HowTo install and configure an freebsd / freenas iocage jail to access the whole lan (even avahi, bonjour broadcast) with openvpn in bridged mode.

Tested with Freenas 11.2-U3

This HowTo is based on this HowTo: https://www.ixsystems.com/community/resources/openvpn-in-tap-bridge-mode-in-iocage-jail.85/ extendet with the auto create script from here: https://github.com/Fazik/openvpn_auto_setup Many thanks to the authors!

ATTENTION: In version 11.2-U3 there is a known bug which should be fixed in 11.2-U4 For now heres a fix: https://www.ixsystems.com/community/threads/openvpn-issues-in-new-jails-after-11-1.59828/post-505700

Create a jail with advances properties and these parameters:

• Release (I took newest available 11.2)
• VNET enabled
• IPv4 Interface vnet0
• Fixed IP
• Default Router IP address
• Auto-start enabled
• Custom Properties -> allow_tun enabled

Install dependencies, download this repo, switch to folder and run the commmand:

pkg install git
portsnap fetch && portsnap extract
git clone https://github.com/nimoatwoodway/openvpn_auto_setup.git
cd openvpn_auto_setup

Thanks to Fazik for his script https://github.com/Fazik/openvpn_auto_setup. I've adjusted it a little to work in bridge mode.

/bin/sh openvpn_freebsd.sh [-i ] [-p ] [-u user1,user2...] [-d] [-t]

-i IP where to listen (default last)
-p Port on which listen(default 1194)
-u A list of users separated by commas(default client)
-c Duplicate cn(defaul off)
-t Use tcp(default udp)
-d Do not rebuild server keys and configs may be used to recreate or create new client keys

After successfull end You can get client config at /usr/local/etc/openvpn/$username/client.ovpn

For a goog explanation what to do here: https://www.ixsystems.com/community/resources/openvpn-in-tap-bridge-mode-in-iocage-jail.85/

vi /usr/local/etc/openvpn/server.conf

vi /usr/local/etc/openvpn/up.sh

service openvpn restart

Copy the client.ovpn from /usr/local/etc/openvpn/$username/client.ovpn and import into your prevered OpenVpn Client (Viscosity for MacOS in my case).