TrueNAS SCALE, no WebUI when VPN is enabled

[bedro0]

I tried playing around with port forwarding, Unfortunately TrueNAS SCALE doesn't allow port forwarding for ports 9000 and below. I tried port forwarding using router with no luck. Also WEBUI_PORT_ENV or INCOMING_PORT_ENV doesn't seem to change either of the ports they're supposed to.

Edit: Also tried to look at the routing table and removed the rule which routes 0.0.0.0 to vpn address with no luck

[bedro0]

Upon further investigation, I've found that openvpn isolates the entire system from the rest of the local network. I, however don't have enough knowledge of iptables or route commands to change that behavior. Port forwarding also fails because the vpn routes ALL the traffic to the VPN Server.

[istbarp]

Upon further investigation, I've found that openvpn isolates the entire system from the rest of the local network. I, however don't have enough knowledge of iptables or route commands to change that behavior. Port forwarding also fails because the vpn routes ALL the traffic to the VPN Server.

Hi,

I've had the exact same issue. And that's why i'm texting you. What was my problem was that i had my Lan network set to the following:

LAN_NETWORK=192.168.1.0/24

But my scope of IP's was in 192.168.50.0/24

When i recreated the docker container with this correct LAN_NETWORK variable then it solved MY issue :)

Just for anyone who stumbles upon this thread

[jonathanrbarney]

Did you ever get a fix for this @thebedro?

[bedro0]

Hi Jonathan, not a direct fix, but I found a janky workaround. I have created 3 Bash scripts that fix all of the above problems, but they need to be ran at the start of the docker every time. You need to keep these bash scripts as .sh files in one of the permanent storage folders along with your OpenVPN Configs etc.

1. apt update apt install -y nano nano /proc/sys/net/ipv6/conf/all/disable_ipv6

This script installs nano text editor and opens "/proc/sys/net/ipv6/conf/all/disable_ipv6", then you manually change the value in file to 0 and save using ctrl+x. I think I included this because of weird behavior or some error OpenVPN throws when IPv6 isnt enabled on the container.

2. openvpn --config [ovpn config file directory].conf

This one just calls to run OpenVPN. Make sure the .conf file has correct Certificate and Userpass locations so it doesnt throw an error.

3. route del -net 0.0.0.0 gw 10.9.0.1 netmask 128.0.0.0 route del -net 128.0.0.0 gw 10.9.0.1 netmask 128.0.0.0 route del -net 10.9.0.0 gw 0.0.0.0 netmask 255.255.0.0

This one clears all the routes that isolates the docker from the LAN and directs all of it to VPN server. MAKE SURE YOU HAVE CHOSEN TUN0 DEVICE AS A NETWORK INTERFACE IN QBITTORRENT CONFIG OR ALL YOUR TORRENTS ARE PAUSED WHEN YOU DO THIS.

Also make sure you change VPN_ENABLED variable to NO, because Script N2 manually calls openvpn and otherwise cause 2 instances running. Optimally you will need to mount a separate folder for these scripts and OVPN Configuration. For example I have /config/ mounted to some folder in my SMB pool, so I can access files using File Explorer. Running script N1 is as easy as typing /config/ipv6.sh in the container BASH

Also I don't know how common this is, but mullvad vpn updates config files every couple of months and older configs stop working. I have needed to download new ones from their website, edit .conf file so it reflects proper location of certificate and userpass and change routing tables in script N3 to reflect correct route addresses.

As I said, this solution is very janky and I only did this out of desperation having spent MONTHS trying to fix this. You need to run them at the start of every launch which for me only applies for maintenace shutdowns and is very infrequent.

New updates MAY have fixed the problems I was trying to solve using this method, but it would be more inconvenient to redo everything from the start rather than take 30 seconds each time.

You may only need script N3 depending on your configuration. I don't remember why I chose to run openvpn manually, but probably because it gave me a hard time otherwise. If you can set it up in a way that it automatically does all of this upon launch, be my guest. I know this is a lot, feel free to ask about anything I have missed or haven't explained well, I'll be sure to respond as soon as I can.

[bedro0]

The fix for this is to add "nobind" argument to vpn config. MAKE SURE TO MANUALLY BIND QBITTORRENT TO VPN (TUN) DEVICE THOUGH.