Google Fiber & Raspberry Pi/FreeNAS OpenVPN Server

M

Makaveli6103

Weaksauce
Joined
Feb 23, 2010
Messages
103
I have been trying to setup an OpenVPN server on my FreeNAS box for the past few days and have been having troubles with it. I can connect to the server but want all of my traffic sent through the VPN. When I enable it nothing works. I am thinking about trying out Raspberri Pi but am unsure on how much it can handle. I am not look for crazy speeds from it, only around 20-30 (will be mostly used when at school/traveling to use as VPN).

Also was wondering if my problem could be the GF network box they provide. It is very limited and cannot do very much with it. I cannot add static routes for my VPN subnet or change the DNS servers.

Any help with these issues?
 
DNS server settings when connected and forwarded through VPN?

routing table when connected and forwarded through VPN?
 
raspberry pi is going to be terrible performance... i would focus on getting your current solution working... sounds like you just need to change a few settings to force internet traffic through your VPN... a common enough question
 
As previously mentioned, it's probably a DNS configuration issue. I use OpenVPN on a ubuntu server with google fiber with great success. Don't even consider the Pi. Also, OpenVPN maxes at about 110mbps, I believe there are a few writeups out there in gaining more speed, but typically I think it's always spread across multiple connections.

Moral of the story here, OpenVPN is not the solution for you if you are wanting to get the 500-1000mbps that google fiber offers. For the absolute best performance, get a high ghz processor (3ghz+) that has the encryption acceleration feature.
 
capt_zman said:
I just went through this process this weekend. Follow paetzel's openvpn guide. Then the key is follow his firewall guide: http://joepaetzel.com/2014/03/04/secure-freenas-9-2-1-2-with-a-firewall/

I did have to make a couple of mods to the pf.conf file (remove table persist, and remove the parentheses section of the port 22 line) and voila, everything worked as advertised. All traffic went through the vpn and it worked great.
Click to expand...

I don't have a firewall enabled on my freenas box. Do I need to do the firewall portion?
 
mwarps said:
DNS server settings when connected and forwarded through VPN?

routing table when connected and forwarded through VPN?
Click to expand...

Yea I did both of these and still no go. I will post my VPN files later to make sure they are correct. Also concerning the routing table, do I connect my OpenVPN subnet to my router (192.168.1.1)?
 
Phog said:
As previously mentioned, it's probably a DNS configuration issue. I use OpenVPN on a ubuntu server with google fiber with great success. Don't even consider the Pi. Also, OpenVPN maxes at about 110mbps, I believe there are a few writeups out there in gaining more speed, but typically I think it's always spread across multiple connections.

Moral of the story here, OpenVPN is not the solution for you if you are wanting to get the 500-1000mbps that google fiber offers. For the absolute best performance, get a high ghz processor (3ghz+) that has the encryption acceleration feature.
Click to expand...

Could you share your DNS settings? I want to compare them to mine.
 
capt_zman said:
If you enable, your problem will go away. Takes all of 5 mins to do.
Click to expand...

I enabled it and followed those instructions and still does not work. Now I cannot access my server and getting no connection. I need to go back and look at my pf.conf file to make sure I entered all of the correct things. But just to clarify if my router is 192.168.1.1 my network subnet is 192.168.1.0/24....correct? I am new to networking and VPN so there is a slight learning curve.

Also did you include push "redirect-gateway def1" in your server config?
 
Here's what my pf.conf looks like:

#change this to match your primary ethernet interface, re0 or em0 are common, but there are others
ext_if="re0"
vpn_if="tun0"
#table persist
#These are all of the other interfaces we discovered in step 2
set skip on lo0
set skip on ipfw0
set skip on tun0
set block-policy return
scrub in all
#change xxx.xxx.xxx.xxx to the external IP of your FreeNAS box
nat on $ext_if from 10.8.0.0/24 to any -> 172.168.1.28
#Lock it down
block in all
block out all
#Allow VPN traffic
pass on tun0 keep state
#block quick from
#Allow traffic in for ssh
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state
#Allow traffic in for web - delete or comment out if you don't want web traffic
pass in on $ext_if proto tcp from any to any port 80 flags S/SA keep state
pass in on $ext_if proto tcp from any to any port 443 flags S/SA keep state
#Allow traffic in for OpenVPN
pass in on $ext_if proto udp from any to any port 1194 keep state label "openvpn"
#Allow LAN traffic to connect to FreeNAS - change xxx.xxx.xxx.0 to match your network, ie 192.168.0.0 or 10.0.0.0
pass in on $ext_if from 172.168.1.0/24 to any keep state
#Allow traffic out from the LAN
pass out on $ext_if from any to any keep state
 
capt_zman said:
Here's what my pf.conf looks like:

#change this to match your primary ethernet interface, re0 or em0 are common, but there are others
ext_if="re0"
vpn_if="tun0"
#table persist
#These are all of the other interfaces we discovered in step 2
set skip on lo0
set skip on ipfw0
set skip on tun0
set block-policy return
scrub in all
#change xxx.xxx.xxx.xxx to the external IP of your FreeNAS box
nat on $ext_if from 10.8.0.0/24 to any -> 172.168.1.28
#Lock it down
block in all
block out all
#Allow VPN traffic
pass on tun0 keep state
#block quick from
#Allow traffic in for ssh
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state
#Allow traffic in for web - delete or comment out if you don't want web traffic
pass in on $ext_if proto tcp from any to any port 80 flags S/SA keep state
pass in on $ext_if proto tcp from any to any port 443 flags S/SA keep state
#Allow traffic in for OpenVPN
pass in on $ext_if proto udp from any to any port 1194 keep state label "openvpn"
#Allow LAN traffic to connect to FreeNAS - change xxx.xxx.xxx.0 to match your network, ie 192.168.0.0 or 10.0.0.0
pass in on $ext_if from 172.168.1.0/24 to any keep state
#Allow traffic out from the LAN
pass out on $ext_if from any to any keep state
Click to expand...

Ok I figured out what was wrong. His write up was missing things because of wordpress not showing them correctly. If you go back he fixed it.

#change this to match your primary ethernet interface, re0 or em0 are common, but there are others
ext_if="em0"
vpn_if="tun0"
table <bruteforce> persist
#These are all of the other interfaces we discovered in step 2
set skip on re0
set skip on lo0
set skip on bridge0
set skip on ipfw0
set skip on epair0a
set skip on epair1a
set skip on epair2a
set skip on epair3a
set skip on epair4a
set skip on epair5a
set skip on tun0
set block-policy return
scrub in all
#change xxx.xxx.xxx.xxx to the external IP of your FreeNAS box
nat on $ext_if from 10.8.0.0/24 to any -> 192.168.1.8
#Lock it down
block in all
block out all
#Allow VPN traffic
pass on tun0 keep state
block quick from <bruteforce>
#Allow traffic in for ssh
pass in on $ext_if proto tcp from any to any port 22 flags S/SA keep state (max-src-conn 10, max-src-conn-rate 5/5, overload <bruteforce> flush global)
#Allow traffic in for web - delete or comment out if you don't want web traffic
pass in on $ext_if proto tcp from any to any port 80 flags S/SA keep state
pass in on $ext_if proto tcp from any to any port 443 flags S/SA keep state
#Allow traffic in for OpenVPN
pass in on $ext_if proto udp from any to any port 1194 keep state label "openvpn"
#Allow LAN traffic to connect to FreeNAS - change xxx.xxx.xxx.0 to match your network, ie 192.168.0.0 or 10.0.0.0
pass in on $ext_if from 192.168.1.0/24 to any keep state
#Allow traffic out from the LAN
pass out on $ext_if from any to any keep state
 
You must log in or register to reply here.
Back
Top