OpenVPN roadwarrior problem

NethServer Version: NethServer release 7.7.1908 (final)
Module: OpenVPN roadwarrior server
Kernel release: 3.10.0-1062.12.1.el7.x86_64

I have a problem with my bridged VPN.

I have two VPN servers that can be reached via two different gateways.

A VPN server with OpenVPN on Ubuntu - Routet mode VPN (NAT).
And a VPN server with Nethserver - Bridged mode VPN.

The bridged VPN on the Nethserver no longer works properly.
But it worked in the same configuration for months without problems.
Maybe a Nethserver update triggered the behavior?

I can still successfully connect all clients to the VPN.
However, these cannot achieve anything in the LAN.

However, the VPN clients can be pinged from the LAN.
I have tried other configurations (e.g. changing the zone) but nothing worked.

Does anyone have any idea what else could be tested?

I am currently using my second VPN on Ubuntu with NAT routing, which works without problems.


The pictures with:

==> a Linux is connected with Linux-VPN-Client (same problem as Smartphones)
==> MITSRV055 - Fritzbox forwarding to Nethserver
==> Ping from PC in LAN to connected VPN-Client
==> Nethserver Net-Config
==> OpenVPN-Client (Smartphone APP)

Hello, recently the lzo compression not supported anymore on openvpn client on smart phone
i suggest that u change your vpn configuration and remove lzo compression
it worked for me for smart phone with higher android version , i discovered this from openvpn logs.

It’s difficult to enumerate your network from the snippets posted. Can you provide some form of network diagram.

It appears you have 2 green interfaces in the same subnet. How does this work.


The compession is disabled.
And the PCs cannot achieve anything either.
Before, it always worked.


It is only a bridge, it is not routed.
So the same subnet shouldn’t be an issue, should it?
It worked for a very long time in exactly the configuration.
I suspect an update or something similar that may have caused the problem.

This is a stand-alone server as a VM under an ESXi.
The network into a to

The Fitzbox forwards VPN connections to this server.
All clients can dial in, but they can no longer access the network. As already written, you can reach the VPN from the outside (LAN). to is reserved for the VPN.
LAN DHCP is from to
All static servers are in to

But I have already tried two different subnets, so the clients can no longer dial in.

I have to do that on my test server.

I have now tested everything that was possible for me.
All possible configuration combinations tested (e.g. Red, DMZ, etc.)

All variants tried out on two test servers.
On a Nethserver v7.7 and a v6.9 server.

Then also set up a new server v7.7, without further roles and functions, so as not to take any risks.

No matter what I did, always the same.
I was able to dial in successfully (Android, Linux, Windows) and could only ever reach the VPN server itself. But no other servers in the LAN.
I also tried routing and bridge, always with the same result.

I have already invested several hours in this.
I don’t know what I’m doing wrong.

Then I gave up.

Ubuntu 18.4 installed, an OpenVPN server installed on it.
It worked immediately!
Less than half an hour, and the server was completely finished with Webmin, SNMP, Samba and OpenVPN.

The amazing thing is, I have successfully used the OpenVPN Nethserver for months with the same configuration, at some point it just didn’t work anymore and I can’t get it to work.

The only strange thing I see is that you are using the same subnet for both your VPN and also your Modem/Router subnet, which (I think) is going to cause routing issues.


Ok, you can see another subnet on the picture, it is done as you describe it.

But the bridge mode does not route, it is as if the network cable was plugged directly into a local switch (?).

And even if it had to be routed between two subnets, the VPN server should do it internally. With the TAPI interface, for example.
The OpenVPN from “” does NAT or routing internally, even with a single interface, and it works.

The problem is, if it is, it would be a “nogo” for me.

Because the DSL router must remain in its own subnet, otherwise clients in its own network can no longer reach it as an Internet gateway.
The DSL router would then only be available for the VPN, and that would make no sense.
Or am I misunderstanding something right now?

Does the OpenVPN roadwarrior with bridge work for everyone else?

Ooops, I missed the bridged mode. :grimacing:

But in that mode doesn’t the address range used by the VPN have to be separate from your range used by your router. The VPN is configured for 1 -> 100 but you already have at least 1 and 10 in use.