Policy based routing, Truenas, Emby and Openvpn

Hi Everyone.

I'm really hoping that I can get some help with my setup. I think I'm really close but I have a few things stopping me from getting to where I want.

Here is my setup:

  • RS4 router running Openwrt.
  • Truenas NAS with a torrent client, some file sharing applications and Emby.
  • I have Openvpn client running on Openwrt and through policy based routing I have the Truenas server going through the openvpn VPN.

Everything so far is working perfectly.

The challenge I have is I want to access Emby remotely. I would be happy to have Emby outside the VPN to make it easier to access, but I can't figure out how to route my Truenas box through Openvpn while separating the Emby server at the same time. Is this possible through policy based routing?

TL;DR: I want to have my Truenas server go through Openvpn through policy based routing on Openwrt. I also want my Emby server on the Truenas box to NOT go through Openvpn. Is there a way to do this with policy based routing?

Many thanks!

The PBR package has some built in policies for emby:

Did you try that?

Yes, thanks. Checking those do not help.

There are two things to consider here:

  • Truenas can not (for some reason) set Emby on port 8096. It has to go on port 9096. Even if I set those policies to 9096 and 9920 I still can't access Emby.
  • I worry that I'm being blocked by Openvpn. For example, I installed Plex on Truenas and no matter what, remote access will not go through.

Well I am not really surprised as the routing per port does not seem to work with fwmark (still not know why not).

For routing of a simultaneous WG server and WG client we had to revert to specific ip rules to route a source port via the WAN.

Long story short you can try the pbr.user.sport script from my repo which works in conjunction with the PBR package, see:

Thanks!

What should I look for once I install that script?

If you have tweaked the script with the right ports and installed it in pbr and restarted pbr, then you should see the sport rules if you do from command line: ip rule show

1 Like

I'd add another network interface to truenas and use one interface for all traffic you need to go thru VPN and use another interface for all the traffic of services you need on your LAN/exposed to WAN.

PS. Don't have a lot of experience with truenas, I'm sure you could add an interface, but you need to research if you can bind the relevant services to an interface first.

2 Likes