Hello!
I am currently playing with openvpn, but as soon as my tunnel stands, I have no more Internet access from the client.
Can it be that there is still a problem?
The tunnel is built properly, but nothing goes …
No more name resolution, no access to nix …
greetings
Does the Nethserver have not DNS resolution? Or is it the workstations behind the server?
What IP address does the Nethserver do the DNS resolution against? And what IP address do the workstations resolve DNS against?
Hi Gerald, do you use bridged or routed mode?
I tried bridged mode with NS7 and it worked perfectly.
Routed mode I didn’t proof yet.
I’m using the bridged mode.
What do your adapter settings show?
If you are on windows they should show something like this:
The IPv4-DNS-Server is the IP of the NS.
All assuming your client is on windows. Is it?
No, xubuntu as client.
Here times the excerpt from the network adjustment looks everything so far completely .
Basic machine data:
IP Nethserver 192.168.1.10
DNS 192.168.1.10
DHCP 192.168.1.20 - 70
OPENVPN - Range 192.168.1.80 - 100
Hi Gerald,
can you ping your DNS server (192.168.1.10)?
If yes, can you resolve Domains using this DNS server? In windows you use nslookup for this like this:
nslookup
Standardserver: dnsserver.com
Address: 10.11.12.13
> server 192.168.1.10
Standardserver: [192.168.1.10]
Address: 192.168.1.10
> myserver.de
Server: [192.168.1.10]
Address: 192.168.1.10
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an [192.168.1.10].
In the example above the query failed!
@gerald_FS are you on NS6 or NS7. If you’re on V7, can you please tell me if the tap devie was joined automatically to the bridge (brctl show)?
I’m asking, because I had the issue, that on V7 the tap-device was not up and not joined to the bridge after installation.
Here is the result of the query concerning the bridge
[root@openzwo ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.d0509957fab6 no enp3s0
vb-nsdc
So my local computer I can all ping, externally nothing.
Many greetings
Same problem as me. No TAP-device.
Please try to do: ifconfig tap0 up and then brctl addif br0 tap0 after that tap0 should be joined to br0.
Try your vpn again if it works now.
[root@openzwo ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.523f1478faea no enp3s0
tap0
vb-nsdc
So now your proposal has executed, everything has worked - but suffers a great success.
It just does not make a name resolution.
We still have some time until the final version comes 
Would be otherwise boring …
Can the firewall possibly with pure spark?
I just recognized the picture of your networkpanel.
There is no red interface. Are you trying to establish a vpn from your local lan to a vm with only 1 nic?
I’m never tried that, but I think that’s not possible.
If there is a red interface and you just cut the picture that way, please forgive me.
I’m sorry, but I had the same and for me it worked, but my client is on win10.
Unfortunately I can’t help with xubuntu.
There are other more competent guys than me in this great community. 
I’m sure one of them will help you. Please have some patience. 
Indeed this command fixes the problem, but OpenVPN should do it automatically.
Try to execute a dns query and look if it has been blocked in /var/log/firewall.log.
Anyway, the preferred mode for using the VPN is in routed mode: much simpler and much less troubles 
Good Morning!
Thank’s for the Tipps!
I have now changed the mode to routed times, but no change.
Here the excerpt from the log file, sobal I from the client a page anping blocks the firewall.
Also internally no namesauflösung, pinge I erine IP on it works …
Will a system with 2 NICs be required to use OpenVPN?
Greetings, from bitter cold Bavaria.
Firewall log!
Nov 29 09:30:56 openzwo kernel: Shorewall:net2fw:DROP:IN=br0 OUT= MAC=d0:50:99:57:fa:b6:08:96:d7:07:88:ff:08:00 SRC=93.190.143.49 DST=192.168.1.10 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=20451 PROTO=TCP SPT=52987 DPT=46643 WINDOW=1024 RES=0x00 SYN URGP=0
Hi Gerald,
OpenVPN is ment to give a remote computer access from a public network (internet) to your lokal network. VPN requiers a red NIC with port 1194 (standard) and a public IP and, in bridged mode, a green nic with bridge TAP-device, so the tunnel is build from red to green. Your remote computer get an privat IP from DHCP, in your case 192.168.1.80. I have only one idea to use VPN with 1 NIC: if you want to reach a standalone machine which is connected to a public network, but in this case your NIC should better be red.
I’m not far from you, at the lake contance. It’s bitter cold here to 
No unfortunately still not!
I now have two network cards in the system (red & green), but still the same sympthome.
The client does not get a name resolution.
greetings
Gerald
PS: I now had some problems with the Sogo and SambaDC and they were more important.
Hello everybody!
So the problem with the missing bridge still exists.
I have the system rebuilt on two network types (red and green), and with the active VPN connection I have no DNS service on the Windows machine.
The dial-in works very well and I use routed mode.
`[root@jagerbox cur]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.76d31f8079f1 no enp3s0
vb-nsdc
[root@jagerbox cur]#
`
Good Morning!
I have a night deal still, and zwart if I externally with OpenVPN select everything works.
As soon as I am in the green net the name resolution does not go.
I wish you all a happy and especially peaceful Christmas festival in 2017!
Gerald
I’m trying to reproduce your problem, but it seems hard.
Could you please share with me the output of config show openvpn@host-to-net ?