I have Nethserver installed with one NIC behind a DD-WRT router and want to use it as an OpenVPN server. My reasons for using this are to be able to access computers on my LAN, to securely brows the Internet from computers and smart phones, and to access websites without restriction from locations that may traffic.
I have it configured and working in bridged mode, but I cannot get routed mode to work.
When I tried to configure it for routed mode, my client machines (Android 4.4+ and PC Windows 7) clients connect and are assigned an IP address in the routed range below but I cannot access other computers on the LAN, or browse the web. Nor does entering an IP address rather than a name in the browser work.
I am guessing I need to either set up a static route on my home gateway or on Nethserver. but experimenting failed.
Here is my configuration:
Home gateway (DD-WRT):
External IP (DHCP with Dynamic DNS)
Internal IP: 10.20.30.1, DHCP server 10.20.30.101-10.20.30.49
Nethserver IP: 10.20.30.5
Gateway is configured to forward UDP and TCP traffic to 10.20.30.5.
Nethserver OpenVPNbridged mode configuration that works:
username, password and certificate - selected.
IP range start 10.20.30.180, end: 10.20.30.199
LZO Compression selected
The routed configuration that doesn’t work:
Network: 10.20.50.0
Netmask: 255.255.255.0
Route all client traffic through VPN - selected
Allow client-to-client network traffic - selected
I am not using a site to site VPN. I want a small number of users to be able to do two things:
Access the computers on my LAN from the Internet using smartphones, PCs and Macs that have OpenVPN clients, and also to be able to route all their Internet traffic to go through the VPN.
Honestly I’ve never tested VPN routing on a server configured only with one ethernet interface.
I guess the server can’t figure out a valid route for the VPN traffic.
Maybe you can try add a static route from the page “Static routes”.
Otherwise, can you post the route table of client and server when connected?
Moreover I’m not sure about lokkit (the bult-in firewall) capabilities in this scenarios.
My suggestions are:
check the routing table of both server and client
try to install nethserver-firewall-base (and check the log /var/log/firewall.log)
FWIW, I never did get OpenVPN to work with Nethserver configured with one NIC behind my NAT gateway firewall (a DD-WRT installation). This was the only thing i was trying to do with Nethserver at the time, and so I stopped spending time on it.
Recently I installed Nethserver as my NAT gateway/firewall with two NICs, and had no trouble getting it to work in routed mode on Windows PCs and my Android phone as OpenVPN clients.
EDIT: I meant to include that I did not have to any changes to the Nethserver firewall configuration or set up any routes. It just plain works.
I read it briefly and in general, it looks good. I have an action item to put in the OS X portion of the wiki. If possible, it’d be great to outline when would someone choose to use IPSec vs OpenVPN.
