What do you think?
If the openvpn server is the default gateway of the lan, all internal machines can be reached through that single connection.
2 Likes
Yes, you are right.
But this in not only a technical issue with the nethserver.
Here (Portugal) the ISP supply a router for all internet access plans (Home or small bussiness plans).
In that router I can set port forwarding, set the IP range on DHCP server, etc.
There are 2 basic functions I can not set
Can not disable the DHCP Server and can not set the DNS servers the DHCP clients will use.
If I can not configure the nethserver as a default gateway, the openvpn can not contact the routersās DNS server
Maybe there is a way to solve this issue but I donāt know how
My goal is access another box in my network by IP address or hostname.
Now I can only access the Nethserver where the Openvpn server is running and only by IP address.
Hostname does not work because the openvpn client can not find the routerās DNS server.
Update: I only have one NIC
So vpn server in route mode gave U route to your network in what your server exist. You need only manage firewall to have access.
Show me your server ip , your box ip, and your Vpn client route print if it is Windows one, or You could write me in Skype nassir_911
Iām also having issues, i have an old arch server working as openvpn server
wich arch and centos clients, and even windows clients, iāve did all the
setup on as client (certificates, addresses) on nethserver, but canāt
manage to start client from gui, i didnāt tried from cli yet .
@mabeleira as you want to setup NS like a OpenVpn client you should paste All Cert in Box of Certificate : CA. pem User Key and User Cert . Then you would be able to connect to remote OpenVpn.
Already did it, but no luck, ill try from command line.
what log file write? and what Remote server says ?
Remote server never finds out about nethserver comunicating
[image: Inline image 1]
This is the configuration
Sorry for the delay
My settings are:
Router IP: 192.168.175.1
Nethserver IP:192.168.175.254
Openvpn Network: 192.168.147.0
Openvpn Client IP: 192.168.147.10
Finally i made it work using cli, but i have to bring cacert.pem and
ta.key from openvpn server, generate certs and copy them to the
openvpn.conf and modify conf as follows
######### NethServer OpenVPN client configuration #########
dev tun
client
remote 200.40.47.130
rport 1194
float
nobind
proto udp
Authentication: certificate
cert /etc/openvpn/vpnnethcert.pem
key /etc/openvpn/vpnkeyneth.pem
ca /etc/openvpn/cacert.pem
comp-lzo
explicit-exit-notify 1
verb 3
log-append /var/log/openvpn/openvpn.log
persist-key
persist-tun
tls-auth /etc/openvpn/ta.key 1
#comp-lzo
#verb 3
[root@galarza openvpn]#
Iāll try to write a how to about this.
1 Like
@mabeleira wow wow use P12 keys forgot about CA and other and Change the Port of VPN and why do you use TA key, they only werify MAC address not so important 
BOX ip 192.168.175.1 ?
make tracert From VPN client to 192.168.175.1 and show me 
Can not ping the router (192.168.175.1)
Can ping the box (192.168.175.254)
Can not connect to the box (192.168.175.254) with hostname
Can not connect to a dns server in my network
when you try to ping :
tail -n 40 /va/log/firewall.log
Server was rejecting the connectiion until i put it, i wasnt connecting to
nethserver openvn vpn server i was conecting to a working archlinux openvpn
instalation and i wanted to add a new node.
if Your ARCH server check TA keys , yep you couldnot connect! But checking TA is not so strickt option coz it check consistency of MAC address