This installation will be more FreeBSD-esque than my last one, and almost everything will live in /usr/local/ mkdir -p /usr/local/etc/openvpn/Ĭp -R /usr/local/share/easy-rsa /usr/local/etc/openvpn/easy-rsa/Įasy RSA has changed quite a bit between EasyRSA 2 and EasyRSA 3, so the old steps don't apply anymore. With the basic OpenVPN installed, you'll want to get down to configuring it. Be sure to rehash so that you can use the newly installed commands as expected. There should be 3 total packages that get installed.
#FREENAS OPENVPN INSTALL#
I'm also going to install vim Once that is done, install OpenVPN. The output from these commands will vary, but in general, you'll want to say yes to whatever is asked.
#FREENAS OPENVPN UPDATE#
Once you are in the jail, run some basic updates: pkg update If you have more than one, or if your jail doesn't have the word OpenVPN in the name, then that command won't work. That command assumes that you only have a single jail with the word OpenVPN in the name. We'll start out by getting into the jail from the FreeNAS shell: sudo jexec `jls | grep -i openvpn | awk '' ` csh Installing OpenVPNįor the most part the high level steps are going to be the same. A common practice is to use either the short hostname, or the FQDN of the server. As with the client, whenever you see the word VPNSERVER you should subsititute in the word you want to use to represent your VPN server. Whenever you see the word VPNCLIENT, you should substitute in the actual name of your VPN client.Īdditionally, I'm also going to be using the word VPNSERVER to signify my VPN server. Since in this article, I am only setting up a single client, I'm going to use the variables name VPNCLIENT as the name of my client. One of the things that I like about OpenVPN is that each client gets it's own set of certificates, but that also means that naming of the certificates gets to be important. If you are using EasyRSA version 3, keep reading. Short version of all of that is if you are using EasyRSA version 2, then refer to the previous article. As such, I strongly suspect that what I have written below will still work on FreeBSD 9.3 jails, but I haven't yet tested it. FreeNAS 9.3Įven though the previous article was written using FreeNAS 9.3, and using FreeBSD 9.3 jails, I suspect that the breakage most people were experiencing from the previous article was due to the major version change of EasyRSA from 2 to 3. I did have to go into "Advanced" to specify the template, but otherwise, it is a pretty stock jail. Once I had a functioning template, I was able to create a jail. In the FreeNAS UI, go to Jails -> Templates, and click the "Add Jail Template" button. In order to successfully add the new jail, I created a custom jail template. In attempting to add a new jail, I was getting an error message from FreeNAS about not being able to find the jail template. I honestly think that I probably screwed it up, since I tend to mess with the warden command a bit. I haven't yet looked to see if there are any known bugs yet, but I will at some point.
#FREENAS OPENVPN UPGRADE#
I had some issues with standard jails after the upgrade to FreeNAS 9.10, so before I get into the meat of it, I'm going to outline what I did to get back to a funcitonal state. The UI looks the same, but there is the added benefit of being able to use FreeBSD 10 as the jail template. The most important change that the diligent reader will need to be aware of is that I've upgraded my FreeNAS from the 9.3 train to the 9.10 train. Since I wrote the previous article, a few things have changed. Much to my surprise, this article seems to have gotten some traction, so I'm posting an update to it (leaving the old one in place for posterity's sake). A while back, I wrote a post about building an OpenVPN server inside a FreeNAS jail for a friend who has a small FreeNAS device, but doesn't have a firewall that will let him run an OpenVPN server directly.