It took me quite some time to get TrueNAS Connect working with my OPNsense router (bare metal setup), which uses Unbound as DNS resolver. Therefore I am writing this up, so that others may benefit from my experience as well. Please note that this is based on MY experience and other folks’ experiences may vary.
The Getting Started with TrueNAS Connect tutorial at is rather vague about connection problems (section “Why won’t my NAS connect after registering?”), essentially it just advises to whitelist the “domain”.
In my case I have one single local TrueNAS system (25.10.3, see signature for specifics) that I want to use with TrueNAS Connect and there are two domains/hostnames that need special treatment:
- TrueNAS Connect uses a hostname like <local_ip_address_text>.<some_long_key>.truenas.direct to let the remote server resolve this hostname to the local ip address of the TrueNAS system.
- It also has a separate heartbeat mechanism that uses a hostname like heartbeat-service.tys1.truenasconnect.net
In principle this is a potential security risk, since this allows remote websites to access or embed local servers. Therefore OPNsense (and many other routers) use rebinding protection to block this behavior. So we need to bypass this block for the TrueNAS Connect service in the following way:
- In OPNsense go to Services → Unbound DNS → Advanced
- Re. 1: Add “truenas.direct” (without quotation marks) to the field “Private Domains”. Press “Enter” to have your entry registered.
- In the same field ("Private Domains) add “truenasconnect.net” (without quotation marks) and press “Enter” to have your entry registered.
- Click the “Apply” button on the bottom and finally click the “Restart” icon on the top left to restart the Unbound service.
Once this is done, one your local client that runs the TrueNAS Connect website, flush your local DNS cache (e.g. in Windows with “ipconfig /flushdns” entered into a Command Window) and (re)-load the TrueNAS Connect website. You may need to do a “force reload” with F5 or Ctrl-F5 to ensure that the browser cache is bypassed and new data is loaded.
This was all I had to do to get things working (though it took a while to figure this out).
Please note:
- This setup should also work, if you have multiple TrueNAS systems, since they likely will all use subdomains of truenas.direct and truenasconnect.net and the “Private Domains” entry covers all subdomains of the entered domains.
- For other routers or other DNS resolvers that have a comparable feature set, the setup should be similar. While you might be able to disable rebinding protection on a global basis on your router, I wouldn’t recommmend that for security reasons.