Adding a Virtual Private Network (VPN) connection to any system, including a TrueNAS jail, is critically important to protect your privacy. This is even more important if you plan to be downloading media (movies, TV shows, music, books, etc.) from torrents or newsgroups as content providers are frequently searching for individuals and groups circulating their intellectual property. This article will show you how to download, install the OpenVPN software, configure the software for the VPN location you desire, setup the proper network connections, and then test to ensure the connection is working all within a FreeNAS jail. In this case, the article will be using Private Internet Access (PIA) as an example VPN provider, however you should be able to follow the same process for other providers. There is also an option to install a VPN kill switch (shuts down network traffic if you disconnect from the VPN). This article assumes that you already have a FreeNAS system up and running and have already setup the FreeNAS jail in which you want to include an OpenVPN connection.
This is part of my ongoing series of TrueNAS and FreeNAS setup, configuration and install articles.
An updated version of this article is posted on the NEW digiMoot website at:
Works just fine 😀
Thanks your steps are truly useful out there !
LikeLike
I get my public IP address when I test it. I am attempting to do this with TORguard and the configurations file they have you download. Any help?
LikeLike
Hi. I also gest my public IP address when I test it. I us PIA
LikeLike
I’m a bit of an amateur, however, I have a questions:
Does this protect my entire server and all internet access with the vpn connection? Or does it just protect the jail with a vpn connection? For example: Say I have multiple plugins installed in separate jails, one with transmission, one with sonarr, one with qbitorrent, one with nextcloud, and a virtual machine. Do I need to install openvpn in each jail as its own instance or can I install openvpn as it’s own jail and funnel the server’s entire traffic through it?
I hope that made sense. If the answer is yes then I am happy. If the answer is no, then it suggests I may have to install all those plugins manually in a single jail in order to get VPN protection yeah?
Thank you for your guides!
LikeLike
This only connects the one jail to a vpn. I have sonarr, radarr, qbittorrent, etc all in one jail.
LikeLike
Sweet, that explains a lot! Do you have Organizr and Jackett in that same single jail also? Lastly, does the order you install these matter?
LikeLike
I have organizr in a separate jail. I don’t think order will matter much. Only hiccup I can think of is the version of mono. Also if you stay tuned for a couple days I have a post I’m working on with the updated version of sonarr (v3)
LikeLike
Is there a specific reason why you have organizr in a separate jail?
And I will definitely stay tuned for the sonarr (v3). Finding your site is a treasure mine for me, because I have been wanting to VPN my jail in order to use transmission, sonarr, radarr, etc. The lack of knowledge on that has stopped me from setting those apps up until now.
LikeLike
I didn’t think Organizr needed to be behind a VPN. I don’t see any reason why you couldn’t put in the same jail though.
LikeLike
Also, would love to see you make a thorough installation guide on NextCloud! Would you recommend installing that in the same jail as the other applications to be protected through a vpn?
LikeLike
https://digimoot.wordpress.com/2019/12/31/freenas-nextcloud-install-with-ssl-access/amp/
LikeLike
You’re the man. One more thing I think you should fast track on your site for the less experienced is, how to create jails manually from the start. What settings are recommended, etc.
I am going to give it a shot, all I’ve ever done is install apps via plug-ins but I love how you consolidated everything in basically one jail.
LikeLike
Would you be so kind as to go over that briefly what settings you would use on creating the jail that would contain all your apps like openvpn, transmission, qbitorrent, jackett, sonarr, radarr, etc? A screenshot would suffice!
Merry Christmas!
LikeLike
I just have all my torrenting apps within one jail (qbittorent, sonarr, radarr).
LikeLike
I’ve got your WordPress site bookmarked now, your guides are really useful thanks. Question about this one – I followed the guide and got OpenVPN up and successfully connected, but all my DNS queries are still going through my ISP. I had to fix this with an ‘up’ and ‘down’ script to edit resolv.conf (I found a guide to help me with this). Not sure if I made a mistake in following your guide? It’s obviously important to ensure all traffic and DNS queries are routed through the VPN. But thanks again for all the work, it’s helped a lot.
LikeLike
Interesting. Do you mind sharing the links you used and I’ll take a look at it? Thanks for the follow and I’m glad you find it helpful.
LikeLike
https://www.truenas.com/community/resources/transmission-jail-setup-with-openvpn-and-dns-leak-protection.161/
LikeLike
Hi Raze!
Thanks for the guide, it seems to be working for me 🙂
One question though: you said at the beginning of the article that “There is also an option to install a VPN kill switch (shuts down network traffic if you disconnect from the VPN).”
However, there is no mention of how to set this up in the guide – unless that “allow_tun=1” sets the network in a way that it will only connect through the VPN and nothing else?
Do you mind elaborating how the VPN killswitch is implemented, or how to implement it? 🙂
Best Regards,
Stefano
LikeLike
I created a new jail and then followed all of the steps exactly as described here. Double-checked everything. Rebooted my TrueNAS CORE server. Reentered the jail shell. Ran:
wget -qO – http://wtfismyip.com/text
It flashes at me for a minute or so, returns nothing, and then I can type again as if I entered nothing at all.
Any suggestions?
LikeLike
Figured it out. Ran nano etc/resolv.conf and changed nameserver to 8.8.8.8 and 8.8.4.4 and it started working again.
LikeLike
Glad you got it sorted!
LikeLike
Thanks for this comment, I had the same problem for days change the nameservers and now work like a charm.
LikeLiked by 1 person
I had that same problem and this fixed it!
LikeLiked by 1 person
Having the same problem but when I run ‘nano etc/resolv.conf’ nano opens with a red error ‘[Directory ‘etc’ does not exist]. I ran the shell from within the jail and entered the command at the root, should I be somewhere else?
LikeLike
Hi, love the blog. I ran into an issue where I can’t wget the zip file for openvpn. That file isn’t found from this step: wget https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip. Is there somewhere else I can get it?
LikeLike
Hey man, that didnt work for me either.
I ran this command instead:
curl https://www.privateinternetaccess.com/openvpn/openvpn.zip | unzip –
Let’s see what Raze has to say about that, but mine is working perfectly.
LikeLike
Thanks for that, I will try it instead.
LikeLike
Let me know if it works!
LikeLike
It let me download it but for whatever reason I can’t get openvpn to connect to my nordvpn. I will have to do some more digging to see what’s up with it. Thanks again.
LikeLike
PIA has updated the location of the file it is now at: https://www.privateinternetaccess.com/openvpn/openvpn.zip
I will update the post. Please be aware this is only for those who are using PIA. If you are using another VPN service, you will have to find their .ovpn files and download them.
Cheers.
LikeLike
thanks for the guide raze42, so easy to follow.
Just wondering what setup you use when creating your jails.
I have had trouble accessing radarr from within the same jail (with vpn & sabnzbd)
any tips would be appreciated
LikeLike
I’m not sure exactly what you’re asking. I have all my collection managers (radarr, sonarr, etc) and qbittorrent in a single jail which is using a VPN. I don’t use newsgroups, just torrents. It might help if you use 127.0.0.1 as the ip address (which is the localhost) to connect between services within the same jail.
LikeLike
Your guides have been great. Thank you. I see that you haven’t tested out the kill switch. Everything else I have installed with your guides has worked perfectly, but, the kill switch cuts off web access to the jail. Everything works find with VPN. The kill switch itself tests out fine. But when the kill switch is on, I can no longer reach the jail via it’s url. This has been the case each time, including multiple installations of sonarr and one of nzbget. If you still haven’t tested this out, I’m wondering if you still might have some troubleshooting suggestions, or maybe soneome else who has experienced this. Thanks!!
LikeLike
I just figured it out. I was careless and didn’t notice that I needed to update the kill switch script with my gateway and mask. You are welcome to delete the post. Everything works as advertised. Thanks.
LikeLike
Your guides are incredible! I don’t know what I’d do without your indirect assistance.
With that said, I’m running into an error when trying to run manually start OpenVPN. This is the code I get:
“/usr/local/etc/rc.d/openvpn: WARNING: failed to start openvpn”
Any insight would be greatly appreciated!
LikeLike
2 questions:
1) how do i keep the /etc/resolv.conf file static to the external ip addresses when using dhcp in my jail?
2) I’m unable to access any ports from the lan on this jail. I need to access my torrent client and/or flood (to manage), but the VPN is blocking.
Thank you
LikeLike
noticed after doing this. If i reboot the Jail. On coming backup while i can get outside access through my VPN. My client seem to have no access (Deluge states no external ip). As such trying to add anything is pointless. However if I reboot the how server all is good aagin. (Note i did intially reboot the whole server as required. Everytime i do reboot the jail, rebooting the server brings everything back ok. But occassionally had to resolve faults with jammed files that require a reboot. just annoying.
LikeLiked by 1 person
I cant get the command : wget -qO – http://wtfismyip.com/text to work. It return wget: Command not found
LikeLiked by 1 person
Hi.
Love this guide.
Im using PrivateVPN, and so far all in this guide seems to work just fine for me. I have an issue with the last command, where I should check If the VPN is working correctly.
wget -qO – http://wtfismyip.com/text
This command gives me this result.
wget: Command not found
Im using shell through the qbittorrent jail
LikeLiked by 1 person
You need to install wget. Use this command at the command prompt in the jail: pkg install wget
LikeLiked by 1 person
Thanx for the information. It was installed but in another version. I updated it and then it worked. Sadly the VPN is not working, so I’m doing something wrong. I think it might be the steps about the auth. Im not sure I did that part correctly.
# Automatic login (PIA credentials)
auth-user-pass /usr/local/etc/openvpn/auth.txt
auth-nocache
LikeLiked by 1 person
Hello, really good guide. But I have a little problem, I use ExpressVPN but can not figure out or can not find the links to download with wget. Do you have a tip or guide for those who use ExpressVPN? 🙂
LikeLike
Hi there. This site has now moved over to http://www.digimoot.com and you can access these articles, ask questions and leave comments there now. Thanks!
LikeLike