OpenVPN Single NIC behind Firewall?

NethServer Version: 7.5.1804
Module: OpenVPN

I have a Nethserver installation up and running for many months acting as email server and Nextcloud server. Recently I changed some things and replaced my pfsense vm with a hardware EdgeRouter. I’m trying to add the OpenVPN module and have configured it as per the documentation in Routed Mode and set up the NAT and firewall rules in the EdgeRouter. I can connect without issue but cannot gain any access to the internet or internal services. I have the Nethserver VM set with a single NIC as green interface. I am trying to route all client traffic through the Nethserver network instead of setting up OpenVPN on the EdgeRouter as it’s somewhat limited on resources.

Is this configuration impossible? Or am I missing something.

Thanks!

@support_team Has anybody an idea?

If I understand correctly, you want to access to all services (PCs/printers/…), that are connected in your lan, from your OpenVPN roadwarrior connection.

Create a static route on your router/firewall that all packets to 10.0.0.0/24 are routed to the Nethserver’s IP (172.16.10.10)

2 Likes

I will give that a try this evening and report back!

Do I need to create a static route on the NS machine to route to 172.16.10.0/24 and push static routes? Or is that already the way it’s designed?

Thanks!

I have a similar configuration at home on Nethserver NG 6.9.
For what I remember I just had to create the correct route on the router and nothing else on Nethserver.

1 Like

Ah, If you want to reroute all traffic (Internet,etc), from your Roadwarrior client to your LAN, check under “advanced” voice (below Netmask) in the dashboard and check correcly “route all client traffic through VPN” and reload the config file for your client.

2 Likes

I want all traffic to be routed. I still need the firewall route and the checkbox, correct?

Yes, correct

Success! Adding a static route that all traffic destined for 10.0.0.0/24 routes to the internal IP of the Nethserver solved my issue!

Many, MANY thanks!

1 Like

Now onto another problem. I’ve searched on how to change the port for OpenVPN and came across this post. I’ve issued those commands, accounting for the three years that have changed in that time and issued my commands as follows

config setprop openvpn@host-to-net TCPPort 1194
signal-event nethserver-openvpn-save
signal-event firewall-adjust

As you can see, I am trying to switch from UDP to TCP (a proxy that I use regularly will not allow the UDP connection). I’ve shown the config and can confirm that the change is there, though I did have to delete the UDP1194 property. I’ve also verified that my EdgeRouter firewall is configured properly. Am I missing something to force the change to TCP?

Thank you again!

EDIT: I’ve also tried adding the custom conf listed here. This doesn’t seem to have any effect, according to netstat -l which doesn’t show anything listening on 1194, either TCP or UDP.

To switch to TCP, you need to create a new template-custom, since actually this config is not supported.
This is the fragment to override: https://github.com/NethServer/nethserver-openvpn/blob/master/root/etc/e-smith/templates/etc/openvpn/host-to-net.conf/10server

Ok, I’ll give that a shot. Thank you!

Ok, thank you! I’ll give that a shot.