How to make a NAS an OpenVPN client?

DominikHoffmann · January 6, 2025, 3:38pm

How can I implement an OpenVPN client on a NAS? I want to be able to set one up for a client and have it make a connection to my client network. Earlier TrueNAS versions had a client built in, but it was removed, when TrueNAS SCALE 23.10 (Cobia) was released. I am running 24.10.1 (Electric Eel).

itsharryshelton · January 6, 2025, 5:48pm

You could use Tailscale, that is an official app on TrueNAS.

Or if you want to use OpenVPN, you’d need to make a custom app or use something like Portainer or Dockge, and host a your own docker version of OpenVPN

Couple methods you could use:
https://openvpn.net/as-docs/docker.html#sign-in-as-an-administrator

https://hub.docker.com/r/dperson/openvpn-client

However, I’m not a biggest fan of having a NAS work as VPN server (personal opinion) as well, I don’t know how powerful your NAS is/how many users/what bandwidth we are talking here - but sometimes having a dedicated host for a VPN or running via your firewall (such as OpenVPN on a pfsense) is easier to manage and maintain in the long run.

Stux · January 7, 2025, 4:24pm

FWIW,

If you have a PFsense or OPNsense install you can run OpenVPN client there…

And you can run PFsense/OPNsense as a VM on TrueNAS if you want.

I wouldn’t recommend this approach just to get an OpenVPN client though, but it is an interesting option that you may not have considered.

DominikHoffmann · January 7, 2025, 4:54pm

Thanks very much for the pointers!

I am looking to make the low-cost 2-drive NAS at a client’s home an OpenVPN client to my OpenVPN server hosted by a pfSense router. The purpose is to be able to administer it for the client without having to be there.

The configuration I am looking to use is not very powerful, and community opinion was that running containers or VMs on that hardware was not going to work well.

I may just open a port and forward it to the ssh port on the NAS, in order to have remote access to the GUI.

Stux · January 7, 2025, 4:57pm

This does seem like the type of thing Tailscale excels at.

itsharryshelton · January 8, 2025, 10:06am

Not something I’d agree with, unless you’ve locked down the port to a certain external static IP of somewhere else, having an SSH port open to your server is asking for trouble

DominikHoffmann · January 8, 2025, 2:46pm

I totally agree with you. Requiring the ssh access request to come from my address is what I will do, and I also only allow public-key authentication.