Adding a Virtual Private Network (VPN) connection to any system, including a TrueNAS jail, is critically important to protect your privacy.Â A VPN will mask your identify and location from those on the internet by ‘faking’ your location elsewhere. This This TrueNAS: Add VPN Connection to a Jail article will show you how to download, install the OpenVPN software, configure the software for the VPN location you desire, setup the proper network connections, and then test to ensure the connection is working all within a TrueNAS jail. In this case, the article will be using Private Internet Access (PIA) as an example VPN provider, however you should be able to follow the same process for other providers. There is also an option to install a VPN kill switch (shuts down network traffic if you disconnect from the VPN). This article assumes that you already have a TrueNAS system up and running and have already setup the TrueNAS jail in which you want to include an OpenVPN connection.
To start this TrueNAS: Add VPN Connection to a Jail article, we need to install the OpenVPN software, which is the type of connection you will have to your VPN . You will need to get to the command prompt for your jail. First we will install a couple of programs we will need – nano, a text editor, and wget to download the necessary config files and to test the connection. You can install these programs with the following command:
pkg install nano wget
Now we will need to ensure we are using the latest package distribution to ensure we are getting OpenVPN v2.5.0 (or later). We will need to edit your pkg config file with the following command:
you will see a line in the file that looks like this:
and you will need to replace the word “quarterly” with “latest” so that the line looks like this:
Save the file and exit and then we will now install OpenVPN with the following command:
pkg install openvpn
If for some reason you get a message like: “No Packages Available to Install Have Been Found in the Repositories”, you can read this article for instructions on how to move past it: FreeNAS: No Packages Available to Install Have Been Found in the Repositories
As noted, this article will use Private Internet Access (PIA) as an example for configuration, but you can use the same process for other VPN providers, just download their OpenVPN files instead.
Lets start by creating a directory for the OpenVPN software:
Next we will need to create a file to store our login credentials for the VPN provider. The following command will open the nano text editor for a blank file in which you should put your VPN username on the first line and your VPN password on the second line:
Alternatively you can create this file with the following two commands where [username] and [password] are your VPN username and password respectively:
echo [username] > /usr/local/etc/openvpn/auth.txt
echo [password] >> /usr/local/etc/openvpn/auth.txt
As this file contains your username and password, we will next need to change the security on it to make it only accessible to those that need it with the following command:
chmod 0600 /usr/local/etc/openvpn/auth.txt
Now we create a temporary directory to download all the VPN information into with the following command:
And then we will download the VPN configuration files (in this case for PIA) with the following commands:
Now if you do an
ls in this directory you will see a bunch of files with different country, city and region names. This is the OpenVPN connection information for servers in those countries. Select which city or region you want to connect to and copy that file to the OpenVPN directory as the default config file (this example uses Denmark):
cp Denmark.ovpn /usr/local/etc/openvpn/openvpn.conf
You will now need to add the following lines to the bottom of the files you just copied in order to have the VPN connection start automatically when the jail boots.
# Automatic login (PIA credentials)
Use the nano text editor with the following command:
Now that everything is configured, we can enable OpenVPN and begin to use the VPN connection.
Set OpenVPN to start automatically by using the following commands:
If you want to manually start your VPN instead, you can use
There is one last step however before the VPN is ready to run. Quit the jail shell. Shut down the jail. Go to the overall TrueNAS shell (for the whole TrueNas system, accessed from the menu in the web interface on the left hand side) and enter the following, where [jailname] is the name of the jail in which you have just installed and configured OpenVPN:
iocage set allow_tun=1 [jailname]
Now, you will need to reboot the entire TrueNAS server. Yes, the whole physical machine. Yes, this is a real pain.
Testing the VPN Connection
Once the TrueNAS server comes back up after its reboot, enter your jail with and test to see if the VPN connection is working by using the following command:
wget -qO - http://wtfismyip.com/text
If the result of this command in an IP address different from your ISP’s IP, then you are good and the VPN is working!
So that’s it, you’ve completed this TrueNAS: Add VPN Connection to a Jail article and your VPN in your jail should be up and running!
Login Script on Enter Jail Shell
I setup a quick script to show my public IP every time I log into the shell so that I can be sure my VPN is still connected. It’s a simple process I’ve described in my TrueNAS: Run Script on Startup Run MOTD script article.
VPN Kill Switch
I have not yet tested this out, but you can add a VPN kill switch which would disconnect you from the internet if your VPN disconnects and is no longer protecting you. The following link contains directions for this kill switch (as well as much of the content for the creation of this article):