Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Newbie needing access to his home Free NAS Server

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 8.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      soulwise
      last edited by

      Hello

      I posted this problem in the romanian support sub-forum ( my native language )but got no response until now so… here it goes.
      I invested in a special HTPC with one Intel D510 Atom proccessor, 2 GB of RAM , 2 GigE network cards and so on. If necessary i can give you all the specs.
      I got it working and i am verry happy with this amazing software. The problem is me...
      Essentialy my problem is this:

      I work as a creative copywriter for a local resseler of computer parts and i have a ton of media, photo and written material stored on my FreeNAS Server at home (specs available if needed) that i must have access at all times from everywhere i go.I have a 10 MB/s connection from work to my home and soon i will upgrade for a GB connection so speed is not such a big problem.
      No matter what i try to do (for two weeks now) two problems are allways present.

      One:  I can NOT acces my Free NAS server from outside my home network. I tried configuring VPN, forward ports but i think i am unable to comprehend the protocols and dependencies involved. No networking experience here, at all... so i look probably like a fool for wanting a PF Sense server but hey.. is something that i wanted to do for a very long time and learn about with your help ofcourse.

      Two: Squid runs for a limited amount of time and then shuts down. After that i must reinstall the package to get things going again, a restart of the service does not do it.
              Squid 3 does not show as a running service with or without squid installed.

      My setup is basically this

      Internet-> WAN on pFSense server ( V2.1) ->Lan side of the pFSense-> Wan on Asus RT N56U router in AP mode -> Free NAS (V9.1.1) and other PC's and wireless devices on 2.4 and

      5 GHz band.

      Please, help. :)
      I have little to no experience in networking.
      I must gain acces asap to my FreeNAS Server at home. I previously used to put that server in the DMZ of my asus router and use my home static IP, user and password to login and transfer files with Total Commander.
      In your response, please presume that we are departing from a fresh install of PF Sense 2.1.

      Hope i explained everything well enough, if not please adwise.
      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        Firstly, with pfSense as your firewall router you do not need to have any WAN/routing on the Asus AP. You say the the Asus AP is just in AP mode, but then you also say the pfSense LAN is connected to the Asus WAN - that contradicts itself and is pretty sure to be the reason you can't get through the laters of routing back to your FreeNAS.
        I suggest:
        a) Make sure Asus device is really in just AP mode, and disable any DHCP server it might be running - use it just as a WiFi AP on your LAN.
        b) You can use the 4 lan ports of the Asus as a little switch on your network - connect whatever you like, including pfSense LAN port, FreeNAS server and another switch with other private LAN devices.
        c) Give the pfSense LAN interface a private IP address like you have been using in your LAN already - e.g. 192.168.42.1/24 (for this example, your other devices might be Asus WiFi webGUI on 192.168.42.2/24, FreeNAS server on 192.168.42.3/24 …)
        d) Enable DHCP Server on pfSense LAN. Give out some range of IPs to clients - e.g. 192.168.42.100-199 - clients that connect to the WiFi will ask for DHCP and pfSense with give it to them.

        It is probably best that you OpenVPN in to connect to your NAS server. If you want to just connect from your own laptop from remote places, then setup a RoadWarrior-style OpenVPN server. Get the config off it using OpenVPN Client Export Package and install to the laptop.
        If you want a permanent connection from the office as a whole, then setup a site-to-site OpenVPN link from the office to home - home and office subnets need to be different private subnets and hopefully you have pfSense at the office also, to make it very easy.
        Or, setup both if you want the office connection and the RoadWarrior also.
        Let us know what help you need setting up the OpenVPN and...

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          soulwise
          last edited by

          Hello again  :)

          First, thank you for your reply.

          a)When i say WAN on the Asus Router i refer to it strictly as a physical port not as his default function ( Rj 45 ports on the device are color coded, the WAN one is gray ) and Yes it runs in Ap mode,( nu dhcp server enabled on that device) i made sure of that from the first time.

          b) All the other devices connected to the ASUS AP via cable and wireless receive IP's from the PFSense server, therefore is logical to assume that DHCP service on PF Sense runs very well. All the PC's and other devices have their own static ip's assigned by PF Sense and they are visible in the PF sense interface. I even enabled the WOL function for two of my devices. However, i can make use of that function only from my LAN.
          c) The PF sense Lan Interface already is setup with the previous private IP adress that my router had until i tranformed it in AP

          I want to connect to my Free NAS server only when i need to.
          Please explain step by step how to config a "Road Warrior-style OpenVPN Server". I tried to configure such a link and failed numerous times. What windows software can i install for the connection to work and how to export and apply the settings on the remote machine/s used to access a Open VPN Server?

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            a) Make an Internal Certificate Authority - System->Cert Manager, add like screen shot 1
            b) Make an internal server certificate - Certificates tab, add, fill in like screen shot 2
            c) Make an OpenVPN server - VPN->OpenVPN, Server, add like screen shot 3 - give it some separate private network in tunnel network, and local network is your LAN subnet.
            d) System->Packages - install OpenVPN Client Export Utility package.
            e) System->User Manager - add a user (you) with a good password and a user certificate.
            e) VPN->OpenVPN, Client Export tab - export a client, I select "Management Interface OpenVPN Manager", it lets you install as admin, but actually connect from a normal Windows user account. And 2.3-x86 indows Installer. You need to pick a way for it to know your public IP - if you have a static public IP then you can use the WAN interface address, if not then you need to have a dynamic DNS name that resolves on the public internet to your current public IP - another topic if you need that and don't know how.
            f) Install the client on your PC from an admin account, start OpenVPN Manager from any account and connect.

            Edit: extra thing - add a Firewall rule on WAN to pass source any, destination WAN address port 1194 (or whatever port you pick for OpenVPN server)

            01-Make-CA.png
            01-Make-CA.png_thumb
            02-Make-server-certificate.png
            02-Make-server-certificate.png_thumb
            03-RW-Server.png
            03-RW-Server.png_thumb
            04-User-Certificate.png
            04-User-Certificate.png_thumb

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • S
              soulwise
              last edited by

              Thank you very much. I tried all of the steps and i almost got it… some connectivity problems but the problem is again .. me :)).
              I will retrace my steps and do it all over again. Victory will be mine!!
              Have a good day dear sir, you helped me a lot!

              Thank You!
              -soulwise-

              1 Reply Last reply Reply Quote 0
              • S
                soulwise
                last edited by

                I finally got it!
                The Certificates part was a little bit tough and i was not using the right CA for the first few trials but i nailed it, got access to my home lan.

                Now, another question :).
                I noticed no connection to he Internet while i was connected through my Open VPN connection …
                I want if possible to have internet access while connected...
                Can you help me with that?
                Please ? :)

                1 Reply Last reply Reply Quote 0
                • P
                  phil.davis
                  last edited by

                  If you accidentally selected "Force all client generated traffic through the tunnel" on your Road Warrior server settings, then that will likely be the problem.
                  Another possible issue is if your home subnet and the place you are connecting from have the same (or overlapping) IP subnets - the most common case is that home is 192.168.1.0/24 and you are connecting in from a friend's house, internet cafe etc that is also 192.168.1.0/24. Always make your home subnet something more obscure, I pick a piece of 10.0.0.0/8 e.g. 10.178.23.0/24 (178 and 23 just popped out of my head randomly).
                  Otherwise, do a "route print" on your laptop (if Windows client) and see where the default route (0.0.0.0) is pointing.

                  05-Redirect.png
                  05-Redirect.png_thumb

                  As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                  If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                  1 Reply Last reply Reply Quote 0
                  • S
                    soulwise
                    last edited by

                    Indeed, i selected "Force all client generated traffic through the tunnel".
                    I unchecked that, saved settings, selected another IP Range for my home subnet and saved again and for good measure i rebooted the server then i exported another certificate for windows and applied it.
                    No result until now but there must be a solution.
                    Never mind, thank you for your help and have a great day.
                    At least i know where to look. :)
                    I think i must define a rule in my firewall…

                    1 Reply Last reply Reply Quote 0
                    • I
                      irs
                      last edited by

                      have you figure out the problem can you explain what you have done to get the freenas under openvpn running as i am unable to access my nas under openvpn though i can run my dvr and printer remotely but no way for my nas4free

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.