NethServer Version: 7.6.1810
Module: nethserver-openvpn
Hi there,
after successfully getting a lot of services up and running, I wanted to install and configure the openvpn roadwarrior.
Server
- KVM server from netcup (provider)
- eth0 on green which has the public ip of the server
Nethserver
# db networks show
eth0=ethernet
FwInBandwidth=
FwOutBandwidth=
bootproto=none
gateway=37.xxx.xxx.1
ipaddr=37.xxx.xxx.xxx
netmask=255.255.252.0
role=green
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway.netcup. 0.0.0.0 UG 0 0 0 eth0
37.xxx.xxx.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
Wanted OpenVPN roadwarrior configuration
- Use username, password and certificate
- Routed mode: 192.168.160.0/24
- Enable LZO
- Push all static routes
DHCP options: empty
Connection parameters:
- public host: mydomain.tld
- UDP port: 1194
Problem description
When clicking on “SUBMIT”, the server is unresponsive.
The server/network is not not reachable any more.
That’s it. I had similar problems trying to use AD in the first run - now I am using LDAP which will not create a bridge.
Solution
I will post the solution here. I think, this might be a misconfiguration in routing?!
[UPDATE 2019-05-19][SOLVED]
The problem was that I only had one nic and this was configured to green (which is a security flaw and firewall could not work in this case! OMG.).
So I created a new virtual nic eth0.1 as vlan with an IP number +1 over eth0 under Configuration->Network.
I gave wanted eth0 the public ip:
db networks setprop eth0 ipaddr 37.xxx.xxx.xx5 role red
db networks setprop eth0.1 ipaddr 37.xxx.xxx.xx6 role green
signal-event interface-update
#db networks show
eth0=ethernet
bootproto=none
gateway=37.xxx.xxx.1
ipaddr=37.xxx.xxx.35 <- Public IP
netmask=255.255.252.0
role=red
eth0.1=vlan
bootproto=none
gateway=37.xxx.xxx.1
ipaddr=37.xxx.xxx.36 <- Vlan
netmask=255.255.252.0
role=green
I rebooted the server.
Then I configured openvpn roadwarrior and everything was OK!
red1=provider
interface=eth0
weight=1
Thanks for your appreciated help.
Thanks Ralf.
Weird
Cheers
Axel