Adding a Virtual Private Network (VPN) connection to any system, including a TrueNAS jail, is critically important to protect your privacy. This is even more important if you plan to be downloading media (movies, TV shows, music, books, etc.) from torrents or newsgroups as content providers are frequently searching for individuals and groups circulating their intellectual property. This article will show you how to download, install the OpenVPN software, configure the software for the VPN location you desire, setup the proper network connections, and then test to ensure the connection is working all within a FreeNAS jail. In this case, the article will be using Private Internet Access (PIA) as an example VPN provider, however you should be able to follow the same process for other providers. There is also an option to install a VPN kill switch (shuts down network traffic if you disconnect from the VPN). This article assumes that you already have a FreeNAS system up and running and have already setup the FreeNAS jail in which you want to include an OpenVPN connection.
An updated version of this article is posted on the NEW digiMoot website at:
To install the OpenVPN software, which is the type of connection you will have to your VPN, you will need to get to the command prompt for your jail. First we will install a couple of programs we will need – nano, a text editor, and wget to download the necessary config files and to test the connection. You can install these programs with the following command:
pkg install nano wget
Now we will need to ensure we are using the latest package distribution to ensure we are getting OpenVPN v2.5.0 (or later). We will need to edit your pkg config file with the following command:
you will see a line in the file that looks like this:
and you will need to replace the word “quarterly” with “latest” so that the line looks like this:
Save the file and exit and then we will now install OpenVPN with the following commmand:
pkg install openvpn
If for some reason you get a message like: “No Packages Available to Install Have Been Found in the Repositories”, you can read this article for instructions on how to move past it: FreeNAS: No Packages Available to Install Have Been Found in the Repositories
As noted, this article will use Private Internet Access (PIA) as an example for configuration, but you can use the same process for other VPN providers, just download their OpenVPN files instead.
Lets start by creating a directory for the OpenVPN software:
Next we will need to create a file to store our login credentials for the VPN provider. The following command will open the nano text editor for a blank file in which you should put your VPN username on the first line and your VPN password on the second line:
Alternatively you can create this file with the following two commands where [username] and [password] are your VPN username and password respectively:
echo [username] > /usr/local/etc/openvpn/auth.txt
echo [password] >> /usr/local/etc/openvpn/auth.txt
As this file contains your username and password, we will next need to change the security on it to make it only accessible to those that need it with the following command:
chmod 0600 /usr/local/etc/openvpn/auth.txt
Now we create a temporary directory to download all the VPN information into with the following command:
And then we will download the VPN configuration files (in this case for PIA) with the following commands:
Now if you do an
ls in this directory you will see a bunch of files with different country, city and region names. This is the OpenVPN connection information for servers in those countries. Select which city or region you want to connect to and copy that file to the OpenVPN directory as the default config file (this example uses Denmark):
cp Denmark.ovpn /usr/local/etc/openvpn/openvpn.conf
You will now need to add the following lines to the bottom of the files you just copied in order to have the VPN connection start automatically when the jail boots.
# Automatic login (PIA credentials)
Use the nano text editor with the following command:
Now that everything is configured, we can enable OpenVPN and begin to use the VPN connection.
Set OpenVPN to start automatically by using the following commands:
If you want to manually start your VPN instead, you can use
There is one last step however before the VPN is ready to run. Quit the jail shell. Shut down the jail. Go to the overall TrueNAS shell (for the whole TrueNas system, accessed from the menu in the web interface on the left hand side) and enter the following, where [jailname] is the name of the jail in which you have just installed and configured OpenVPN:
iocage set allow_tun=1 [jailname]
Now, you will need to reboot the entire TrueNAS server. Yes, the whole physical machine. Yes, this is a real pain.
Testing the VPN Connection
Once the TrueNAS server comes back up after its reboot, enter your jail with and test to see if the VPN connection is working by using the following command:
wget -qO - http://wtfismyip.com/text
If the result of this command in an IP address different from your ISP’s IP, then you are good and the VPN is working!
So that’s it. Your VPN in your jail should be up and running.
Login Script on Enter Jail Shell
I setup a quick script to show my public IP every time I log into the shell so that I can be sure my VPN is still connected. It’s a simple process I’ve described in my TrueNAS: Run Script on Startup Run MOTD script article.
VPN Kill Switch
I have not yet tested this out, but you can add a VPN kill switch which would disconnect you from the internet if your VPN disconnects and is no longer protecting you. The following link contains directions for this kill switch (as well as much of the content for the creation of this article):
Shout out to all those who have provided helpful comments on my previous article (FreeNAS: Add VPN Connection to a Jail) which were really helpful in creating this new version for TrueNAS.
Updated: Jan 18, 2021