Excuse me, I am obviously incompetent. When I am logged into the NS via ssh as root, of cource I can ping everything. From my ouside PC I still can not. No router, no Google, only the nethserver at home.
I am not using squid and there are no such log files listed in the server manager.
Your gateway must be wrong in the client configurations. That is really awkward.
I use a Fritzbox, which should be a name to anyone in Germany.
Tell me what to look for, please.
I’m sorry, but I can’t figure out your problem.
I connect via openvpn in the evening when I’m at home, I never had problems.
Could you please sen me the output of config show openvpn@host-to-net so that I can reproduce your setup?
Thank you.
There you go.
Hi, I think You should try this scenario for checking conectivity:
-check routes on vpn client pc and nethserver:
route
-check if dns works:
ping 188.226.251.154 what response?
ping nethserver.org what response?
-check where ping goes:
mtr nethserver.org
mtr188.226.251.154
-check sysctl net.ipv4.ip_forward gives You “1”
Maybe solution is bridged insteed of routed mode on nethserver if You have only one NIC but i didn’t check that.
But it seems the problem is similar to my problem from my forgotten post:
diagnose: GUI is not creating rules properly or I miss something, any help very appreciated.
Try to post output from:
shorewall show (the ovpn2net chain and related)
Bug found, thank you for your help.
You can fix it now, I will release an update tomorrow.
Run:
cp -p /etc/e-smith/templates/etc/openvpn/host-to-net.conf/00template_vars /etc/e-smith/templates/etc/shorewall/policy/
expand-template /etc/shorewall/policy
shorewall restartI don’t think I quit understood. But I will try anyway.
I did the following:
0% of success. 
Steps 6-8 were not necessary, you should have had it working after shorewall restart without disconnecting.
Now I’m completely lost. Could you please post /etc/shorewall/policy?
Here you go.
Chain ovpn2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1580 101K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* RULE#2 */
Everything seems in order.
Can you show the output of traceroute/tracert to 8.8.8.8?
Did it. Results as expected. Sorry, it’s in german, but you will get the gist.
Would it be possible to let me connect to your server and test the vpn?
Definitely. I did PM you.
The problem is that the system has only a green interface. OpenVPN needs a green+red two interfaces system to masquerade traffic going to the internet.
We could probably add masq for the openvpn network, but I’m not sure it could be automated.
I added the necessary iptables config line. Checking again if it exists. Then restarting shorewall
[root@nessie ~]# tail -1 /etc/shorewall/started
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
[root@nessie ~]# shorewall restart
Then reconnecting to the VPN but no success. Still no route out of the server. 
I checked to see if the routes are added in /etc/openvpn/host-to-net.conf.
push "dhcp-option DOMAIN example.org"
push "dhcp-option DNS 10.0.0.1"
push "dhcp-option WINS 10.0.0.1"
push "dhcp-option NBDD 10.0.0.1"
push "dhcp-option NBT 2"
push "route 192.168.1.0 255.255.255.0"
It is there. Dead end, too.
(of course it does not say example.org 
)
How do I tell which config is active?
I aggree that it must have something to do with the single NIC. However, that is the classic case with running an openvpn on a RasPi. It is possible.