnline Hi, many thanks for the quick response...Just 'viewed' the Description (should've done this before posting...doh!). Long time since I clicked on, 'Show more' :-D
Thank you for the tuturial! Works like a charm..but I’m now having problems with installed plugins (Plex and qbittorrent) - it seems both services cannot access the internet anymore. Can it be because of added static route / tunnables entries?
you can try to add the subnet the jails are on to the static routes. so if your jails are on subnet 172.168.0.1 add that Subnet just like you did with the VPN subnet.
@@TechworksOnline I’ll give it a try, although my jails use the same subnet as the host. All my network is on 10.42.10.0 and my openvpn server is on 10.42.11.0
@@fxk44 is this a /16 or /24 network ?
@@TechworksOnline it’s a /24 network
In a shell prompt.
ipfw list
See if enabling the firewall blocked something. If not I will need to test it out.
I really liked your tutorial. It's really detailed. So followed it, I also have DDNS setup on google domains from my NAS. I opened the port for the OpenVPN, but still can't connect from a remote computer :/ any ideas?
Make sure you are using the correct ethernet port you see on the dashboard of the TrueNAS, mine was le0, yours may be different.
@@TechworksOnline I am having the same issue. I followed everything up to where we connected. It keeps timing out. Any suggestions? How do you check if you are using the correct ethernet port? On my dashboard, mine is saying re0.
Then you should reference re0 in all of the settings that I used le0 in the video.
You can test your routers port forwarding by also forwarding port 22 temporarily and just try to ssh to your public IP address . If you get in. Then you know your port forwarding is correct. Make sure to disable it afterwards
This is excellent, but I have a problem, mi internet provider put me in a NAT and I Don have a public IP, is there a solution for my issue?
Its the best Video i have Sean for this toppig👍👍👍👍
I followed this step by step and got the connection established perfectly. Only problem is as soon as i apply the changes to the tunables, my pi hole wich i run in an VM on the TrueNas stopps working. The vm has a static IP. After tunables changes i cannot use it as a nameserver and the VM itself cannot resolve anymore. any help is welcome, im really stuck at this :/
I am having the same problem. I did find that if I disable "firewall_enable" -> "yes", I am able to access my truenas's gui, but my IP address doesn't change when I connect
Worked perfectly. Thank you very much.
Quick question: Is this series of steps also what one needs to do if one has chosen the plugin OpenVPN, or is this for a manual installation of an OpenVPN server via panels and webpages in the TrueNAS CORE WebUI?
I have set up an OpenVPN server using the plugin that is available. I see how to enter a shell for this OpenVPN that is running in a jail from the plugin I installed. Since this OpenVPN server from the plugin is running in a jail, will I need to do all the configuring by command line in that shell?
No, the jail is different amd dhould not need these steps.
The jail is like a container.
@@TechworksOnlineit must need other steps, certainly.
@richardbennett4365 yes there is. You would need to connect to the jail to configure it just as you would from the openvpn config guide on the openvpn site
@@TechworksOnline Hello!
I could not get the jail-ed (i.e., OpenVPN Community plugin) to work on TrueNAS CORE. It just is difficult to work with a FreeBSD-based system when so much of the "world" is linux-based. No matter. Your excellent instructions helped me to set up an OpenVPN server, and I even got an intermediate network set up behind a NAT translation for use by the client.
Amazing. I almost gave up, but with some careful thinking about all the steps, I realized the reason why things weren't working at the very end was due to my having forgotten to start the OpenVPN server as a service in TrueNAS CORE. Duh! Then, it worked. Perfectly. I am heading out with a laptop to test it on a network off my home network as that will be the true test. But, thank you so much for your words of encouragement and this fine tutorial and demonstration. Now, I don't need to set up a Cloudron-based OpenVPN on some paid Virtual Private Server. I have my own right here now on my own networked attached server.
Could you make a little video about how to revoke a client certificate? Simply deleting it won't stop the user from being able to connect to the vpn service.
BTW it's important to use an uncommon ip range for the local network, so avoid 192.168.0 and 192.168.1 since this could give routing issues when a user is tyring to log in from home or internet cafe if that location also uses this common ip range.
Thanks for the info! I will create a video of how to revoke a cert, as it is not very straight forward and will need some command line stuff as well!
@@TechworksOnline Thanks in advance! Looking forward to it.
I think it was done on purpose, but what is the public IP address shown in the OpenVPN connect software. I’ve been struggling to get this to work and while I am in a unique double NAT scenario (so port forward on both router and router/modem combo) I am wondering if this setup will work if you are connect from an IP outside of the 192.168.x.x range. I was able to connect to my trueNAS remotely using openVPN configured on my router, but I want to figure out how to use the trueNAS service. To clarify, I no longer am running the openVPN configuration on my router, so that is not the problem. Furthermore, does having uPNP enabled or disabled have any bearing on if this setup will work?
Great video. I was able to get the VPN working to the server only. Got any thoughts on how to get access to other local resources and the internet? I am sure it is an easy fix but I been searching around and trying things for a while now.
Hello, I come back today to try to get an help with cert expiration date is done. So now i tried to remove Old OpenVPn_root _CA and OpenvPN_server certs and it's always impossible even nothing else on TN13 core than Openvpn was using these certs. So how can i manage a clean deletion to restart from scratch your tutorial ?
Thanks in advance for your time
Hello. In the common name should I put my public ip address? (in my case it is static) or should I associate the ip to a service like dyndns or noIP?
You can put what ever you want. BUT wait for tomorrow's video ! It has something for you !
@@Catalyph Thanks
hi, i am trying to follow your instructions. however i am unable to start the OPENVPN server like you did at 8:05 .. it gives me error "OPENVPN Server service failed to start" .. not sure what is wrong and how to fix this. Would you be able to help me with this please?
Usually means that one of the configuration items is incorrectly set.
Help! my clients have different certificates but get the same ip addresses (192.168.1.2) when connecting to openvpn. What to do?
Awesome guide works like a charm. Thank you
very very goOOod tuto, now i untherstand more what to do, and what i do
Thank you very much for this amazing tutorial. So clear and understandably
Awesome, Glad I could help!, Part 2 will be coming this Sunday!
@@TechworksOnline you mean part 2 😁💪🏽
@@mariohrkac2238 Yes, Fixed!
I am trying to set it up on Truenas Scale right now.
But I do not know where or how to set up the tunables.
I am able to connect to the OpenVPN but I am not getting any axess to the network itself.
Any ideas?
I have a VPN at home, and my TrueNAS is remote. I want TrueNAS to connect as a client to my already existing VPN here. Is this possible? Every video and tutorial seem to want the truenas side to have the VPN.
Can I use OpenVPN client on my phone and access the TrueNAS?
Thanks man, you helped me fix 90% of my issues. Super awesome! ++ subscribed
i did all the same, but when it comes to downloading the avpn config file i get an error. I can't download the config file. Here's an error:
1) Client certificate must have keyusage xtension 2) client certificate must have extebdedkeyusage extension set. 3) Client certificate must have "digital signature" and/or "key agreement" set for keyusafe extension. 4) Client certificate must have "tls web client authentication" set in extendedkeyusage extension. although I checked more than once everything is in place.
Guys can anyone help me to solve this problem?
Hi, I have error next error: SSL Routines: certificate verify failed, what to do?
Many Thanks. Great tutorial and excellent work !
Thanks for this tutorial! I hit a bit of a snag during it however. Around 18:10 I added the Static Route, and immediately my web UI crashed. I am now unable to connect to it through the web, and my previously working OpenVPN connection is now down as well. Interestingly, my SMB share and FTP processes are still functioning. I've been looking for a few hours on a fix besides connecting a monitor and keyboard straight to the server. Anyone have advice on how to fix it?
Are you able to ssh to the machine, if your static route took down the webUI. You may have input the incorrect network in the correct order.
You might have to keyboard and monitor to resolve.
@@TechworksOnline Yes, I am able to SSH to the machine. It seems just the web GUI is unresponsive.
Try rebooting the trunas if the website is unresponsive
@@TechworksOnline Did that and got nothing. Weirdly, I DNS flushed my remote machine for an unrelated reason, and I was able to access the server again despite it being on my local net. Thank you for the advice, and the really useful tutorial!
Very new to Truenas - up and running and just set up a OpenVpn server on my TP Link router - I can vpn in and access internet as well as the settings for my Truenas server no issue. Can I access files as well with this approach or do I need to activate the Open VPN server on Truenas as in the video. Need a little guidance.
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
If you are same network as truenas you should be able to access smb share files. If you are on outside network then you have to connect with vpn first. You can leave vpn service running and access both ways
@@TechworksOnline When I am on local network - no issues. I hotspot on my phone and have set up Open VPN server on new TP link router. I can VPN into home network, use internet and log into the dashboard of Truenas no issue. Not able to load the SMB share to see my actual stored files on Truenas.
on Truenas Scale, what is the Tunable's equivalent? What I found in the system/advance/ is systcl. Any help is apprecicated
Thanks for this video. I am having an issue though. When I set up the additional parameters in OpenVPN server, add the static route and the tuneables as you describe them in the video i'm able to access everything in my network flawlessly. The issue, though, is when I'm back on my LAN the TrueNAS server becomes completely unstable. I mostly can write to the samba fine, but can't read files and the GUI takes minutes to load if it will load at all. I do video editing from the TrueNAS and Final Cut Pro will lock up for several minutes and then crash. If I can get the GUI to load long enough to let me disable the Tuneables and reboot things recover and work as expected but then I'm no longer able to reach other services in my network
have you experienced something like this before?
Have you tried to update to a newer version?
Also make sure your MTU settings match on both sides.
Hi Christopher! have you found the solution? i had this issue as well
@@fernandoferrari3477 I never did. I ended up setting two different types of VPNs. One on Truenas for others to connect to gain access to share drives on that, and a wireguard VPN on m pfsense box for me to connect to my whole network with.
@@Cloecher11 i had this problem too, lets hope the can fix it someday, i will try a pritunl server with bhyve in the truenas
Thank you so much for this great tutorial, really well done. However, I've spent a lot of time trying to get it to work without success. Well, it works, but either NAS subnet IPs are reachable and jails lost access to the Internet, either jails have access but no way to reach other LAN IPs. I give up.
Note: the workaround with creating a jail to generate a NAT interface did not work.
Hi, I follow your tutorial and everything worked as you described. Thanks a lot! I have only one issue: with this conf I am not able to browse the Internet while connected to the VPN. Do you know how to solve it ?
Make sure the IP you have in the OpenVPN client is on a different network than the IP of the Client machines regular network. you should be able to browse the internet but it will be using the VPN connection and the OpenVPN SERVERS access to the internet, so if the OpenVPN server does not have internet access this wont work, you will need to remove the line "push redirect-gateway defl bypass-dhcp" from the OpenVPN additional Parameters section
If you want access to the client internet and network and not ONLY the VPN network, remove the line: "push redirect-gateway defl bypass-dhcp" from the OpenVPN additional Parameters section
I have the same proplem. Have you found a solution?
@@marcoreuter8530 check cmd route print while connected to the VPN, does the 0.0.0.0 routes point to you VPN ip that shows in the openvpn client ?
I am not shure how to interprete the result...
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.141 25
0.0.0.0 128.0.0.0 192.168.178.1 192.168.178.2 257
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 192.168.178.1 192.168.178.2 257
192.168.1.0 255.255.255.0 On-link 192.168.1.141 281
192.168.1.141 255.255.255.255 On-link 192.168.1.141 281
192.168.1.255 255.255.255.255 On-link 192.168.1.141 281
192.168.178.0 255.255.255.0 192.168.178.1 192.168.178.2 257
192.168.178.2 255.255.255.255 On-link 192.168.178.2 257
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.141 281
224.0.0.0 240.0.0.0 On-link 192.168.178.2 257
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.141 281
255.255.255.255 255.255.255.255 On-link 192.168.178.2 257
192.168.1.1 is my router
192.168.178.2 is shown as my private IP in the VPN
192.168.1.110 would be my TrueNAS
Also I am constantly dropping in and out of the VPN. Like there are conflicting settings or something...?
Thank you for taking the time!
Thanks so much for the tutorial! Was wondering if you could do one for TrueNas SCALE. I got as far as the tunables, which is not available on SCALE. As a result, in testing this from my office, I can connect to my home TrueNas VPN, and access the TrueNas server itself, but nothing else on my home network. While connected, I have no internet, but can still access all of the devices on my office LAN. Any idea how to fix that on SCALE?
You may not need the tunable. Just add the options in the openvpn settings from part 2 video
On the client side, allow the port in the firewall. It helped me.
Could you tell me where can I find this tunable on Truenas Scale please?
Nicely done! I followed the steps and got it working. But i cannot seem to connect to the internet while connected to the VPN. How do i make that happen? I have a pihole as my DNS set up and i would like to use it "on the got". Also i would not like to have to switch between network access and internet access.
If you are connected to the VPN as per my setup, Make sure you are connected remotely. Most providers will not redirect public IP from inside the LAN.
Subscribe I have a video coming on Sunday that has more setups including client and server internet access options.
Also make sure your syntax is correct in the additional Parameters, the syntax could be incorrect and not give an error, it just wont works for those options.
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-options DNS 8.8.8.8"
push "dhcp-options DNS 1.1.1.1"
@@TechworksOnline Thanks for your reply!
My provider does actually let me connect from inside my LAN to the public IP.
But I can confirm that my smartphone (via cellular service) ist able to connect to the VPN and reach my SMB shares on the other subnet.
But it is unable to reach any internet services while connected to the VPN.
I copied your settings to the letter with the exeption, that 192.168.1.0 is the subnet for my regular LAN and 192.168.0.0 is used for VPN devices.
I have set up a VPN in the past with pivpn wich worked flawlessly but was a bit too slow for my taste. I am currenty paying for 150 Mbit symmetrical via fibre. The TrueNAS box is already running 24/7. So I want to take advantage of the extra horsepower. XD
Looking forward to your next video!
Hello, I have this issue : connection timeout, dns resolution error with open VPN connect when I imported the conf file. Any ideas ?
Sounds like you dns is not resolving to your IP or your router is not correctly port forwarding to the trunas open vpn ip in your network
@@TechworksOnline Thank you for the response.
I have a tplink 4G router and in the settings I have nat forwording and in this category I have virtual servers and port triggering. Only in the virtual servers I can specify the port fowarding but it doesn't work!
Yes in the virtual server port forwarding internal port and service port should be the port of the VPN service on truenas and the ip should be the truenas ip.
NAT should be enabled.
So I need a DDNS or public domain to access my NAS outside of my home network? There's no other way to access it directly?
You can use your IP address. But that might change at any time. Ddns will prevent you from not knowing the IP because it keep the IP updated to the ddns url every 30 minutes or so.
I don't seem to have internet access through my TrueNAS server, regardless of whether the redirect gateway parameter is set or not. I can access the NAS itself, but not the internet and no other devices on the local network that TrueNAS is on. Any advice?
There is a part 2 ro this video that should help
Weird question, but I followed the guide to a T, however I can only access the local network while on the VPN, and can't access the internet on the computer unless I disconnect from the VPN. Any suggestions?
Try part 2, it should help.
th-cam.com/video/it0HdDiutIE/w-d-xo.html
Great got it working, many thanks for your video (though I had to put the same entry in to 'Common Name' and 'Subject Alternate Names' :-) Last question...To access through an Android phone...do you just install Openvpn app and drop a ovpn file?
Hi...Got it all working including remote access from phone and a laptop! 👍 Just did what I suggested above. 😁
Best Tutorial about this!!
Thank you for the video! I got a question when I connect to the VPN, I can access my storage data, however, I can only access websites like google, youtube, and Facebook, but not others. I think this is an issue with DNS, but I am not sure, can you help, please?
Make sure the default gateway on the truenas is correctly set for all destination traffic to go out the primary link to your internet.
@@TechworksOnline Thank you for your reply! I have the issue fixed.
Another question I have is how safe is it to use this VPN method in your video to connect back to the NAS at home? I am not an IT expert at all, just want to get a general idea.
This is very safe. The data transmitted while over the VPN would be encrypted so anyone that intercepts the data would get noting but garbled mess.
@@TechworksOnline Thank you again for your reply. If someone got my openvpn setting file, then I guess the only thing stopping them is the NAS username and password, how safe is that? Also, is there a way to see the VPN log-in activities history from Truenas? It will be very helpful for monitoring. Thank you!
If someone got the config file to connect to the VPN. Then they would be able to connect yes. How ever if you want the 2nd video. There is a way to implement a way to block specific files from connecting.
A very thorough walkthrough, thank you.
Every time I setup OpenVPN I have issues accessing my internal network.
One thing, le0 was bge0 on my system. I'm not sure if you mentioned it may be different on other systems.
Same problem here
Try part 2 it may help
th-cam.com/video/it0HdDiutIE/w-d-xo.html
Can you accesses the gui as well remotely ?
There is more on that in part 2.
you should be able to.
th-cam.com/video/it0HdDiutIE/w-d-xo.html
What's the difference (excluding a cost) between this and using a remote desktop software or app such as AnyDesk, Chrome Remote Desktop or TeamViewer etc?
One is remote desktop. This is a VPN. I'm sure those software use encryption. There is no "Desktop" on the VPN. It is like extending your private network to you location.
@@TechworksOnline Now I understand. But can I access my local network and TrueNas folders by using a remote desktop connection like the ones I mentioned instead of following your method as show in the video? Not taking away anything from your method as it seems very impressive. But which method do you advise to access your local account and TrueNas folders when outside of your local network or in another country? Tks!
MAAAAAN!!! You are Legend. Thank you