A while back I had issues setting up OpenVPN and I thought everything was OK but discovered a new issue recently.
I guess I forgot to test this before but I noticed this past weekend that after connecting to my VPN I had access to all my internal HTTP services however, trying to access any machines on the network with the IP, \192.168.20.x\something, didn’t work at all. It occurred to me that perhaps there is a routing rule missing that would bridge my VPN network 10.168.20.x with 192.168.20.x but I am not sure. Does anyone have a clue as to what may be happening and how to solve this?
With your current VPN setup within NS - are you still in routed mode with the VPN network something close to 10.168.20.0/24 with your internal LAN on 192.168.20.0/24?
What is providing the routing/dhcp in your LAN? From your previous post and from my previous experience I had issues with not setting the static route from my router to my NS server for the VPN routed traffic.
ISP Modem in bridge mode, basically all router functions are disabled.
Nethserver does all the routing, dhcp.
So, ISP -> Modem -> Nethserver router / firewall -> Asus routers in AP mode for wireless
I have checked the firewall for a rule associated to openvpn@host-to-net allowing GREEN and RED which I have seen in other posts mentioned and is important.
So I presume that is all I need otherwise I have not defined any custom static route between the two networks.
I can access all my https services. I just can’t reach my NAS via the Windows’s File Explorer or any of the shares on it. So I wonder if it has to do with something else? If I try to ping any of the 192.168.20.x it wont find any. So I guess maybe a routing issue but the rule above should handle that?
On the rule above you can enable logging and see if your firewall rule is being triggered. To me this still looks like a routing issue and not a firewall one, do you get anything from your logs showing drop/reject to your file server? While using FreeNas and Nethserver VPN like you are I had to manually add a static route to my FreeNAS server for it to know where to send back my routed VPN traffic.
What confuses me is that if your NS is the router/firewall/VPN I didn’t think you had to add that static route on the NS end. I don’t use NS typically as a gateway device so I my experience here is a bit thin.
In this setup, Asus routing functionality should be completely inexistent by NethServer perspective.
Question is: which port is used for connecting the Asus router to NethServer interface?
Also: which zones are configured into NethServer? Only Green and Red?
That was added automatically for me. So I don’t know. I didn’t check the logs yet as I didn’t have the time to deep dive into the problem. I will try and see what comes out of it.
The ASUS router doesn’t interfere, it is an AP (AccessPoint), meaning no routing functions. It serves IPs that Nethserver gives it. I just added in there for transparency but has nothing to do with the problem.
As for my zones, I only have GREEN (internal) and RED (wan).
