Openvpn problems

I have tried to put in place openvpn at distance
On that school that i have put nethserver
I have forward 1194 in the firewall swisscom and nethserver on port fowarding and also the allowance on the firewall as like the nethserver example at home (and at home works flowless), at the scool timeup trying to connect with an noipdns that responds into the swisscom public ip address. I put that ddns onto the openvpn configuration, the same options routed one, push network adresses etc and nothing… I have tried to deactivate the fail2ban and ips… And when I try to connect with client openvpn, turns arround and it doesnt connect… On firewall the same configuration… But doesnt connect… Any toughts ? Firewall isp deactivated only nethserver


Salut Vitor

Are you using the Swisscom Router in “Bridged mode” or in “Router Mode” ?

Bridge Mode should work, your Nethserver has a direct PPPoE conection to Swisscoms vDSL network.

Router Mode often needs a “DMZ host” or “Default Host” set in the Interface.

You can’t always use bridged mode, eg if VoIP is running over the router. In some cases, depending on the models and abos used by Swisscom, even VoiP (Terminating on the Swisscom Router) AND Bridged Mode is possible - I have one such client.

My 2 cents

I need to see but I think he’s in routed mode

I will accès in couple of minutes and then I will gove you the answer

Thanks Andy


Check also, if using Routed mode, that you have your NethServer set as the DMZ Host or Default Host…

On the WAN side you can use DHCP for your NethServer, but fix it (reserved DHCP) on the Swisscom Router… :slight_smile:

dmz not active neither the possibility to put it :face_with_head_bandage:

Does your Router have a default host?

Send a screenshot of the Settings of your Swisscom box…

Out for lunch…
bonne app!


Nethserver is the only one ip fixed on swisscom dhcp

Heis not in dmz

Could you send a screenshot of the Swisscom router (Routeur et Internet)…


salut andy

j’ai contacte swisscom and the guy told me that i need to activate the dmz, he will send to me the details about it because he said to me that is diferent from home router, i have described the configuration …

So the modem/router firmware has some not configurable ports that you need to use DMZ?.. hmmzzz :thinking:


Hi Robb

This is a swiss “speciality” - we used to say it’s not a bug, it’s a feature… :slight_smile:

Certain swiss providers use custom made modems/routers. Among them: Swisscom / UPC. They have their own Firmware, and if you do not ask, you get only IPv6. If you need IPv4, you’ll get it - but you need to ask!

As I also live in Switzerland (Vitor here in the french speaking part, me in the german speaking part, Switzerland has 4 languages, each with their region), I know most of the hardware available here. And some of their “funky” settings.

Some of these routers allow eg only 8 port forwardings, less than enough to really use your NethServer. With DMZ or Default host, you pass all forward to the DMZ host, which should be stable enough to protect itself (Which a NethServer is!).

Cheap, consumer hardware, some of them really limited!

But workarounds are there for a reason! :slight_smile:

You just need to know the right one!

My 2 cents

We had this problem 20 years ago…
But there are chances you should be allowed to choose your own modem/router. There is an EU directive that obligates ISP’s to allow you to use a modem/router of your choice.
I know Switzerland is not part of the EU but there are many treaties with the EU and for a lot of EU directives this means non EU countries must implement these EU directives in order to be able to trade with the EU.
It’s a long shot, and probably a battle you don’t want to have. The other option is to sit it out and wait until Switzerland also adopts legislation for free modem/router choice.

Its a tricky part you have the choice to change the router, thats implies that i need to reconfigure the new one, and at time that we had another provider it was a mess… Bad memories so I prefer to avoid that again and go straith Foward… So I think another way with the default configuration… The swisscom home router works like charm without dmz on it all out of the box we can say… With professional swisscom router its another story… What a crap…at home I dont NEED to put nethserver in DMZ

As I said at home swisscom and nethserver openvpn works flowlessly

On the school misses the good configuration or passtrough


Switzerland is not in the EU, and at the moment there’s no chance politically that the Swiss would agree to join in. Most Swiss still think it’s way too early to move in to a badly built building. :slight_smile:

As long as major members like Germany can’t keep their own houshold finances in order conforming to the EUs 3% rule, how can much poorer countries like Romania or Bulgaria keep up. They can’t…

We actually are having a vote (postphoned due to Corona) soon about continued “free choice of working and living country” in the EU, that entails the whole Gillotine Clause, chopping all contracts with the EU… It will be a close call, but I don’t think the swiss are actually going to accept it…

We do have to pay MUCH higher fees like roaming, no EU directive works there. Neither with the modems, although you CAN choose your own modem.
That’s very difficult with telephony, as POTS is now all IP, basically VoIP without a VoIP end terminal. Phones are mostly analog, but the router handles it all (pre-configured or allocated via Network). Using your own forfeits VoIP, as the major swiss providers do NOT give you any VoIP login data like SIP server, UID and Password. You can use a dedicated SIP provider (eg SIPcall).

Same goes for Television over vDSL…

Provider Lock-In, supported by the government. :slight_smile:

1 Like

i think i have found the configuration but to test

i need to put it on Lan port 1 of swisscom centro business, activate the ip passtrough
and put an wan ip address like


1.6 Connexion de l’hôte sur le port LAN 1 et configuration
Fermez maintenant votre hôte (firewall) sur le port LAN 1 du routeur Centro
Business. Configurez la connexion WAN de votre hôte. Saisissez
pour l’adresse IP de l’hôte, pour le sous-réseau et indiquez
comme Gateway l’adresse Effectuez maintenant la configuration
LAN de votre pare-feu

1.6host connection with LAN 1 port and configuration…
close now your host (firewall) on the port LAN1 of the Centro Business router.
Cofigure the conection WAN of your host. Put for host IP Address, for the sub-net mask and put as gateway the address
You can configure now the LAN INTO YOUR FIREWALL…

1 Like