OpenVPN server active with VPN connection - routing router via the VPN tunnel
OpenVPN server active with VPN connection - routing router via the VPN tunnel
Hi Everyone, This seems like a pretty straightforward issue, but I've invested around eight hours setting up the OpenVPN server on a VM in FreeNAS. It's finally working with network-wide VPN access. Except, the only traffic passing through is another Ubuntu VM, which displays an IP address different from mine—so I’m confident it’s functioning. Could anyone clarify how to route all my devices through this VPN server? I have a static IP and tried pointing my router at it, but it blocks me from websites. Thanks ahead!
The process was completed entirely via terminal and code, without any graphical interface. This required about eight hours of effort and several requests for assistance from the community. Opening a port seems like a reasonable step, so I’ll explore it further—I’m confident I’ve done that. I’m a bit concerned it might relate to UDP over TCP connections, since OpenVPN uses UDP, but this is becoming a bit confusing.
You're clarifying your goals and the setup requirements. Are you looking to understand why a VPN server might be part of your LAN, and how multiple clients interact with it? On one hand, if you have a separate LAN client for each device, you may need additional rules or configurations. On the other hand, for full remote connectivity, each device would require its own client or specific router settings to work properly. Generally, routing the entire LAN through a remote VPN is achieved by placing the VPN client on the router.
The VPN server is hosted on FreeNAS inside a VM running on Unbuntu. I’m confident it’s functioning because I can access it from another VM on the same FreeNAS machine, both before and after, noticing an IP change. My idea is that once you have a working VPN, you can route all your traffic through it, eliminating the need to install VPN software on every device. I have around seven devices connected to the internet, and most VPN services charge based on the number of connections. I’m hoping this setup will be more cost-effective. However, the guides I’ve read seem to focus on configuration steps but don’t clearly explain how to configure individual devices to use the VPN server. My concern is that setting this up might be simpler than it appears, and I feel I’m missing a key detail. The VPN uses a fixed IP address, so I expect traffic to be directed through it similarly to how Pi-Hole works—yet it doesn’t work as expected.
If anyone out there knows Pi-Hole, you direct your traffic through it, that is how it excludes adverts across your network. For this, I simply put the Pi-Hole static ip address into my router and my router went through Pi-Hole. I just can't seem to get my traffic through the VPN. If I send my Router to the VPN, it is fine, but my IP address doesn't change. If there is no IP address change, then there is no VPN being applied. Now the port idea earlier is one I am still working on, but I have no idea which port it will be. When I directed Pi-Hole through the VPN, it didn't require a port, it just required that I set up the gateway4 IP address to be the VPN, rather than the .1.1 IP address of the router that it would normally be, and that worked fine, my IP address, public, for Pi-Hole changed. I am missing something, it is stupidly easy and I will kick myself when I find out.
I think you are misunderstanding, you use a VPN to tunnel over one network (usually public such as the Internet) to reach another network. For privacy this is basically a method to hide your traffic from your ISP so it appears to come from the VPN provider, effectively they become your ISP so far as the rest of the Internet can see. To share a single VPN connection over multiple clients on your own LAN, you do not need a VPN server, you need a machine/VM that is connected to the VPN and is configured for forwarding so it can act as a router to for the clients you want to go over the VPN. Ideally your main router would support a VPN client and you would configure what LAN clients go over the VPN via policy routing on the main router, but if your router can't do this then you would setup a second router in a VM (such as pfSense) and manually set the gateway and DNS servers of your clients to point to that VM instead of your main router. You would only need a VPN server if you are wanting devices on the Internet to connect back to your LAN, such as to access your NAS securely or in order to send THOSE over your VPN provider, rather than connecting to it directly. That isn't that much more complicated, you'd do as I previously described but also have a VPN server configured on that second router and port forward to VPN port from your main router - so you can connect to that VPN from the Internet. I'm not familiar with how to do that on FreeNAS though, I do all this on my main router which is pfSense.
I've set up a VM on a server, which I understand as my usual setup. The main issue is sending traffic to that VM correctly. My desktop has a static IP assigned through the router, and I've switched the Ethernet connection to use that static IP with the gateway acting as the VPN host. Some sites like Google or DuckDuckGo stop working, but others such as this forum and Twitter remain functional. When I verify my IP address, it hasn't changed. This raises questions: Should I go to network sharing, adjust adapter settings, double-click IPV4, and input the static IP? I also set up a DNS using 8.8.8.8 and 8.8.4.4. Despite knowing the VPN is active, I'm having trouble getting it to function properly. My language in this area still needs improvement.
I have another VM on the same device with a fixed IP address. I can route that VM to the VPN server when it’s online, and then test connectivity to Google. That works fine. Also, the external IP for that second VM updates once it’s connected via the VPN. It seems the VPN server is handling traffic correctly in some areas. My concern is whether the Desktop needs special routing rules. Additionally, just for clarity, does the Desktop require unique forwarding settings? Also, for my understanding, changing the adapter to a gateway through the virtual machine is the proper method to send traffic through a VM-based VPN?