TrueNAS CORE: Guide to Install and Configure an Advanced NAS

In this article we are going to offer you a complete guide to configure the NAS server from scratch, you will be able to see specific configurations of how to have the storage, how to configure TrueNAS CORE in a virtual machine to perform the tests, how to configure the network, the main services such as Samba, FTP, DLNA, SSH or BitTorrent, and we will even teach you how to configure an OpenVPN server on the NAS server. One of the most interesting aspects of TrueNAS CORE is that it is based on FreeBSD, therefore, we can make use of the ZFS file system, one of the most advanced and that will provide us with the best possible data integrity.

Main features

TrueNAS CORE is the new name for the popular FreeNAS NAS-oriented operating system, an operating system that is specifically geared to function as a high-performance professional NAS server. This operating system can be installed on any x64 platform thanks to the fact that the base operating system is FreeBSD version 12. TrueNAS incorporates compatibility with a large amount of hardware, either motherboards and network cards, which are the two devices that more problems can give. The acronym NAS stands for “network attached storage”, and TrueNAS greatly facilitates the use and configuration of all the services that a NAS server should have, such as Samba server, FTP, NFS, storage with RAID, remote access via OpenVPN and much more.

The most important feature of TrueNAS CORE is the incorporation of the ZFS file system (OpenZFS), one of the most advanced, complete and fast file systems that currently exist, thanks to ZFS, we will have the best possible integrity in our data, in addition, We can configure different levels of RAID-Z to protect the information from a possible hardware problem on the disks. Of course, we can configure the disk encrypted with AES-XTS, configure the SMART to see and detect errors on the disk and be warned that there is a problem, and we can also configure reports by email on demand or when an event occurs.

TrueNAS Core incorporates a large number of services to make the most of the server hardware, specifically, we will have the following services:

• Active Directory
• LDAP
• NIS
• Kerberos
• AFP
• iSCSI
• NFS
• WebDAV
• CIFS / SMB (Samba)
• FTP (Proftpd)
• Dynamic DNS Server
• OpenVPN client
• OpenVPN server
• Rsync
• S3
• SNMP

Other extra features of this operating system are the following:

• Plugins: we can install a large amount of additional software easily and quickly
• Jails: we can create jails to store the different plugins safely and isolated from the operating system
• Virtual machines to install any OS
• BitTorrent client with Transmission
• Console access for command line

We would also like to highlight that TrueNAS CORE allows the installation of a large number of plugins almost automatically, however, we will always be able to install any software manually through SSH or by console.

Regarding the development of this operating system and its updates, one of the main aspects that we value in this article are the updates. In the case of this operating system, the project is more alive than ever with the new name change, and thanks to the IxSystems company that is behind the development of the operating system. Of course, we must bear in mind that this OS is based on FreeBSD, therefore, all the news and security patches incorporated in FreeBSD, we will also have them in TrueNAS.

Installation and commissioning

The first thing we have to do is go to the official TrueNAS Core website , and go to the download section. In this menu we will download a single ISO image for x64 computers that will allow us to easily install it via DVD or bootable USB, a very important detail is the recommended hardware requirements, since it is advisable to have at least 8GB of RAM memory, since we will have a lots of services running, and the ZFS file system itself consumes a lot of RAM if we use deduplication.

Once we have downloaded it, we can copy it to a DVD or a bootable USB that will be the most normal thing, later it would only be necessary to start it and proceed with the configuration wizard that we have available.

In this article we are going to use a virtual machine with VMware where we will add a total of 6 virtual disks, to show you how to configure the ZFS with different disks. We open VMware or any other virtualization program such as VirtualBox.

In the virtual machine configuration wizard, we are going to choose the ISO image just downloaded, we give the virtual machine a name, we indicate the size of the first disk where the operating system will be (we can put 100GB, for example). Once we finish the wizard, it is advisable to adjust the hardware parameters, the first thing we should do is put 8GB of RAM, it would also be advisable to put several processor cores to make it work faster, and, finally, we will put a total of 6 x 1TB capacity disks (virtual)

When we have everything configured, we proceed to start the operating system, and we can see the TrueNAS logo and different options, here we do not have to touch anything at all, we let a few seconds pass and it will start automatically to proceed with the installation of the operating system.

When the configuration wizard starts, we must choose the option “Install / Upgrade”, and choose the first hard disk that we have added to the virtual machine, the one with 100GB of capacity that we have by default. It will ask us that, if we want to proceed with the installation, all data will be erased, then we will have to put a root password to access the wizard, but we can also not put it. Once we have configured it, we must choose if we have UEFI or BIOS, in our case we choose BIOS, but this depends on the board of each server. Finally, it will ask us if we want to create a 16GB partition for swap on the boot device.

Once everything is installed, it will indicate that the installation has finished, and that we restart the server. Click on OK, and we exit the TrueNAS menu and proceed to restart the computer normally. Once restarted, we will get a list of basic configuration options, but we will also get the IP addresses to access the administration via web of the operating system, both with the HTTP protocol (not secure) and also the HTTPS protocol (secure).

In this basic menu by console, we can configure the network interface, the IP address, the Link Aggregation, if we have VLANs, the default route, create static routes, configure DNS, reset the root password, reset the complete configuration to factory defaults, run the console to enter commands, restart the server, and also shut down the NAS server.

Once we have the operating system installed, we will see all the available options.

General operating system options

When we enter the URL to access the operating system in our browser, we will have to enter the username and password, the user is “root” and the password is the one that we have set in the configuration wizard.

Once inside, we can see different configuration and display menus for the different parameters. For example, we will have access to information on the operating system, the characteristics and status of the CPU, RAM and also the network interface. However, when we configure the storage we can also see it, to manage it correctly.

Principal

In the main menu of the operating system we can connect to TrueCommand Cloud to monitor and manage the NAS from the cloud, this is something quite interesting optional. In the upper right we can see the status of all the processes and if everything is working correctly, the alerts we have, menus to change the password, preferences and API keys, we can also log out, restart the NAS server and even shut it down easily .

Accounts

In the “Accounts” section we can create different users and groups, assigning different groups to the same user and, of course, applying different access permissions.

System

In the “System” section we can configure the graphical user interface with different profiles, we can also change the administration port, the TLS protocols to use, the language of the graphical user interface and much more. An important detail is that, although we have the language in Spanish, the translation is not complete, so we will see many menus and configuration options in English.

In this section we will be able to configure the NTP servers, the system startup, console and GUI access options and other advanced parameters, configure the SMTP server for email, configure the system dataset (we have to create it first), the reporting we have , the alert configurations, the Cloud credentials, the SSH connections, the SSH keys, and even the internal variables (Tuneables), finally, we will also have an option to “Update”. Unlike other NAS operating systems, TrueNAS CORE update is really easy and fast, in addition, we can perform a manual update.

Finally, we can also configure and create new CAs (Certification Authority), digital certificates for the VPN server / client, configure ACME DNS, access to support and also the two-factor authentication that we have available.

Chores

In the “Tasks” section is where we can program the NAS server to perform different scheduled tasks, we can configure jobs in the Cron, we can configure scripts at the start and shutdown of the system, tasks through Rsync to synchronize folders and files, tests SMART schedules to check the health of the disks, tasks to perform ZFS snapshots periodically, replication and resilvering tasks, we can also schedule scrubbing tasks and Cloud synchronization tasks.

We will have all the repetitive tasks in this menu, in order to automate the NAS server as much as possible.

Net

In the “Network” section is where we can configure the different network interfaces, if we have several, we can also see the default route and DNS. We can also configure the DNS that we want, and even configure the default gateway. Of course, if we have several network interfaces we can easily do a Link Aggregation, adjust the MTU, and other advanced options at the network level.

Storage

The storage part is the most important of the NAS servers, this time we have the ZFS (OpenZFS) file system with the latest version. We can create different vdev configured as stripe, mirror, and different levels of RAID-Z, and we can even configure different disks as cache to speed up the reading and writing of data. Other options that we have available are the possibility of creating all the pools that we want, and all the datasets in a specific pool. Finally, we must not forget that one of the most interesting ZFS options is real-time compression, deduplication to save a lot of storage space (it consumes a lot of RAM), and also all the available ACL options and Snapshots to protect ourselves from attacks. of ransomware. Finally, we will also have the possibility to configure the encrypted disks, in this way, all our data will be encrypted.

In this article we are going to offer you a complete tutorial (below) on how to configure storage.

Directory Services

In the directory services section, we can configure the Active Directory if we have a Windows network, we can also configure LDAP, NIS and Kerberos.

Sharing

The “Sharing” section is where we can configure in detail the different protocols for sharing files and folders on the local network, we have AFP, iSCSI, NFS, WebDAV and also SAMBA, ideal for Windows environments.

However, in this section we do not find something as important as the FTP server, this is in “Services”.

Services

In the “Services” section is where we will be able to activate or deactivate the different services, and also configure whether we want them to start together with the NAS server. Of course, if we click on the pencil on the right, we will directly access its configuration. In this section we can find each and every one of the NAS services, such as file sharing over the local network and the Internet, OpenVPN both client and server, SMART, Rsync and much more.

Plugins and jails

One of the aspects that we like the most about TrueNAS is the possibility of installing plugins to increase the functionalities of the equipment. Do you want to install a Nextcloud or a Plex Media Server? You can do it very easily and quickly, you just have to click on the plugin icon, select a pool where to install all the software in a jail, and follow the configuration wizard.

Regarding jails, we must remember that FreeBSD makes use of this to store the compartmentalized software and that it does not influence the rest of the operating system, it is an implementation of virtualization at the operating system level, such as the popular Docker, but it is native from FreeBSD.

Reporting, Virtual Machines, Processes, Console and Official Guide

Other menus that we have in this operating system is the Reporting part where we will see the status of the CPU and RAM in detail, the virtual machines section, where we can install VM with complete operating systems such as Windows, possibility of seeing the TrueNAS processes, and also access the console via the system’s web and a link to the official configuration guide for this operating system.

So far we have come with our review of the main TrueNAS menus, now we are going to configure the storage and different services.

Storage configuration with ZFS

The ZFS file system is one of our favorites for NAS servers, it is designed to provide us with the best possible data integrity, and also great performance and efficiency as we have real-time compression and deduplication, so we will save a great deal storage space on our drives. Other features are that we can create multiple pools and datasets, and even snapshots natively, not like other file systems that are done via software, here in ZFS they are native thanks to their “Copy on Write” scheme.

To configure storage, the first thing we have to do is go to the “Storage / Disks” section, and here we will see all the disks that we currently have on the server. Logically, we are going to use all 1000GB disks, since the 100GB disk is the one used for the operating system. If we display the information of the disks, we can see the type of disk, manufacturer, SMART status and other typical options. We can also run an annual test, see the SMART results and also format the disks if they had information.

Once we have made sure that all the disks have been correctly recognized, we are going to create the “pools” with the disks in different configurations.

ZFS – Pools

In the «Storage / Pools» section we click on «Add» and a small configuration wizard will appear. In the next menu we will have to click on «Create new pool» which is the default option, now we click on the «Create Pool» button and we will get the name of the pool to create, and also if we want to create it encrypted (encrypted), ideal for protect all internal information.

Once we have put a name, and whether or not we want the entire pool to be encrypted, it is time to choose one or more disks that we have available.

If we click on the button «ADD VDEV» we can create a normal VDEV of data, but also of cache, log, hot spare, metadata and dedup, the most normal thing is to create a data pool, and later if we want to improve performance, create different pools of cache, log and more.

In the «Available Disks» menu is where we will have to choose the disks to later add them to the pool of virtual devices (Vdevs). Depending on the number of disks selected, we can choose a configuration mode in the “Data Vdevs” section just below. We must remember the operation of the different levels:

• STRIPE: It is a RAID0 of the chosen disks, the capacity is the sum of all the disks.
• Mirror: it is a RAID1 of the chosen disks, but we can configure more than 2 disks as a mirror.
• RAID-Z1: Allow one disk to fail, it is like RAID 5. If all disks have the same capacity, the total capacity is the sum of all disks minus the capacity of one disk.
• RAID-Z2: allows two disks to fail, it is like RAID 6. If all disks have the same capacity, the total capacity is the sum of all disks minus the capacity of two disks.
• RAID-Z3 – Allows three disks to fail.

As you can see, the configurability is quite extensive when creating different levels of RAID-Z.

Once we have created the pool, we will have the possibility to add a dataset, a zvol, and even edit certain options, configure disk quotas for users and groups, as well as create a snapshot on demand.

ZFS – Datasets

Regarding the creation of a dataset, we must bear in mind that we have two different datasets, the “filesystem” which is the default dataset and allows us to store normal files and directories, but we also have “zvol” which is a block device, to use virtual disks for virtualized environments and other uses. One of the most important parts is to enable compression by default, either with lz4 or with the new zstd compression algorithm that allows us to configure different compression levels, to have a higher compression ratio and to be slower, or whatever faster and have a lower compression ratio.

We can also configure the ZFS synchronization, as well as configure the atime, deduplication, the behavior of snapshots and many other advanced configuration options, especially at the level of ACL (Access Control Lists).

In the case of wanting to create another pool with another dataset, we can do it easily from these menus that we have shown you, we will simply add a new one with the RAID-Z level that we want and that’s it.

Before finishing with ZFS storage, our recommendation is that you configure daily snapshots, we must remember that this native ZFS feature will allow us to go back in case of deleting the files by mistake or by ransomware. In other file systems this is not possible natively, so it is done through software, in ZFS we have almost unlimited snapshots, take advantage of it.

User and group settings

The creation of users and groups in this NAS server with TrueNAS is very easy, in the groups section we can create a new group or several, with the name that we want, to later add different users to this newly created group. The most important thing is if we want all the users that belong to this group to have sudo permissions and also if samba authentication is allowed to share files on the local network.

As for the user configurations, we can configure the username and also the primary and secondary group to which it belongs, of course, we can configure the email account, the directories and permissions, the authentication, the permissions of its home, and even if we want to allow sudo and “microsoft account” authentication to use Samba without problems from Windows systems.

We can create different users with different permissions, when we are creating users, it is very important to control the issue of access permissions to the different folders.

Samba server configuration

Before configuring the Samba server, so that both Windows, Linux or MacOS computers connect, we must make sure that the dataset has “Passthrough” permissions, because it is possible that, inadvertently, we are preventing access. It is also very important to create a user with “microsoft account” permissions and allow samba authentication, as you can see in the following photos. Therefore, the Microsoft account and samba authentication should be set to “True”.

Once this is done, we go to the “Sharing” and “Windows Shares (SMB)” section. Here we will have to add the shared path, we will be able to select different preconfigured profiles, in our case we have chosen “Default Share Parameters”, we must also incorporate the path to a certain dataset that we have created, and, of course, allow or deny access as we wish.

At the Samba configuration level, this operating system is really advanced and we have hundreds of configuration options available. Once configured, we will have to activate the service manually with the changes already made. Of course, we can configure Samba with different paths to share the files.

As you can see, if we access via Samba we will be able to see all shared folders, and we will have permissions to create new folders in our own home.

FTP server configuration

The configuration of the FTP server is very simple, but we must go to the “Services / FTP” section and click on “Edit” that we have on the right. Here we can configure the FTP port, maximum number of clients, connections at the same time, login attempts and timeout, in addition, if we click on “Advanced options”, all the available options will be displayed.

We can configure the chroot in this “advanced” section, if we allow login as root, anonymous login permissions for files and directories, and even activate TLS to use FTPES. As if all this were not enough, we can also limit the bandwidth, enable the passive ports we want, the FXP protocol and we can even add advanced auxiliary parameters. We must remember that TrueNAS makes use of Proftpd, therefore, we will have all the options at our disposal.

Once the FTP is configured in a basic way, and the service started, we can easily access it, as you can see:

If we enable TLS, we can also access safely thanks to the FTPES protocol. In the case of the default configuration, we will use RSA of 2048 bits and TLS 1.3, therefore, we will have maximum security in the transfer of files, making use of AES-256-GCM which is one of the most symmetric encryption algorithms. insurance that exist today.

As you have seen, configuring the FTP server in TrueNAS CORE is really easy and fast.

DLNA Server Setup with Plex Media Server

The operating system does not incorporate a DLNA server, because it is aimed at professional environments, but we can install the popular and powerful Plex Media Server. If we go into the “Plugins” section we can click on the Plex Media Server or on the beta version, once we click on it, we can create a Jail where everything necessary for its implementation will be stored. Once we enter the name of the Jail and the configuration at the network level, we will be ready to install it.

TrueNAS CORE will automatically download and install Plex, and once it has been downloaded and installed, we will be able to access its usual configuration via the web, where we will have to put the origin of the multimedia content.

SSH server configuration

This operating system makes use of OpenSSH, therefore, we will have all the advanced configuration options of this powerful SSH server. In the graphical user interface, we can configure the access port, if we allow login as root, password authentication, Kerberos authentication, and even forward for SSH tunnels. We will also be able to configure the SFTP server, choose non-secure ciphers to never use them, and of course, we will have a section of “auxiliary parameters” where we can configure OpenSSH in detail.

OpenVPN server configuration

One of the services that we value the most in a NAS server is the incorporation of a VPN server, specifically, TrueNAS has a complete, highly configurable OpenVPN server. This will allow us to remotely access the network, or access the shared resources of the NAS safely. In the OpenVPN server configuration menu we can load the server’s certificate and also the CA’s, configure the TUN subnet that we want, the OpenVPN topology (subnet is the usual), enable the authentication, encryption and compression algorithms, as well like the possibility of configuring TLS Crypt and even additional parameters.

In other words, we have everything you need to configure the OpenVPN server in a very secure way.

The first thing we have to do is create the CA and the associated certificates, it is necessary to create a new PKI (Public Key Infrastructure). We go to the “System / CAs” section and create a new one with the RSA 2048 or higher configuration, although it is recommended that it be 4096 or use EC directly. Our recommendation is that you use secp256k1 or brainpoolp256r1 instead of RSA.

Once the CA is created, we must create a server certificate and sign it with the CA, in addition, we should also create the certificates of the VPN clients that are going to connect. The key type setting should be the same as the CA. Once we have created the certificates, it will appear in the list of configured certificates. If we have made a mistake, we will have to delete a certificate and recreate it with the new modified data.

When we have the certificates, we can choose them in the OpenVPN server configuration menu, as you can see here:

Once configured, we can click on save, and we can even download the client configuration, although our recommendation is that you follow our OpenVPN configuration tutorial to do all the PKI in Linux in detail, and later import the necessary certificates in TrueNAS, this way you will have the maximum possible security.

So far we have come with this tutorial on TrueNAS CORE, one of the best operating systems for NAS that currently exist with ZFS.