Feedback on New OpenVPN tunnels

You will have one server for each tunnel, plus the roadwarrior server.
This allows the administrator to have multiple configurations for different scenarios. :wink:

Am i correct if I suppose multiple UDP ports?
This should mean that every tunnel is independent and can be fully managed with no interference to other services/tunnel…

Yes, every server has its own UDP/TCP port as you can see from the screenshots.

That’s a great news! Thanks @giacomo for sharing. I’d like to involve also
@harry @EddieA @Hunv @ssabbath @bwdjames @flatspin @AZChas @dz00te @WillZen @Jclendineng @jackyes @buddha @Adam and the amazing @ambassadors_group

great! Will be really helpful for future business developments.

Forgive me for the boorish, but since you find us, multiple roadwarrior?
Translated did not come very well, original would be
"Perdona la cafonata, ma visto che ti ci trovi…:innocent:"

1 Like

You could use the tunnel server as roadwarrior server, the only limitation in this scenario is the authentication which is psk-only.

Wow man, this is just fantastic! Farewell IPSEC forever!

Your narrative is hilarious too! :smiley:

ONE NETHSERVER TO RULE THEM ALL!!!

2 Likes

@giacomo great work!
Really useful.

Paolo

1 Like

Very nice guide, feature.
I just started to use Nethserver recently, so far i like it.

What i also like is that things are improved and updated constantly.

Good job Nethserver team & community.
I will be using Nethserver from now on more and more.
Thanks for making a great product and I hope you keep it free, as much as possible.

4 Likes

Not so soon man… L2TP is available on every mobile OS. IPSec will last a long time anyway…

Thanks for all your love guys, anyway I guess that @giacomo is looking for a valuable feedback. I ask you to look through the proposal and tell us

  • Are we taking the right path?
  • Do you see any issue in the implementation suggested?
  • Can we improve it somehow?

As Giacomo said, fix things BEFORE is better than fix them AFTER

OpenVPN is in the best ones tho! :stuck_out_tongue:

I´m just saying for me, only cenarios i used IPSEC was to conect Mordor do Bard-dur, soooo that being handled by OpenVPN, byebye ipsec :smiley:

BTW @giacomo and @alefattorini i will test it out maybe next month, and for sure i will give you guys a feedback! :slight_smile:

2 Likes

Everything ready for test, enjoy!

I will give particular attention to the first test case: update existing installations and check that nothing breaks!

2 Likes

@quality_team and all people interested in the VPN module.
It’s time to help now! Feel free to ask and follow that
Let’s test!

I’d like to involve some Firewall experts too: @islipfd19 @jitkian @dnutan @Hunv @firsttiger @ssabbath @kolli_vasu @m.traeumner @Imre_Bertalan @ssabbath

By design… no NAT on tunnels?
Even for Roadwarrior server?

Could you please explain a little your needs?

Maybe are you referring to --client-nat OpenVPN option (https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage)?

Proof of concept, more than effective needs…

Assuming Green Lan 1 192.168.10.0/24, and Lan2 192.168.20.0/24.

Assuming than Lan2 needs only few services on LAN1, just like an FTP Server, a DB server, a Printer server and an Application Server, which are on different IP addresses on Lan1.

With NAT on OpenVPN, i could use only 1 IP address for allow access to all that services on Lan1 with port forwarding from OpenVPN adapter (for instance 192.168.12.1).
Without NAT, i should use specific firewall rules for allowing services/ports to the Ip addresses located on Lan1, and configure clients to “look for” the services and the IP addreses on Lan1.

If Lan1 and Lan2 are connected via OpenVPN and both servers are NethServer, you don’t need to do anything: clients from Lan1 can already access services of Lan2.

Otherwise you could create a port forward which allows the entire VPN network.