OpenVPN connected but no network resources

Support
1

NethServer Version: NethServer 7.9.2009
Module: OpenVPN RoadWarrior

  • Using TCP Port 1194.
  • SonicWALL Firewall protecting network, NethServer in LAN. Port forward now successful.
  • I am now connected.
  • I am able to access NethServer (while connected from Internet and OpenVPN) but unable to reach other network resources such as internal webserver.

Deploying NethServer for OpenVPN only, to access the webserver mentioned above.

Thanks!

2

This will be new to me because all OpenVPN I have configured have been on the gateway.

This, however, will be behind the gateway and as I read, I should have add a route (Setting Up Routing | OpenVPN). Do not know how to do it with the “Custom routes” field.

Thanks in advance.

3

Hi @vhinzsanchez

The problems:

  • Your default Gateway is your Router, not your NethServer.
  • The VPN uses it’s own internal network, eg 10.99.12.0/24
  • Any PC / Server / NAS trying to reply to your VPN will send the “answer” to your router (Not to NethServer), and the router will forward your Packets to your Provider, not to your VPN. And the Provider will discard the Internal IPs…

The solution?

You need an additional route in your router for the VPN-Network (as above, I’ll use 10.99.12.0/24), pointing to the LAN IP of your NethServer. With this route, your router “knows” about the VPN and can handle the traffic accordingly.

I can’t help you with this, as I have no info about your router, besides that, this IS a NethServer forum, not a generic router forum. But you will be able to find help, either from the maker of that router, Google or your Provider…

Good Luck!

My 2 cents
Andy

4

Thanks @Andy_Wismer. Everything I have done with NethServer has been correct, the only problem is in the Firewall protecting the network. Again, its my first deployment in this scenario and I’m at loss.

Again, many thanks!

5

What is the brand / make of your Router / Firewall?
I do know quite a few models - but there are thousands out there…

PS: NethServer can also be a full firewall…

6

Thanks Andy. We are using SonicWALL NSA 2600. I have added the routing (as well as opening up the network in firewall rules) and configured the NethServer as its gateway but seemed no effect.

7

Hi @vhinzsanchez

I do know Sonicwall fairly well…
You did add the portforwarding for the OpenVPN Port 1194, i assume, otherwise your VPN will not connect.

For your setup (I did have clients using similiar setups, just a different SoniccWall) using SonicWall, you basically need the following configured on your Network:

  • All devices in your LAN use the SonicWall as default Gateway
  • Your NethServer, as VPN Gateway, has only one real NIC, connected to your LAN.
  • NethServer also uses SonicWall as default Gateway.

Specifically for your SonicWall:

  • A port forwarding for OpenVPN Port 1194, pointing to the LAN-IP of your NethServer.
  • An internal additional route for the OpenVPN network (10.99.12.0/24 as example), also pointing to the LAN-IP of your NethServer.

As I’ve migrated all my 30 clients from SonicWall to OPNsense, I presently don’t have access to a SonicWall to provide you with a screenshot of the SonicWall configuration…

I am aware of the fact that changing / adapting firewall rules in SonicWall is a real PITA, you often need to adapt in three different places, not just the list of rules.
Also, the wizard has major limitations creating several rules for one target, often enough, you end up with several entries of the same target server in the targets list.

Still, good luck!

My 2 cents
Andy

1 Like
8

Thanks again @Andy_Wismer, I have followed your instruction…it led to correct configuration of SonicWALL. I have made error on my configuration inputting LAN network in “Destination.” But when I put the “OpenVPN Network” in “Destination” and “any” on source, traffic has been passed.

Thank you for your assistance!

1 Like