I have a Nethserver installation up and running for many months acting as email server and Nextcloud server. Recently I changed some things and replaced my pfsense vm with a hardware EdgeRouter. I’m trying to add the OpenVPN module and have configured it as per the documentation in Routed Mode and set up the NAT and firewall rules in the EdgeRouter. I can connect without issue but cannot gain any access to the internet or internal services. I have the Nethserver VM set with a single NIC as green interface. I am trying to route all client traffic through the Nethserver network instead of setting up OpenVPN on the EdgeRouter as it’s somewhat limited on resources.
Is this configuration impossible? Or am I missing something.
If I understand correctly, you want to access to all services (PCs/printers/…), that are connected in your lan, from your OpenVPN roadwarrior connection.
Create a static route on your router/firewall that all packets to 10.0.0.0/24 are routed to the Nethserver’s IP (172.16.10.10)
I have a similar configuration at home on Nethserver NG 6.9.
For what I remember I just had to create the correct route on the router and nothing else on Nethserver.
Ah, If you want to reroute all traffic (Internet,etc), from your Roadwarrior client to your LAN, check under “advanced” voice (below Netmask) in the dashboard and check correcly “route all client traffic through VPN” and reload the config file for your client.
Now onto another problem. I’ve searched on how to change the port for OpenVPN and came across this post. I’ve issued those commands, accounting for the three years that have changed in that time and issued my commands as follows
As you can see, I am trying to switch from UDP to TCP (a proxy that I use regularly will not allow the UDP connection). I’ve shown the config and can confirm that the change is there, though I did have to delete the UDP1194 property. I’ve also verified that my EdgeRouter firewall is configured properly. Am I missing something to force the change to TCP?
Thank you again!
EDIT: I’ve also tried adding the custom conf listed here. This doesn’t seem to have any effect, according to netstat -l which doesn’t show anything listening on 1194, either TCP or UDP.