Nethserver 7.8.2003 OpenVPN / Roadwarrior issues


I’ve been looking around to fine a solution to my problem but nothing really helped. I managed to configure OpenVPN with Roadwarrior enabled and I am able to connect a user with a certificate however, I am not able to access anything from my local network. Any has a clue how to fix this?

Here is my Roadwarrior config :slight_smile:


Trusted networks :

Local fw rules :


If the NethServer providing VPN is not the gateway, you need to setup a static route:

So here is what I have… I have my ISP modem / router -> NethServer -> Lan. So Nethserver is my gateway for my lan and I have the ISP model / router port forwarding everything. The ISP router does not provide any static route functionality. So do I really need that with the way I’m set up? If that is the case, I don’t have any way to do that with that router. I have checked.

Did you already try to enable “Push all static routes” in the openvpn settings?

I had that enabled before but didn’t re-download the configuration (wasn’t sure if I needed to). I can try again.

Yes, please try it. It’s enabled by default for clients to get the routes.

I tried and it doesn’t change anything. Unable to ping which is my Nethserver’s IP. Connect on VPN with I’m also unable to reach anything outside ( Strange.

Please try another VPN network address like

Now on, same effect. Anything in the firewall I should add?

That’s usually not needed because it’s autoconfigured.

Yeah I saw that was just wondering if I missed anything anywhere. I tried removing from the VPN’s DNS configuration but didn’t change anything.

Yes, you usually don’t need custom DHCP DNS settings.

OK. I’m all out of ideas. And Roadwarrior is the only thing I need to configure right? Nothing else? I mean no need to IPSec or anything like that to do what I want?

Yes, usually default is working, no need for additional IPSEC, openvpn should just work.
Did you check the firewall log (/var/log/firewall.log) ?
Just an idea: Did you check if it works with username/password instead of certificate?

There still seems to be a routing/firewall issue.
If you disable “Route all client traffic through VPN” browsing should work because it’s done locally.

I didn’t try with username and password because I don’t want to setup a AD Server. Unless there is another way. I had issues with that in the past and thought if I will ever do that, I will setup an AD Server separately.

I will try and disable “Route all client traffic…” and see what happens.

This is strange. So I removed “Route all client traffic through VPN” and when I traced it worked and it did show (going through it) but when I try to ping it or access anything on my network while connect to the VPN, it doesn’t work.

I still have to look at the log file.

Didn’t find anything in the firewall.log neither.

Which router device are you using?
Is there a way to get the public IP on the Nethserver? Some ISP routers support a “modem mode”…

I know that there are weak implementations but no static routes at all?

It is a Helix modem, a technology used by Videotron a Canadian company. The device they use is based on Technicolor’s CGM4140COM. I have looked everywhere, there is no Static Routing that I could see anywhere. I can do port forwaring, DMZ, those kind of things but that is about it as far as I can see.

As far as I can see this device has a modem mode and a bridge mode.
It seems it’s now in bridge mode where you can setup port forwarding etc., please try to use DMZ Host instead of port forward all if possible.

If you switch to modem mode (maybe ask the provider) the Nethserver will get the public IP and VPN should work without needing a static route.