Set up Torguard VPN for Transmission on Freenas 11.1 – Updated for 2020!

Nowadays, it is prudent to protect your privacy when downloading torrents on the net. A few lawsuits have recently been brought against ISP's by businesses seeking damages from users allegedly downloading illegal content. Many of these lawsuits have centered on trying to get the ISP's to release lists of customer IP addresses along with their associated activity logs. In this post you will learn how to install a VPN in the Transmission jail and when correctly set up, all your Transmission traffic will subsequently go through the VPN. Using the Radarr Transmission and Medusa plugins, my NAS system is better than it has ever been and I was also able to import my ZFS raid disks from my old N4F server with no problems. By following this post carefully you will easily be able to get OpenVPN installed and working though the FreeNAS Transmission jail to ensure only protected traffic is tunneled through our BT client.

Updated April 8, 2020

In my experience, this process is WAY easier that the setup required for N4F and I have setup 3 systems now with no problems using this method! Just so we're clear, this post is NOT meant to be a tutorial on how to set up FreeNas. There are many ways to configure the FN server that depend largely on your system architecture - so head on over to the FN forums if you have basic operational questions. This how-to is adapted from a post in the FN forums by Tango and I have modified it to work with Torguard though it might work with other VPN providers as well (your mileage may vary). This tutorial assumes you have your Freenas server setup and working correctly and that you have installed and tested the Transmission plugin to your satisfaction. I am currently using Torguard and I can highly recommend them. They offer many locations worldwide, are reasonably priced and have excellent customer service when you need it.

If you can't see the button below please disable your ADBLOCKER for my site. I promise will never give you ads or track you in any way, but unfortunately the ad blockers see the link below as an ad and erase it from the displayed HTML. Thank you for your cooperation! 

[button color="accent-color" hover_text_color_override="#fff" url="

https://torguard.net/aff.php?aff=215/" text="Click Here to Try Torguard"

color_override=""]

Here are the steps I followed to get VPN working on my FreeNas 11.1 server:

1 - You will need a VPN provider in order to get this going. Click here to try Torguard.

2 - SSH into freenas. (I use PuTTy)

3 - Get a list of jails:

root@freenas ~ : jls
JID IP Address   Hostname       Path
3 - 192.168.1.50 transmission_1 /mnt//jails/transmission_1

4 - jexec into the jail (mine happens to be 3 - yours may vary)

root@freenas: ~ : jexec 3 tsch /bin/sh #(if you are having trouble try- sudo
jexec 3 /bin/sh) root@transmisssion_1: ~ / :

5 - Install bash. May be prompted several times - reply Y then press enter each time.

root@transmission_1: ~ / : pkg install bash

6 - Install nano. Again, may be prompted several times. Reply Y each time.

root@transmission_1: ~ / : pkg install nano

7 - Move to the /etc folder.

root@transmission_1: ~ / : cd /etc
root@transmission_1: ~ /etc :

8 - Fetch Portsnap via portsnap fetch: **This will take a while to download and ask for several prompts - you know the drill.

root@transmission_1: ~ /etc : portsnap fetch

9 - Extract Ports to /usr/ports **This will also take a long time and A LOT of scrolling will happen. It's normal.

root@transmission_1: ~ /etc : portsnap extract

10 - Navigate to /usr/ports/security/openvpn

root@transmission_1: ~ /etc : cd /usr/ports/security/openvpn
root@transmission_1: ~ /usr/ports/security/openvpn :

11 - Make a clean install which allows us to set the option of a password file.

root@transmission_1: ~ /usr/ports/security/openvpn : make install clean

**Blue screen should appear. Press the DOWN arrow and the SPACE bar to ensure the [ ] next to PW_Save ( 5th option down) has an X in it.

Should look this:

x+[X] PW_Save Interactive passwords may be read from a file (On latest versions of openvpn (Mar. 2016) you MAY NOT get an option #5 as described above, but openvpn appears to read passwords from a textfile anyways so you can safely skip this step.)**then press enter. Lots of things should happen now...

12 - Go to root directory of the transmission_1 jail:

root@tranmission_1: ~ /usr/ports/security/openvpn : cd /
root@transmission_1: ~ / :

13 - Enter Bash

root@transmission_1: ~ / : bash
root@transmission_1: ~ / :

14 - Make a directory for OpenVPN & our files that we will download from Torguard:

root@transmission_1: ~ / : mkdir /usr/local/etc/openvpn:

15 - Add lines to the rc.conf so OpenVPN starts when the jail starts:

root@transmission_1 ~ / : cd /etc # Note – use Ctrl+o will write the file and Ctrl+X will exit.
root@transmission_1 ~ /etc : nano rc.conf # File is open.
# Add the following (can copy/paste using ctrl+C then right clicking in the shell)
openvpn_enable=”YES”
openvpn_configfile=”/usr/local/etc/openvpn/openvpn.conf”
# Write via Ctrl+O. Press Enter
# Exit via Ctrl+X.

16 - Move to a new folder (helps me keep things straight):

root@transmission_1 ~ /etc : cd /media/

17 - Grab the Torguard files, you'll likely need to grab them manually and install them through the FreeNas GUI as Torguard does not allow wget

file transfers. If you have created your Transmission jail storage correctly (see link at beginning of article) you should be able to drag

the Torguard files into your shared NAS 'downloads' directory and see them symlinked in your jail's '/media' directory.You will need a login

CLICK HERE to check out Torguard. Here is the link once you are logged in: https://torguard.net/downloads.php. You will want to grab the

'Standard Port 443/TCP Configs" in the "OpenVPN Config Files and Scripts" section (near the bottom).

18 - Unzip the Torguard openvpn files into the 'Media' folder:

root@transmission_1 ~ /media : unzip TorguardPRO.zip/

18 - Make a pass.txt file to hold your username and password.

root@tranmission_1 ~ /media : nano pass.txt
# Nano will pop up. ONLY type in the following (substituting your REAL username and password of course)
USER
PASSWRD
# Press Ctrl+o. call it pass.txt. then enter. then Ctrl+X

19 - Configure the .ovpn file of your selected server. (I used a Canadian-based.ovpn' as it is still legal to torrent in Canada at this time. Torguard asks that you NOT use US-based servers for torrenting)

root@tranmission_1: ~ /media : nano 'Your_Selected.ovpn
# On the auth-user-pass line add pass.txt after it like so: auth-user-pass pass.txt
# Press Ctrl+o. call it Your_Selected.ovpn. then enter. then Ctrl+X

20 - Move the fixed Torguard files** into the correct folder we just created**The actual OpenVPN files we created in Step 20 above.

#ca.crt next:
root@transmission_1: ~ /media : cp /media/ca.crt /usr/local/etc/openvpn/ca.crt
# our pass.txt file we created:
root@transmission_1: ~ /media : cp /media/pass.txt /usr/local/etc/openvpn/pass.txt .ovpn file to .conf file
(You'll have to use "" around the name if there is a space in it.)
root@transmission_1: ~ /media : cp /media/Your_Selected.ovpn /usr/local/etc/openvpn/openvpn.conf

21 - Start your OpenVPN server:

root@transmission_1 ~ / : /usr/local/etc/rc.d/openvpn start

22 - Check your install. You should be able to query the VPN tunnel:

root@tranmission_1: ~ /media : ifconfig tun0 # You should see a printout like:
# ifconfig tun0
tun0: flags=8051 metric 0 mtu 1500
options=80000
inet 10.9.0.22 --> 10.9.0.21 netmask 0xffffffff
nd6 options=1
Opened by PID 7036
# Or something similar...

23 - Congratulations! Your Transmission packets are now using Torguard!

24 - One caveat worth mentioning here: You probably won't be able to automagically update the Transmission client from the GUI as I have never been able to get it to successfully update itself. Whether that is the fault of our modifications or just a bug in Freenas I am not sure. To update, just make a note of your Transmission jail's storage structure and delete the plugin and re-install according to the guide again. It's a bit of a PITA - but for now, it is the only way.

Not Working? Check out these useful commands and troubleshooting tips.

Useful Open VPN Commands:

#Stop openvpn
root@transmission_1: ~ / : /usr/local/etc/rc.d/openvpn stop
#Start openvpn
root@transmission_1: ~ / : /usr/local/etc/rc.d/openvpn start
#Restart openvpn
root@transmission_1: ~ / : /usr/local/etc/rc.d/openvpn restart
#Query Secure network VPN tunnel
root@tranmission_1: ~ / : ifconfig tun0
#Query whole Freenas network
root@transmission_1: ~ / : ifconfig
# stop all openvpn processes
root@transmission_1: ~ / : killall -TERM openvpn

Still not working as you expect? Check out the log files in Freenas before you post a comment.[snippet slug=vpn-22 lang=bash]Still not working? Check this post for clues (it's a good troubleshooting primer as well). Just telling me it's not working does not provide enough information to troubleshoot your problem. You wouldn't take your car into the garage and say, "my car doesn't work!" - you need to give me some clues to help you fix your problem. Check your steps carefully, every command has to be issued as it is shown in the how to. If you find any mistakes please let me know and I will fix them right away.

5 1 vote
Article Rating
Subscribe
Notify of
guest
70 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Dane Nguyen
Dane Nguyen
5 years ago

Where did you find the crl.pem file? all i have is a ca.crt and a lot of ovpn’s. When i run /usr/local/etc/rc.d/openvpn start i get Starting openvpn. then nothing. i check ifconfig and does not show tun0

Mark
Mark
5 years ago

Great guide, works awesomely with TorGuard 🙂

Thankyou

Nick
Nick
4 years ago

Followed your guide and it works great, but I’m having issues with transmission claiming its port is closed despite being forwarded on my router. Do I have to request the port forward with torguard directly and which IP do I provide? For example, you show 10.9.0.22 –> 10.9.0.21. Would I use .22 or .21?

Philip
Philip
2 years ago
Reply to  Nick

Hi. Did you ever get a response to this? I have an issue with the Transmission port being closed despite it being referenced in my firewall port forwarding.

Royce
Royce
2 years ago
Reply to  Rick

I would also love guidance on how to properly accomplish port forwarding with this setup and have an end result of transmission showing the port as Open inside the client.

Moandain
Moandain
4 years ago

portmap_enable=”NO”
sshd_enable=”NO”
sendmail_enable=”NO”
sendmail_submit_enable=”NO”
sendmail_outbound_enable=”NO”
sendmail_msp_queue_enable=”NO”
hostname=”transmission_1″ devfs_enable=”YES”
devfs_system_ruleset=”devfsrules_common”
transmission_download_dir=””
transmission_enable=”YES”
transmission_conf_dir=”/var/db/transmission”
openvpn_enable=”YES”
openvpn_configfile=”/usr/local/etc/openvpn/openvpn.conf”

did I do something wrong in the rc.conf?

Moandain
Moandain
4 years ago
Reply to  Moandain

/usr/local/etc/rc.d/openvpn: WARNING: ”/usr/local/etc/openvpn/openvpn.conf” is n
ot readable.
/usr/local/etc/rc.d/openvpn: WARNING: failed precmd routine for openvpn
root@transmission_1:/ #

this is what I get every time.

Moandain
Moandain
4 years ago
Reply to  Moandain

YAY for dumb mistakes in my rc.conf file

Adam
Adam
3 years ago
Reply to  Moandain

I’m getting the same error. What mistakes did you make in rc.conf file?

Adam
Adam
3 years ago
Reply to  Adam

I found another command to start openvpn: /usr/local/etc/rc.d/openvpn start – gave me the same error but using /usr/local/etc/rc.d/openvpn onestart worked. I just have to remember to run this every time I reboot server.

asdf
asdf
1 year ago
Reply to  Adam

cutting and pasting the files above puts invalid quotes in the rc.conf file. Edit the file and replace them with the quotes found on your keyboard.

Josh
Josh
4 years ago

Just as note I had a previous setup from Torguard blog that worked initially but then would die after a while and not come back. So using this guide does work, but I did have to reboot the server to get openvpn to open tun0 in my jail.

One thing you can add though is from this thread take his firewall rules and everything but transmission traffic goes out the tun. You do lose the possibility of remote transmission access but I also run flex get in my transmission jail so it uses normal pathway.

https://www.reddit.com/r/freenas/comments/41fhz3/configuration_guide_for_openvpn_and_ipfw_so_that/

Ric
Ric
4 years ago

root@transmission_1:/ # pkg install bash

Operation timed out repository FreeBSD has no meta file, using default settings

Wilson
Wilson
4 years ago

Thanks for the write up…saved me a lot of time 🙂

Erick
Erick
3 years ago

I’shaving a problem starting the vpn. I get this message when i check the logs

“transmission_1 openvpn[55027]: Options error: You must define TUN/TAP device (–dev)”
any help would be appreciated!

Ray
Ray
3 years ago

I trying to get this installed. When trying to start OpenVPN /usr/local/etc/rc.d/openvpn start
I don’t have the openvpn in the rc.d folder.

Rohit Pawar
Rohit Pawar
2 years ago
Reply to  Ray

I got the same error, you would need to install the OpenVPN package manually first along with the bash and nano packages mentioned earlier in the article. Took a while to figure out, but it works great after that.

eric
eric
3 years ago

Cant seem to get the service to start.

root@transmission_1:/ # /usr/local/etc/rc.d/openvpn start
/usr/local/etc/rc.d/openvpn: Command not found.
root@transmission_1:/ # cd /usr/local/etc/rc.d
root@transmission_1:/usr/local/etc/rc.d # ls
pbid svnserve transmission
root@transmission_1:/usr/local/etc/rc.d #

Any help would be great.

Mikcey
Mikcey
2 years ago

After about 3 years of use I am so disappointed in freenas, cannot wait to go back to linux.

Ercik
Ercik
2 years ago

I have done this tutorial many times over the last year with great success, but today this happened. can anyone help with this?
# make install clean
===> Building/installing dialog4ports as it is required for the config dialog
===> Cleaning for dialog4ports-0.1.6
===> Skipping ‘config’ as NO_DIALOG is defined
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[3]: stopped in /usr/ports/ports-mgmt/dialog4ports
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/ports-mgmt/dialog4ports
===> Options unchanged
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[1]: stopped in /usr/ports/security/openvpn
*** Error code 1

Stop.
make: stopped in /usr/ports/security/openvpn
#

Erick
Erick
2 years ago
Reply to  Rick

I’m on the newest version . 11.1-U4 i think that is where all of this started.

Ric
Ric
2 years ago

# make install clean command throws me an error! Please HELP!

root@transmission_1:/usr/ports/security/openvpn # make install clean
===> Building/installing dialog4ports as it is required for the config dialog
===> Cleaning for dialog4ports-0.1.6
===> Skipping ‘config’ as NO_DIALOG is defined
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[3]: stopped in /usr/ports/ports-mgmt/dialog4ports
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/ports-mgmt/dialog4ports
===> Options unchanged
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[1]: stopped in /usr/ports/security/openvpn
*** Error code 1

Stop.
make: stopped in /usr/ports/security/openvpn

Norah
Norah
2 years ago

Successfully get the VPN up and running. However, the tun0 eventually died afterward. I have to restart the jail via freenas GUI and the tune0 up again. Anyways, how can I fix this?

Andrew
Andrew
2 years ago

What is “tsch”?

Andrew
Andrew
2 years ago
Reply to  Rick

Typo then it seems.

Andrew
Andrew
2 years ago

Steps 16-21 Seem out of order/missing appropriate instructions. Please advise.

Andrew
Andrew
2 years ago
Reply to  Rick

Step 19 and 21 have the same Code shown but different descriptions. Step 16’s code more nearly maxes step 19’s description. I know almost nothing about Unix; my questions aren’t meant to sound condescending and I apologize if they do.

Ric
Ric
2 years ago

I am getting the following error message when trying to run “make install clean” command: (Step 11. Make a clean install which allows us to set the option of a password file.) I have the latest “Transmission version 2.93-amd64” (Freenas build 11.1-U5). Please advise.

root@customplugin_1:/usr/ports/security/openvpn # make install clean
===> Building/installing dialog4ports as it is required for the config dialog
===> Cleaning for dialog4ports-0.1.6
===> Skipping ‘config’ as NO_DIALOG is defined
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[3]: stopped in /usr/ports/ports-mgmt/dialog4ports
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/ports-mgmt/dialog4ports
===> Options unchanged
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[1]: stopped in /usr/ports/security/openvpn
*** Error code 1

Stop.
make: stopped in /usr/ports/security/openvpn
root@customplugin_1:/usr/ports/security/openvpn #

Erick
Erick
1 year ago

I just installed the freenas 11.2 beta, are the commands the same for iocage jails? It would not install nano so i am stuck at that point in my installation..

Erick
Erick
1 year ago

i got everything installed but my ip address in still my home ip not the vpn ip. i noticed when i did ifconfig tun0 command this line was missing.
inet 10.9.0.22 –> 10.9.0.21 net mask 0xffffffff
any ideas.

Erick
Erick
1 year ago

“ifconfig: interface tun0 does not exist.” after following the instruction to a tee. it says open vpn is starting then this..

Erick
Erick
1 year ago

“root@transmission /media]# grep -i error /var/log/messages
Oct 23 08:35:08 transmission openvpn[59797]: Exiting due to fatal error” when i enter this command…

Erick
Erick
1 year ago

[root@transmission /media]# cat /var/log/messages
Oct 22 23:21:56 transmission newsyslog[31526]: logfile first created
Oct 22 23:21:56 transmission syslogd: kernel boot file is /boot/kernel/kernel
Oct 22 23:22:00 transmission pkg-static: pkg-1.10.5_3 installed
Oct 22 23:22:00 transmission pkg-static: pkg reinstalled: 1.10.5_3 -> 1.10.5_3
Oct 22 23:22:07 transmission pkg: libnghttp2-1.33.0 installed
Oct 22 23:22:07 transmission pkg: ca_root_nss-3.39 installed
Oct 22 23:22:07 transmission pkg: indexinfo-0.3.1 installed
Oct 22 23:22:07 transmission pkg: miniupnpc-2.1_1 installed
Oct 22 23:22:07 transmission pkg: bittorrent-libutp-0.20130514_1 installed
Oct 22 23:22:07 transmission pkg: libnatpmp-20150609 installed
Oct 22 23:22:08 transmission pkg: curl-7.61.1 installed
Oct 22 23:22:08 transmission pkg: libevent-2.1.8_2 installed
Oct 22 23:22:08 transmission pkg: dht-0.22 installed
Oct 22 23:22:08 transmission pkg: gettext-runtime-0.19.8.1_1 installed
Oct 22 23:22:08 transmission pkg: libb64-1.2.1 installed
Oct 22 23:22:08 transmission pkg: transmission-daemon-2.94 installed
Oct 22 23:22:09 transmission pkg: transmission-web-2.94 installed
Oct 23 03:22:09 transmission dhclient[31266]: connection closed
Oct 23 03:22:09 transmission dhclient[31266]: exiting.
Oct 22 23:22:09 transmission syslogd: exiting on signal 15
Oct 22 23:22:13 transmission syslogd: kernel boot file is /boot/kernel/kernel
Oct 22 23:22:15 transmission transmission-daemon[32501]: UDP Failed to set receive buffer: No buffer space available (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-2.94/libtransmission/tr-udp.c:65)
Oct 22 23:22:15 transmission transmission-daemon[32501]: UDP Failed to set receive buffer: requested 4194304, got 42080 (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-2.94/libtransmission/tr-udp.c:84)
Oct 22 23:22:20 transmission transmission-daemon[32534]: UDP Failed to set receive buffer: No buffer space available (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-2.94/libtransmission/tr-udp.c:65)
Oct 22 23:22:20 transmission transmission-daemon[32534]: UDP Failed to set receive buffer: requested 4194304, got 42080 (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-2.94/libtransmission/tr-udp.c:84)
Oct 22 23:25:05 transmission dhclient[32120]: connection closed
Oct 22 23:25:05 transmission dhclient[32120]: exiting.
Oct 22 23:25:05 transmission syslogd: exiting on signal 15
Oct 22 23:26:13 transmission syslogd: kernel boot file is /boot/kernel/kernel
Oct 22 23:26:15 transmission transmission-daemon[33173]: UDP Failed to set receive buffer: No buffer space available (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-2.94/libtransmission/tr-udp.c:65)
Oct 22 23:26:15 transmission transmission-daemon[33173]: UDP Failed to set receive buffer: requested 4194304, got 42080 (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-2.94/libtransmission/tr-udp.c:84)
Oct 22 23:27:01 transmission pkg: bash-4.4.23 installed
Oct 23 08:07:39 transmission pkg-static: dialog4ports-0.1.6 installed
Oct 23 08:11:26 transmission pkg-static: pkgconf-1.5.4,1 installed
Oct 23 08:12:03 transmission pkg-static: lzo2-2.10_1 installed
Oct 23 08:12:14 transmission pkg-static: gmake-4.2.1_2 installed
Oct 23 08:12:28 transmission pkg-static: liblz4-1.8.3,1 installed
Oct 23 08:15:17 transmission pkg-static: easy-rsa-3.0.5_1 installed
Oct 23 08:15:18 transmission pkg-static: openvpn-2.4.6_3 installed
Oct 23 08:35:05 transmission openvpn[59796]: WARNING: file ‘pass.txt’ is group or others accessible
Oct 23 08:35:05 transmission openvpn[59796]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Oct 23 2018
Oct 23 08:35:05 transmission openvpn[59796]: library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Oct 23 08:35:05 transmission openvpn[59797]: NOTE: –fast-io is disabled since we are not using UDP
Oct 23 08:35:05 transmission openvpn[59797]: TCP/UDP: Preserving recently used remote address: [AF_INET]195.206.105.27:443
Oct 23 08:35:05 transmission openvpn[59797]: Socket Buffers: R=[65536->65536] S=[32768->32768]
Oct 23 08:35:05 transmission openvpn[59797]: Attempting to establish TCP connection with [AF_INET]195.206.105.27:443 [nonblock]
Oct 23 08:35:06 transmission openvpn[59797]: TCP connection established with [AF_INET]195.206.105.27:443
Oct 23 08:35:06 transmission openvpn[59797]: TCP_CLIENT link local: (not bound)
Oct 23 08:35:06 transmission openvpn[59797]: TCP_CLIENT link remote: [AF_INET]195.206.105.27:443
Oct 23 08:35:06 transmission openvpn[59797]: TLS: Initial packet from [AF_INET]195.206.105.27:443, sid=b49c2cbb c6ec5c4c
Oct 23 08:35:06 transmission openvpn[59797]: WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Oct 23 08:35:07 transmission openvpn[59797]: VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Oct 23 08:35:07 transmission openvpn[59797]: VERIFY KU OK
Oct 23 08:35:07 transmission openvpn[59797]: Validating certificate extended key usage
Oct 23 08:35:07 transmission openvpn[59797]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Oct 23 08:35:07 transmission openvpn[59797]: VERIFY EKU OK
Oct 23 08:35:07 transmission openvpn[59797]: VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Oct 23 08:35:07 transmission openvpn[59797]: WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1592′, remote=’link-mtu 1543′
Oct 23 08:35:07 transmission openvpn[59797]: WARNING: ‘tun-mtu’ is used inconsistently, local=’tun-mtu 1532′, remote=’tun-mtu 1500′
Oct 23 08:35:07 transmission openvpn[59797]: WARNING: ‘comp-lzo’ is present in local config but missing in remote config, local=’comp-lzo’
Oct 23 08:35:07 transmission openvpn[59797]: WARNING: ‘cipher’ is used inconsistently, local=’cipher AES-256-CBC’, remote=’cipher BF-CBC’
Oct 23 08:35:07 transmission openvpn[59797]: WARNING: ‘keysize’ is used inconsistently, local=’keysize 256′, remote=’keysize 128′
Oct 23 08:35:07 transmission openvpn[59797]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 23 08:35:07 transmission openvpn[59797]: [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]195.206.105.27:443
Oct 23 08:35:08 transmission openvpn[59797]: SENT CONTROL [TG-OVPN-CA]: ‘PUSH_REQUEST’ (status=1)
Oct 23 08:35:08 transmission openvpn[59797]: PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.9.0.1,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 5,ping-restart 30,socket-flags TCP_NODELAY,compress,ifconfig 10.8.0.22 10.8.0.21,peer-id 0,cipher AES-128-GCM’
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: compression parms modified
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: –socket-flags option modified
Oct 23 08:35:08 transmission openvpn[59797]: Socket flags: TCP_NODELAY=1 succeeded
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: –ifconfig/up options modified
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: route options modified
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: –ip-win32 and/or –dhcp-option options modified
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: peer-id set
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: adjusting link_mtu to 1659
Oct 23 08:35:08 transmission openvpn[59797]: OPTIONS IMPORT: data channel crypto options modified
Oct 23 08:35:08 transmission openvpn[59797]: Data Channel: using negotiated cipher ‘AES-128-GCM’
Oct 23 08:35:08 transmission openvpn[59797]: Outgoing Data Channel: Cipher ‘AES-128-GCM’ initialized with 128 bit key
Oct 23 08:35:08 transmission openvpn[59797]: Incoming Data Channel: Cipher ‘AES-128-GCM’ initialized with 128 bit key
Oct 23 08:35:08 transmission openvpn[59797]: ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=epair0b HWADDR=02:ff:60:03:aa:47
Oct 23 08:35:08 transmission openvpn[59797]: Cannot allocate TUN/TAP dev dynamically
Oct 23 08:35:08 transmission openvpn[59797]: Exiting due to fatal error
[root@transmission /media]#

Fabricio Lucas
Fabricio Lucas
1 year ago

Hi Rick, I followed your document and it really works, now transmission is behind my VPN, thank you for this. Also, I am wondering if this same process will work with Plex on a Freenas server. I built the same server following the instruction from this tutorial https://www.zufallsheld.de/2013/11/22/freenas-transmission-couchpotato-sickbeard-dlna-server/

Let me know if this same process will work on the Plex jail.

Thank you

Ric
Ric
1 year ago

I ran “ifconfig tun0” command but “inet” is not showing. Checked openvpn status is currently running. How can I fix this error?

[root@transmission /]# ifconfig tun0
tun0: flags=8010 metric 0 mtu 1500
options=80000
nd6 options=1
groups: tun
[root@transmission /]#

Ric
Ric
1 year ago
Reply to  Rick

Before I started to follow your guide I made sure the internet is pingable from the Jail (transmission).

Here’s ifconfig results:

root@transmission:/ # ifconfig
lo0: flags=8049 metric 0 mtu 16384
options=600003
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21
groups: lo
epair0b: flags=8843 metric 0 mtu 1500
options=8
ether 02:ff:60:03:aa:47
hwaddr 02:05:d0:00:0b:0b
inet 192.168.1.115 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=1
media: Ethernet 10Gbase-T (10Gbase-T )
status: active
groups: epair
root@transmission:/ #

root@freenas[~]# ifconfig
igb0: flags=8943 metric 0 mtu 1500
options=2400b9
ether 0c:c4:7a:00:c5:36
hwaddr 0c:c4:7a:00:c5:36
inet 192.168.1.103 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=9
media: Ethernet autoselect (1000baseT )
status: active
igb1: flags=8843 metric 0 mtu 1500
options=6403bb
ether 0c:c4:7a:00:c5:37
hwaddr 0c:c4:7a:00:c5:37
inet 192.168.1.153 netmask 0xffffff00 broadcast 192.168.1.255
nd6 options=9
media: Ethernet autoselect (1000baseT )
status: active
lo0: flags=8049 metric 0 mtu 16384
options=600003
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21
groups: lo
tap0: flags=8943 metric 0 mtu 1500
options=80000
ether 00:bd:eb:f8:f9:00
hwaddr 00:bd:eb:f8:f9:00
nd6 options=1
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 3872
bridge0: flags=8843 metric 0 mtu 1500
ether 02:a8:92:ba:40:00
nd6 options=1
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:6 flags=143
ifmaxaddr 0 port 7 priority 128 path cost 2000
member: vnet0:5 flags=143
ifmaxaddr 0 port 10 priority 128 path cost 2000
member: vnet0:4 flags=143
ifmaxaddr 0 port 9 priority 128 path cost 2000
member: vnet0:3 flags=143
ifmaxaddr 0 port 8 priority 128 path cost 2000
member: vnet0:1 flags=143
ifmaxaddr 0 port 6 priority 128 path cost 2000
member: igb0 flags=143
ifmaxaddr 0 port 1 priority 128 path cost 20000
member: tap0 flags=143
ifmaxaddr 0 port 4 priority 128 path cost 2000000
vnet0:1: flags=8943 metric 0 mtu 1500
description: associated with jail: plex
options=8
ether 02:ff:60:14:fa:09
hwaddr 02:05:d0:00:06:0a
nd6 options=1
media: Ethernet 10Gbase-T (10Gbase-T )
status: active
groups: epair
vnet0:3: flags=8943 metric 0 mtu 1500
description: associated with jail: plex_2
options=8
ether 02:ff:60:38:24:6b
hwaddr 02:05:d0:00:08:0a
nd6 options=1
media: Ethernet 10Gbase-T (10Gbase-T )
status: active
groups: epair
vnet0:4: flags=8943 metric 0 mtu 1500
description: associated with jail: nextcloud
options=8
ether 02:ff:60:ba:b5:81
hwaddr 02:05:d0:00:09:0a
nd6 options=1
media: Ethernet 10Gbase-T (10Gbase-T )
status: active
groups: epair
vnet0:5: flags=8943 metric 0 mtu 1500
description: associated with jail: clamav
options=8
ether 02:ff:60:ac:89:b2
hwaddr 02:05:d0:00:0a:0a
nd6 options=1
media: Ethernet 10Gbase-T (10Gbase-T )
status: active
groups: epair
vnet0:6: flags=8943 metric 0 mtu 1500
description: associated with jail: transmission
options=8
ether 02:ff:60:03:aa:46
hwaddr 02:05:d0:00:07:0a
nd6 options=1
media: Ethernet 10Gbase-T (10Gbase-T )
status: active
groups: epair
root@freenas[~]#

Ric
Ric
1 year ago
Reply to  Rick

Ive restarted openVPN via cli and appears to be running, made sure openVPN rule on my router is disabled, and ran “ifconfig tun0” again, but still no go.

root@transmission:/media # ifconfig tun0
tun0: flags=8010 metric 0 mtu 1500
options=80000
nd6 options=1
groups: tun

root@transmission:/media # tail /var/log/messages
Feb 10 13:54:09 transmission openvpn[9706]: WARNING: file ‘/usr/local/etc/openvpn/pass.txt’ is group or others accessible
Feb 10 13:54:09 transmission openvpn[9706]: OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 3 2019
Feb 10 13:54:09 transmission openvpn[9706]: library versions: OpenSSL 1.0.2o-freebsd 27 Mar 2018, LZO 2.10
Feb 10 13:54:09 transmission openvpn[9707]: NOTE: –fast-io is disabled since we are not using UDP
Feb 10 13:54:09 transmission openvpn[9707]: TCP/UDP: Preserving recently used remote address: [AF_INET]206.189.214.52:80
Feb 10 13:54:09 transmission openvpn[9707]: Socket Buffers: R=[65536->65536] S=[32768->32768]
Feb 10 13:54:09 transmission openvpn[9707]: Attempting to establish TCP connection with [AF_INET]206.189.214.52:80 [nonblock]
Feb 10 13:54:10 transmission openvpn[9707]: TCP connection established with [AF_INET]206.189.214.52:80
Feb 10 13:54:10 transmission openvpn[9707]: TCP_CLIENT link local: (not bound)
Feb 10 13:54:10 transmission openvpn[9707]: TCP_CLIENT link remote: [AF_INET]206.189.214.52:80
root@transmission:/media # ifconfig tun0
tun0: flags=8010 metric 0 mtu 1500
options=80000
nd6 options=1
groups: tun
root@transmission:/media #

Ric
Ric
1 year ago
Reply to  Rick

In that forum is all about issue of allocating (creating Tun) Tun. The issue that Im having is Tun interface on Transmission jail cannot get IP. Below is my Jail .ovpn info.

Freenas ver. 11.2
Iocage >Transmission

client
dev tun
proto tcp
remote sf.west.usa.torguardvpnaccess.com 443
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca ca.crt
remote-cert-tls server
auth-user-pass pass.txt
comp-lzo
verb 3
reneg-sec 0
keepalive 5 30
fast-io

# Uncomment these directives if you have speed issues
;sndbuf 393216
;rcvbuf 393216
;push “sndbuf 393216”
;push “rcvbuf 393216”

# Use BF-CBC if using a version of OpenVPN below 2.4
;cipher BF-CBC
# Use AES-256-CBC if using OpenVPN version 2.4 +
cipher AES-256-CBC

—–BEGIN CERTIFICATE—–
MIIEwTCCA6mgAwIBAgIJAKROjebUHo0gMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNVBAoT
CFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0ExETAP
BgNVBCkTCFRvckd1YXJkMSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1pbkB0b3JndWFy
ZC5uZXQwHhcNMTQwNDE3MTAwOTIzWhcNMjQwNDE0MTAwOTIzWjCBmzELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAkZMMRAwDgYDVQQHEwdPcmxhbmRvMREwDwYDVQQKEwhU
+pqDf3wzj94y/IpGQgE4l0fgAdwf/C7F533TSwU/vi+5PDWfwD2WmGqVmcmXn6Rp
9Fwr+oryRw8GfsVBLZHTkWF1RZrRAr8hWZhNySGFwSXlEIicvNy+9mlFhk2Nb46w
ioZKc1Lc7/okeXNWHPv6Dlm39TcNBpGX/xNoWBzqs1EtA1ZGvMcQHsKLfi3Nbaab
BYe08KWsfeZA+ih4BZ6y2E+x84NYHRebqijXTtHp35coyXllBL/+LBoZ86hKszEx
F3pjGU0+8NzvdPUbKndhzyPPnHF1
—–END CERTIFICATE—–

Shane
Shane
1 year ago

Rick, this guide worked perfectly for me, and I am using NordVPN. I have a question. Is it normal for me to not be able to connect to the internet from the ssh terminal. What I’m saying is, things like pkg and wget don’t work, i’m assuming because they can’t access the interent. (Meanwhile transmission is working perfectly fine.)

Shane
Shane
1 year ago
Reply to  Rick

Definitely a DNS issue. Tried a numerical ip and it worked fine. My ultimate goal was to use wget to verify that my external IP address was different with openvpn started. I was able to do this using the numberical ip, so unless you there’s an easy fix for this, I’m just going to let it go. Thanks for the answer.

Robert Hughes
Robert Hughes
1 year ago

I’m getting an error “Exiting due to fatal error”
Which is not very useful for troubleshooting….
Any ideas?

Edit: looking at the full messages file, it states the following “Cannot allocate TUN/TAP dev dynamically”

Wally Thander
Wally Thander
9 months ago

I am getting an error /usr/ports/security/openvpn : make install clean
/usr/ports/security/openvpn: Permission Denied.
I don’t understand how, when I have SU permission in the jail, that I can get a permission denied error.
I am using FreeNAS 11.3 beta, so it might be different.
Any idea why that might be? I am not put off because I can’t install nano, just I can’t actually setup OpenVPN.

Erick
Erick
28 days ago

I keep getting this message even though I know that did set it correctly any idea why?

[root@Transmission /media]# /usr/local/etc/rc.d/openvpn start
/usr/local/etc/rc.d/openvpn: WARNING: $openvpn_enable is not set properly – see rc.conf(5).
Cannot ‘start’ openvpn. Set openvpn_enable to YES in /etc/rc.conf or use ‘onestart’ instead of ‘start’.

Rick
Admin
28 days ago
Reply to  Erick

Check out this link and read down to the comments concerning the rc.conf file…

Erick
Erick
28 days ago
Reply to  Rick

I figured that part out, thanks for the reply. I am curious about something though. It looks as though TorGuard has changed its files.these files aren’t there ‘Standard Port 443/TCP Configs” in the “OpenVPN Config Files and Scripts” section (near the bottom).
in their place is
DD-WRT Startup Scripts Port 443/TCP

these are very different files. will these work?

Erick
Erick
28 days ago
Reply to  Rick

[root@Transmission /media]# ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
nd6 options=1<PERFORMNUD>
groups: tun
I had older TorGuard Open-vpn-TCP files from the last time i tried this method but the vpn doesn’t seem to be working. I pinged my ip on transmission and it still came back as my actual IP. Above is the read out I got when i entered the iconfig tun0 command.Everything seemed to work smoothly but for some reason the vpn isn’t working? any help is greatly appreciated! thanks for this tutorial! It has been really helpful.

Last edited 28 days ago by Erick
Erick
Erick
28 days ago
Reply to  Erick

Nevermind,I found what i needed to know here https://www.ixsystems.com/community/threads/openvpn-in-an-iocage-on-freenas-11-2-release.72061/
Thanks again for this tutorial!!

Rick
Admin
26 days ago
Reply to  Erick

No problem. I am using Torguard on my PFsense firewall now as it is much easier than hacking a freebsd jail. But thanks for helping others by posting your solution here.