OpenVPN server - VPN running - directing Router through VPN

[Dravinian]

Hi All,

 

This is probably a really stupidily easy question to answer, but I have spent about a combined 8 hours getting the OpenVPN server to run on a VM in FreeNAS.

 

I finally have it up and running, network wide VPN.  Great.

 

Except, the only thing running through it is another VM Ubuntu, and that shows an IP address that is not my IP address...so I know it is working.

 

Anyone helpfully explain how I get all of my devices to run through the VPN server?  It has a static IP address and I thought turning my router towards it would be the answer, but all that does is kill my ability to access any websites.

 

Thanks in advance!

[Nano Adam]

7 minutes ago, Dravinian said:

Hi All,

 

This is probably a really stupidily easy question to answer, but I have spent about a combined 8 hours getting the OpenVPN server to run on a VM in FreeNAS.

 

I finally have it up and running, network wide VPN.  Great.

 

Except, the only thing running through it is another VM Ubuntu, and that shows an IP address that is not my IP address...so I know it is working.

 

Anyone helpfully explain how I get all of my devices to run through the VPN server?  It has a static IP address and I thought turning my router towards it would be the answer, but all that does is kill my ability to access any websites.

 

Thanks in advance!

Is there a gui for you to access or something. If not, in the Docs, there should be info on getting .ovpn files for your devices. 

 

You might have to open a port on the VM i believe so!

[Dravinian]

There is no gui, all done through terminal and code...hence the 8 hours of hard work and asking people on this site for help.

 

Opening a port isn't a bad idea, let me look into that, I am pretty sure that I did that.

I am a bit worried that it is something to do with UDP over TCP connections, as the OpenVPN works on UDP, but this is getting a bit above my head now.

[Alex Atkin UK]

What exactly are you trying to achieve here?  Is the VPN server in your LAN, if so, why would you need other LAN clients to go through it?

On the other hand if you are trying to get your whole LAN to connect to a remote VPN then each client will need its own VPN client, or some complicated rules on the router may make it work.

Generally if want to route the whole LAN through a remote VPN, this is done by having the VPN Client ON the router.

[Dravinian]

20 minutes ago, Alex Atkin UK said:

What exactly are you trying to achieve here?  Is the VPN server in your LAN, if so, why would you need other LAN clients to go through it?

On the other hand if you are trying to get your whole LAN to connect to a remote VPN then each client will need its own VPN client, or some complicated rules on the router may make it work.

Generally if want to route the whole LAN through a remote VPN, this is done by having the VPN Client ON the router.

The VPN server is running on FreeNAS in a VM on Unbuntu.

 

I know it is working, because I can connect to it via another VM on the same FreeNAS server, both before and after, and see an IP address change.

 

My understanding is, though I can't quite get the details down, is that once you have a VPN server running, you can direct your traffic through that VPN and thus avoid installing a VPN on all your devices.

 

I have like 7 devices in my house that connect to the internet, most VPN charge for that many connections, I am hoping it will be cheaper to run OpenVPN on a VM server direct all traffic through that server that thus gain the advantages of a VPN.

 

My problem is that all the guides I have read and follow, talk eloquently about setting it up, and how it will effect all your devices...but then fail to explain how to set up your devices to go through the VPN server.

 

Hence my thinking it is rather a stupidly easy question and that I am missing something here.

 

The VPN has a static IP address and I should be able to direct traffic through it, in exactly the same way that I direct traffic through Pi-Hole...but it just doesn't work.

[Dravinian]

If anyone out there knows Pi-Hole, you direct your traffic through it, that is how it excludes adverts across your network.  For this, I simply put the Pi-Hole static ip address into my router and my router went through Pi-Hole.

I just can't seem to get my traffic through the VPN.  If I send my Router to the VPN, it is fine, but my IP address doesn't change.  If there is no IP address change, then there is no VPN being applied.

 

Now the port idea earlier is one I am still working on, but I have no idea which port it will be.  When I directed Pi-Hole through the VPN, it didn't require a port, it just required that I set up the gateway4 IP address to be the VPN, rather than the .1.1 IP address of the router that it would normally be, and that worked fine, my IP address, public, for Pi-Hole changed.

 

I am missing something, it is stupidly easy and I will kick myself when I find out.

[Alex Atkin UK]

20 hours ago, Dravinian said:

The VPN server is running on FreeNAS in a VM on Unbuntu.

 

I know it is working, because I can connect to it via another VM on the same FreeNAS server, both before and after, and see an IP address change.

 

My understanding is, though I can't quite get the details down, is that once you have a VPN server running, you can direct your traffic through that VPN and thus avoid installing a VPN on all your devices.

 

I have like 7 devices in my house that connect to the internet, most VPN charge for that many connections, I am hoping it will be cheaper to run OpenVPN on a VM server direct all traffic through that server that thus gain the advantages of a VPN.

 

My problem is that all the guides I have read and follow, talk eloquently about setting it up, and how it will effect all your devices...but then fail to explain how to set up your devices to go through the VPN server.

 

Hence my thinking it is rather a stupidly easy question and that I am missing something here.

 

The VPN has a static IP address and I should be able to direct traffic through it, in exactly the same way that I direct traffic through Pi-Hole...but it just doesn't work.

I think you are misunderstanding, you use a VPN to tunnel over one network (usually public such as the Internet) to reach another network.  For privacy this is basically a method to hide your traffic from your ISP so it appears to come from the VPN provider, effectively they become your ISP so far as the rest of the Internet can see.

To share a single VPN connection over multiple clients on your own LAN, you do not need a VPN server, you need a machine/VM that is connected to the VPN and is configured for forwarding so it can act as a router to for the clients you want to go over the VPN.  Ideally your main router would support a VPN client and you would configure what LAN clients go over the VPN via policy routing on the main router, but if your router can't do this then you would setup a second router in a VM (such as pfSense) and manually set the gateway and DNS servers of your clients to point to that VM instead of your main router.

You would only need a VPN server if you are wanting devices on the Internet to connect back to your LAN, such as to access your NAS securely or in order to send THOSE over your VPN provider, rather than connecting to it directly.  That isn't that much more complicated, you'd do as I previously described but also have a VPN server configured on that second router and port forward to VPN port from your main router - so you can connect to that VPN from the Internet.

I'm not familiar with how to do that on FreeNAS though, I do all this on my main router which is pfSense.

[Dravinian]

2 minutes ago, Alex Atkin UK said:

I think you are misunderstanding, you use a VPN to tunnel over one network (usually public such as the Internet) to reach another network.  For privacy this is basically a method to hide your traffic from your ISP so it appears to come from the VPN provider, effectively they become your ISP so far as the rest of the Internet can see.

To share a single VPN connection over multiple clients on your own LAN, you do not need a VPN server, you need a machine/VM that is connected to the VPN and is configured for forwarding so it can act as a router to for the clients you want to go over the VPN.  Ideally your main router would support a VPN client and you would configure what LAN clients go over the VPN via policy routing on the main router, but if your router can't do this then you would setup a second router in a VM (such as pfSense) and manually set the gateway and DNS servers of your clients to point to that VM instead of your main router.

Yeah that is what I have done, VM on a server (i refered to server as that is how I think of it).

 

My problem is directing traffic to the VM.

 

I can't seem to get my desktop, for example, to route through the VPN.

 

I have give the desktop a static IP in the router.

I have changed the ethernet connection to be the static IP, with the gateway as the VPN virtual machine.

 

Some websites stop working, such as google, duckduckgo etc, but some still work, like this forum and Twitter.

 

When I am able to check my IP, it hasnt' changed.

 

because I know this probably raises some questions:

 

Go to network sharing, go to change adaptor, right click properties, double click on IPV4

 

Use following IP address:

IP: 123.123.123.123 - static ip I set up on router

Subnet Mask: 255.255.255.255

Gateway: 123.123.123.111 = VM VPN static ip address

 

Use following DNS:

8.8.8.8

8.8.4.4

 

I know the VPN is running, I can test it in other ways.

 

Just can't seem to get this to work.  Sorry for confusion, my vocabulary in this area is still in need of some work.

[Alex Atkin UK]

4 minutes ago, Dravinian said:

Yeah that is what I have done, VM on a server (i refered to server as that is how I think of it).

 

My problem is directing traffic to the VM.

 

I can't seem to get my desktop, for example, to route through the VPN.

 

I have give the desktop a static IP in the router.

I have changed the ethernet connection to be the static IP, with the gateway as the VPN virtual machine.

 

Some websites stop working, such as google, duckduckgo etc, but some still work, like this forum and Twitter.

 

When I am able to check my IP, it hasnt' changed.

 

because I know this probably raises some questions:

 

Go to network sharing, go to change adaptor, right click properties, double click on IPV4

 

Use following IP address:

IP: 123.123.123.123 - static ip I set up on router

Subnet Mask: 255.255.255.255

Gateway: 123.123.123.111 = VM VPN static ip address

 

Use following DNS:

8.8.8.8

8.8.4.4

 

I know the VPN is running, I can test it in other ways.

 

Just can't seem to get this to work.  Sorry for confusion, my vocabulary in this area is still in need of some work.

Ah got it, were on the same page now I think.

This will be a matter of the forwarding rules on the VM not pointing to the VPN.

[Dravinian]

1 hour ago, Alex Atkin UK said:

Ah got it, were on the same page now I think.

This will be a matter of the forwarding rules on the VM not pointing to the VPN.

I have a second VM on the same machine, but with a different IP, also static.

 

I can direct that VM to the VPN VM, when it is active, and then ping google.  No problem.  Also, the public IP for that second VM changes once it is directed through the VPN.

 

It appears that at least in some part, the VPN VM is forwarding as it should.

 

My main issue is, does the Desktop require different forwarding rules?

Also, just for my sanity....the above, changing the adaptor settings to gateway through the virtual machine IS the correct way to send my traffic through a virutal machine VPN? Because honestly, I am not even sure about that.

[Dravinian]

Ok, rebooted FreeNAS, went through the normal process, while rebooting and off, I changed my Adaptor settings.

 

Now appears to be working just fine.

What a massive pain.  Still lesson learnt, these things don't like on the fly changes.

[Dravinian]

Still all my devices are now running through the VPN, which is nice.