I didn’t try with username and password because I don’t want to setup a AD Server. Unless there is another way. I had issues with that in the past and thought if I will ever do that, I will setup an AD Server separately.
I will try and disable “Route all client traffic…” and see what happens.
This is strange. So I removed “Route all client traffic through VPN” and when I traced it worked and it did show 192.168.20.1 (going through it) but when I try to ping it or access anything on my network while connect to the VPN, it doesn’t work.
I still have to look at the log file.
Didn’t find anything in the firewall.log neither.
Which router device are you using?
Is there a way to get the public IP on the Nethserver? Some ISP routers support a “modem mode”…
I know that there are weak implementations but no static routes at all?
It is a Helix modem, a technology used by Videotron a Canadian company. The device they use is based on Technicolor’s CGM4140COM. I have looked everywhere, there is no Static Routing that I could see anywhere. I can do port forwaring, DMZ, those kind of things but that is about it as far as I can see.
As far as I can see this device has a modem mode and a bridge mode.
It seems it’s now in bridge mode where you can setup port forwarding etc., please try to use DMZ Host instead of port forward all if possible.
If you switch to modem mode (maybe ask the provider) the Nethserver will get the public IP and VPN should work without needing a static route.
They disabled that option in their implementation, as far as I can see I cannot change between modem and bridge mode. I have DMZ turned on right now and a static IP reserved for Nethserver’s WAN and that IP is set to DMZ. I’m still facing the same issue.
Actually. It is in modem mode right now, not even set to bridge. Bridge would disable the WIFI functionalities. Something I can’t test at the moment because others are currently using it.
Maybe it’s too much to port forward all AND set DMZ host?
You may try bridged instead of routed VPN mode if you don’t need Android clients.
I’ll try to disable DMZ and use port forward first and vice versa see what happens. I may try bridged but I have to admit, it would have been nice to be able to use my Android devices to connect.
I tried with just DMZ, doesn’t work (unable to connect). I disabled DMZ and used Port Forwarding and I got back to where I was before.
Just one thing about the Static Route, if I find a way to do this, I have to route 10.0.0.5 to my Nethserver’s Gateway correct (192.168.20.1)? 10.0.0.5 being the IP attributed to Nethserver’s WAN?
You need to route the vpn network to the Nethserver but this is usually only needed when Neth is not the gateway.
I see, so basically I would tell the ISP modem / router to router anything coming in for 10.168.20.0/24 (VPN Netowkr) to 192.168.20.1 which is my Lan?
And when you say Neth is not the gateway, I presume you mean not the first gateway after the internet (WAN)?
Markus means “Not the gateway”, that your NethServer is setup with only one NIC.
If you use 2 NICs, then your “2” is correct…
My 2 cents
Andy
Remove the lzo compression (and regenerate and redistribute configuration files for users).
It had some security issues and, from what I understand, is deprecated.
https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--comp-lzo
Yes that is what I meant. That system has 3 NICs, 1 not being used at the moment.
Did you end up going with LZ4?
I also did find some documentation that explains regarding static routes and it is a bit my scenario. My ISP router / firewall doesn’t know about my VPN Network.
Just thought I would update for those who have been following, after re-configuring my ISP to bridge modem (since it didn’t offer Static Routing) I got it to work. The only difference is I removed Compression LZO to disabled since someone reported it was deprecated.
Thanks to everyone for their help!
As soon as I have a minute I’ll make a final post with my settings and what I have done in case this could help someone in the future.
Here is my final config with my ISP router basically in bridge mode (MODEM only). If ever you would like to keep your router in Modem + Firewall + Router, you will need to do as @mrmarkuz suggested and define yourself a static route from your ISP’s router to point to your VPN network. Unfortunately mine didn’t have that and they didn’t foresee doing it in the future leaving me with no other choice but to change it in bridge mode which solved all my problems.
The config is as follow :
