How to Configure OpenVPN on TrueNas 12 - Setup your own Home VPN - Part 1

This is by far the highest quality tutorial currently available on setting up an OpenVPN server for TrueNAS. Any bit of doubt I had about parameters I saw in other tutorials was taken away, in particular the IP parameter (which, from my current understanding, just creates another "mini subnet" within the local subnet under the specified prefix).

How this only has 2400 views is beyond me. This is clear, concise, top quality. One of the best on TH-cam. Thank you!!

Awesome clear and concise tutorial! Thank you for sharing this.

After wading through forums, blogs, YT channels for days this was the first and only solution I have found to safely access my files remotely through a VPN. Thank you so very much Techworks!

Seriously man thanks for this video, I got like 80% of this setup on my own but couldn't figure out why I was unable to connect to my locally host services.

I don't know that I've ever felt compelled to comment on a TH-cam video before, but I had to on this one. I have spent hours and hours watching videos, looking through forums, and following tutorials to setup OpenVPN on my TrueNas. And I've never gotten it to work how I wanted it to. This video explained exactly what to do and was very detailed and helpful. The only thing I had to change was my natd_interface to em0 like some of the other comments said. Thanks so much for making this video.

if anyones having any issues connecting to the other servers outside of truenas's ip make sure that the 'natd_interface' tunable matches your config. Mine was 're0' instead of 'le0' so I had to change the value inside of that to get it to work.

Thank you ❤ I have been trying to do this for several days and couldn't until I found this tutorial. Thanks for explaining the reason for each parameter, this way I could easily change it to the values for my setup

This absoulutley saved my bacon. Could not for the life of me get this to work until I found this video. Much appreciated.

Dude you have no idea how much time I spent on this, trying to make my nextcloud only accessible by VPN and it was IMPOSSIBLE. But then you appeared and saved the day, thank you so so much

Take me a day and half to set this up, my first problem is I didn’t watch the complete video. My bad. Then second problem was the Additional Parameters I took the quotation marks as asterisks and def1 as defl. It was hard to see these in video but found the correct parameters in the text. Once I fixed my errors it worked like a charm. So watch the whole video till the end before setting this up and you should have no problems. This one is complete as other videos leaves stuff out. Made notes and added these “Lessons Learned File” for future reference.

Took me a few tries, but your tutorial made it possible to connect from the internet. Thanks!

You absolutely ripped other VPN tutorials to shreds, this fit my scenario and worked really well, my hero for 2022!

Thank you so much for this! This got OpenVPN working on my machine with the ability to access my files remotely without fail.
That being said, I, like some other users on here and on your website, experienced issues with jails (Plex in my case), not working properly. Oddly, it took a day for it to break (all was working fine when I first set it up). The ONLY way I could access my Plex remotely was when connected to the VPN. Originally I could connect to Plex without connecting to the VPN. Again... it took about a day for this to break.
I did see your description comment about adding a jail with NAT selected. This fixed it! However, I read on a thread on Reddit of someone having an issue as well, and they were able to fix it instead by changing out their network interface identifier in the natd_interface tunable for vnetO. I disabled the added jail and tried this, and everything is still working properly. Now it's been less than a day, so I'll update here if it breaks again, but I figured I'd bring to your attention. Reddit post from TheRealStiffCookie below.
"I had an extremely similar issue, in that I couldn't have OpenVPN and Plex set up on my Truenas at the same time.
First step I tried was deleting the natd_interface tunable (mentioned on another site), which fixed Plex, but of course broke OpenVPN.
I then re-added the tunable, but instead of setting the value to my physical interface (em0 - which I followed from a guide), I set it to vnet0 instead. All of my plugins, and OpenVPN have been working alongside each other since!
Hope that helps anyone else that may stumble across this issue."

Amazing step-by-step video for the entire process. Did not falter anywhere. I would never have been able to do this on my own just by reading the manuals and adjusting the settings. Thanks for posting this.

After fighting for weeks, I found this video. Thank you for using your covid time so helpfully!!!

This is the best OpenVPN tutorial for TrueNAS I've found. Thank you!

As an absolute novice to this kind of stuff, thank you for providing a very clear and concise walk-through of adding a vpn service here. I was struggling trying to figure out why the config file wasn't enough for trueNas charts and it seems I totally skipped the whole certificate step 😅

Huge thanks dude. I finaly got it working. I tried so many other tutorials and they confused me. Yours was straight forward and Thorough!

This video helped me resolved the issue I had struggled for a week. Thanks!

Thank you! Just watched a different tutorial before and while it did work, this worked in every aspect!
Plus, your video was much easier to follow, better explained and a lot nicer to listen to.

mate this tutorial has been an absolute god send, very detailed and precise EVERY step of the way, and bous points for having the additional params in the bottom becuase I couldn't tell if it was a 1,l or i. this has made the whole experince of being able to get access to my NAS to edit my photos on the go abosoltely painless. you get a 15/10 rating from me.

Clear and understable! Thank you very much! By far one of the best tutorials!

Thank you so much!!! the bit from 16:00 was missing from other tutorials. Great stuff!

Thank you so much! Worked the first time from this tutorial, I never got it to work before,

Es el video mas detallado y completo que he visto para configurar la VPN en treuenas. Gracias por el aporte

Thanks so much man, I always struggle with networking stuff since I rarely do it. This was very clear and concise.

Very good tutorial, very concise, thank you for all your efforts, much appreciated.

wow thanks so much. this was the best one around that made the process a hell of a lot easier to understand and get working.

Amazing, clear step-by-step process! I wish I had watched this before attempting it on my own.

People like you are what make this world great!

Awesome tutorial. Very clear and concise. Unfortunately I can only access the Truenas server. SMB etc works but I can't access and other network devices including jails. I set the NAT tunable to bridge0 which is the name of my Truenas NIC but no dice.

i've done everything you did, and can connect to my samba share, but nothing else... no internet through the server or internet outside of the server... no connections to other jails on the server or other computers on the network. any idea what i might have done wrong?

Awesome clear and concise tutorial ! Thank you so much for sharing this. I can now access all my files (even from my iphone) when travelling ;)
Just a point, when configuring System/Tunables/natd_interface, of course enter your interface (not necessary le0, you should have shown that we must check in Network/interfaces for the right name) ;)

Any advice on why when I try to put anything in the additional parameters under openVPN under Services it crashes when I go to save?

this is a really good tutorial. my usecase would be to have a work-arround for a ISP level port-forwarding block, so i can forward a specific service to possible clients without giving full access to my entire local network with a VPN (which works even with the ISP block). :^) gonna try this when i get the time to try it! thanks for the video!

Thanks for the detailed tutorial!
Though after having the OpenVPN server and the firewall rules applied as shown in the video I'm having issues with the jails (plugin installation fails when getting "pkg" (No address record error) and I can't even ping 1.1.1.1 with success). Is there a workaround for this? Or it ends up being a tradeoff for setting up OpenVPN this way?
Also what's the difference and advantages/disadvantages of setting up the OpenVPN server from TrueNAS natively or inside a Jail?

Great tutorial, thanks! VPN works nicely, but alas, a virtual machine runnin on Truenas completely lost network. So removed the tunables and VM's network works again. Something about those tunables seems to screw the VM - host bridge big time

Hi, this was nearly perfect, the vpn setup certainly works. However something to do with the tuneables breaks network acess to any virtual machines I have installed on the freenas box. They wont assign dhcp, i can acess them via ssh when setting a manual ip in the vm's however they do not get internet access. Just wont ping google, it will however ping local lan machines So i think something is blocking them/ firewall related I imagine. It seems similar to some issues others are having on here with jails breaking. As soon as I remove the tuneables, dhcp is back and the vm's have full internet acess. it would be great if you could help / advise on this, thanks

Works on Scale, without adding the tunables ! Fantastic THANK YOU !

I don't understand why this cannot be written in TrueNAS documentation. I was struggling with RootCA, as I always wanted to use the NAS root CA (cause ... why the hell not?) And I didn't understand why it wasn't working...

Thanks for the tutorial! I'm surprised there are not more likes on this video.

This is excellent, but I have a problem, mi internet provider put me in a NAT and I Don have a public IP, is there a solution for my issue?

i did all the same, but when it comes to downloading the avpn config file i get an error. I can't download the config file. Here's an error:
1) Client certificate must have keyusage xtension 2) client certificate must have extebdedkeyusage extension set. 3) Client certificate must have "digital signature" and/or "key agreement" set for keyusafe extension. 4) Client certificate must have "tls web client authentication" set in extendedkeyusage extension. although I checked more than once everything is in place.
Guys can anyone help me to solve this problem?

Its the best Video i have Sean for this toppig👍👍👍👍

Many thanks for this very very good tutorial, it worked almost on the spot. Almost, because my knowledge in this subject is "almost" not perfect... :-) (but getting better). You might have gone perhaps in 2-3 places slightly deeper in the explanation, so that an even larger audience would be able to follow. I mean by that explaining a little bit more for example what the different IP addresses mean that are being used throughout the installation (subnet etc.). Or why we can only use the config file to securely access our server in the end, without using the certificate as such, given that there is the option to download it. (I hope I understood correctly, that it is already included in the config file and not that all my secret cute-cat-videos are not open to the internet... :-) ). Of course I know, that it is also our responsibility to dig deeper, if something is not understood! It would have just kept the otherwise perfect flow of information.
Oh, and your voice is just perfect for tutorials!!!

Is there a way to preserve my home connection while accessing the remote server through the VPN? Because when using the VPN my internet access becomes only what is at the end of the tunnel.

I followed this step by step and got the connection established perfectly. Only problem is as soon as i apply the changes to the tunables, my pi hole wich i run in an VM on the TrueNas stopps working. The vm has a static IP. After tunables changes i cannot use it as a nameserver and the VM itself cannot resolve anymore. any help is welcome, im really stuck at this :/

Thanks for the very clear tutorial. However there is one major issue with the tunables in this setup: The option 'natd_interface' breaks the DNS access of the jails. That's why there are plenty of people having issues with their jails after configuring the openvpn service. Should the interface be set to the physical network connection or should we use a virtual interface in this tunable? It's not really clear and if you select the physical interface, the openvpn service runs but the jails lose the DNS access.

Hi enabling natd is preventing me from getting dhcp for my plugins, anyway around that?

Bravo majstore puno si pomogai i sve radi bezprijekorno.....

Thank you for this excellent tutorial. Great work here.

tutorial worked well, though this seems to have stopped my openvpn CLIENT in a jail from working. removing the NAT tuneables makes it work again, but obviously that breaks the server. anyone have any ideas?

Best Tutorial about this!!

Help! my clients have different certificates but get the same ip addresses (192.168.1.2) when connecting to openvpn. What to do?

Thank you so much for this great tutorial, really well done. However, I've spent a lot of time trying to get it to work without success. Well, it works, but either NAS subnet IPs are reachable and jails lost access to the Internet, either jails have access but no way to reach other LAN IPs. I give up.
Note: the workaround with creating a jail to generate a NAT interface did not work.

Hi, I have error next error: SSL Routines: certificate verify failed, what to do?

Thanks a lot for this tutorial
I will try this with my own true as later this week

I have a VPN at home, and my TrueNAS is remote. I want TrueNAS to connect as a client to my already existing VPN here. Is this possible? Every video and tutorial seem to want the truenas side to have the VPN.

Can I use OpenVPN client on my phone and access the TrueNAS?

Many thanks for the video, this worked perfectly once I worked out a network peculiarity out with our wireless network provider. I found there IP address not my address inside there network.

The best tutorial for customize OpenVPN on TrueNAS - thanx! But I have no understanding how to set up tunable parameters on TrueNAS SCALE. Could you update tutorial with SCALE settings?

sir what is the "common name" in certificate and other fields, is this random?

very very goOOod tuto, now i untherstand more what to do, and what i do

Could you make a little video about how to revoke a client certificate? Simply deleting it won't stop the user from being able to connect to the vpn service.
BTW it's important to use an uncommon ip range for the local network, so avoid 192.168.0 and 192.168.1 since this could give routing issues when a user is tyring to log in from home or internet cafe if that location also uses this common ip range.

i got a new Internet Provider wich only gave me an ipv6 hosting, so i am limited to ipv6. is there any way to connect via vpn using ipv6 ?

Thanks man, you helped me fix 90% of my issues. Super awesome! ++ subscribed

Thank you very much for this amazing tutorial. So clear and understandably

on Truenas Scale, what is the Tunable's equivalent? What I found in the system/advance/ is systcl. Any help is apprecicated

wow, big kudos!!
the only thing i had to change was the network interface. it is igc0 for me (tunable natd_interface)
worked out of the box! thank you so much!!! i never ever could make this on my own.

Could you tell me where can I find this tunable on Truenas Scale please?

Worked perfectly. Thank you very much.

I think it was done on purpose, but what is the public IP address shown in the OpenVPN connect software. I’ve been struggling to get this to work and while I am in a unique double NAT scenario (so port forward on both router and router/modem combo) I am wondering if this setup will work if you are connect from an IP outside of the 192.168.x.x range. I was able to connect to my trueNAS remotely using openVPN configured on my router, but I want to figure out how to use the trueNAS service. To clarify, I no longer am running the openVPN configuration on my router, so that is not the problem. Furthermore, does having uPNP enabled or disabled have any bearing on if this setup will work?

The only problem I am having now is that the server is assigning the same IP address on the intermediate network behind a NAT translation to all clients that connect. So, the server takes 10.8.0.1 on this network, and provisions 10.8.0.2 for the first client joining. However, if a second client joins, with its own client certificate, still the server assigns 10.8.0.2 for the second and subsequent client connections.

Do I need to do the steps in Part 2? My goal was to access my TrueNAS outside of my local network and this worked like a charm!

I don't seem to have internet access through my TrueNAS server, regardless of whether the redirect gateway parameter is set or not. I can access the NAS itself, but not the internet and no other devices on the local network that TrueNAS is on. Any advice?

I followed the steps/ My OpenVPN on the client side connects, but drops the connection every minute or so (it reconnects automatically., I get a CONNECTED notification every time). I can't ping my NAS from the client, internet access is very shakey down the VPN too, also no access to my SMB share.

I really liked your tutorial. It's really detailed. So followed it, I also have DDNS setup on google domains from my NAS. I opened the port for the OpenVPN, but still can't connect from a remote computer :/ any ideas?

So I need a DDNS or public domain to access my NAS outside of my home network? There's no other way to access it directly?

i can't have more than 1 user connecting to the vpn, is there any solution to this? please help.

I am trying to set it up on Truenas Scale right now.
But I do not know where or how to set up the tunables.
I am able to connect to the OpenVPN but I am not getting any axess to the network itself.
Any ideas?

Great video. I was able to get the VPN working to the server only. Got any thoughts on how to get access to other local resources and the internet? I am sure it is an easy fix but I been searching around and trying things for a while now.

Eres el mejor!!! Gracias

Thank you so much for the tuorial !
At 16:30 is it : push "redirect-gateway def1 bypass-dhcp" or push "redirect-gateway defl bypass-dhcp" with lowercase "L" ?

Hi all, strange things occur to me... i ve done all the steps, OpevnVPN works, access the remote subnet either and i can upload and download file from the tunnel; BUT when i try to download anthing from the shares locally from a PC in the same subnet of the truenas, its simply hang! instead i can upload anything at high speed over LAN and VPN network, any hints? it seems disabling the Tunable variable of the firewall fix the local smb browsing and file sharing, but then it break the access of the remote subnet from the VPN Tunnel.. ( i can access only the Truenas )

Hello. In the common name should I put my public ip address? (in my case it is static) or should I associate the ip to a service like dyndns or noIP?

thanks man, keep the tutorials coming. They are super useful

Awesome guide works like a charm. Thank you

Quero agradecer pelo excelente material. E também pela resposta rápida a uma duvida técnica minha. O detalhe que ele sempre atribuía o mesmo ip para qualquer conexão.

Thanks, great video.

Can you accesses the gui as well remotely ?

This is a great tutorial, saved me much hair pulling. Now, not to be greedy, but do you have any idea how to add 2FA to the mix? I have some users who can't help themselves and keep getting spyware on their personal computers, so I don't feel at all comfortable about govong ANY of them access to the file server without 2FA of some sort.
Any advice you (or anyone else reading this) could give would be greatly appreciated.

i'm new into this and i may have missed way to many steps before setting up the OpenVPN server.
is there any steps we should cover before setting up the server?
i've followed the tutorial but i can't even connect in the first try.
i've checked the comments to see similar problems and none of them solved the issue

Many Thanks. Great tutorial and excellent work !

Hi there,
I'm just following the tutorial to setup OpenVPN on my Truenas13 box, I found once I add the additional parameters as instructed, my OpenVPN server wont start any more. I checked everything but could not figure out why, once removed the Additional parameters, the server starts fine. Anybody could help please?
Regards,
Bob

If you have more than 1 nics, say 2 nics 1 for internet, 1 for lan only... in tunables, do you make 2 entries 1 for each nic? I want to pass vpn access to my private non-internet network.

Can we configure multi user with usename and password authenticaton?

Followed everything till 14:33, just like I did with Spacerex's tutorial. Still not able to connect. The connection gets timed out. No logs either. What am I doing wrong?

I used parameter for VPN Server Service like you but after save i can't start service. How can i fix it, please?

When i import my openvpn profile on the desktop client it says dns resolution error. Any tips?