OpenVpn to conect Android Client

Hello I need the OpenVpn installed on my Nethserver to allow connection via VPN from the Android system, I followed the WEB settings and the clients that use Windows connect but the Tablets do not connect.

This client with the OpenVPN Roadwarrior configuration file generated by Nethserver should work.

hello thanks for the answer , but after installation it gives an error when importing the configuration file due to the VPN server connection mode because I get the error that only TUN mode is supported, but I used the default mode of Nethserver to configure the VPN

Minha configuração do Nethserver

@onlitec

Hi

You used the old NethGUI Interface?
You should use the newer Cockpit (Port 9090) - it will create a default VPN for Roadwarriors using the correct TUN Interface…

You will have to delete the existing VPN and start anew…

My 2 cents
Andy

Thank you very much for the information, I was racking my brain here, I didn’t even imagine this solution, I’ll do what you said.

I created the VPN through the new interface but nothing has changed, it keeps giving an error

I used another virtual machine

A Bridge mode connection uses a TAP interface. TAP interfaces are not supported on Android.

Switch to Routed mode.

Cheers.

In routed mode I will have access to the local network ?

@onlitec

Yes, it works very well (and fast, i might add)!
I use this for all my clients, and not only with NethServer, also using OPNsense as firewall…
Both use TUN and Routed with a dedicated 10.x.x.x network for the VPN.

All VPN Clients can reach the internal LAN.

My 2 cents
Andy

For example in routed mode I put the IP 192.168.0.1 but my local network is 192.168.15.1, I configureiv like this and I couldn’t access the local network when I was using vpn

This setup is from a host acting as firewall, internally, the 192.168.10.0/24 network is used:


Ypu need to put in the external IP (Internet reachable) the client should connect to. Here it is blanked out.

Replace the 10.99.10.x everywhere with 10.99.15.x (Your LAN is 192.168.15.x…).
I use the same 3rd Octet in both networks, as I use several VPNs…

This setup works without issues!

Andy

hello I did as you described, so I connect no longer access the local network

@onlitec

I forgot one small detail… In your first post there was Hyper-V…

That means you have another box acting as router / gateway, maybe a box from your Provider…
For all your boxes on your LAN that is the default gateway.
They will answer to the VPN, but NOT send the packets back to NethServer, but to your gateway/firewall.
That also does not know about your VPN, so will forward those packets to your provider, who will in turn discard those packets, as any packet from the private networks (10.x.x.x, 172.16.x.x-172.31.x.x, 192.168.x.x) are discarded by providers.

So what you must do is on your router/gateway add a route pointing to 10.99.15.0/24 via Gateway 192.168.15.x (LAN IP of your NethServer).

If you can’t do this, at least add in a route on any box you want to access.
Even your Hyper-V (Windows) knows “route add”… :slight_smile:

My 2 cents
Andy

I’m no longer on Hyper-VII’m on Proxmox now , So I will follow your information and configure the network on the router

1 Like

Proxmox is great, I use that at home and for all of my 30 clients…

Still, you have another box as router / gateway I assume?
That will need a “route” entry pointing to 10.99.15.0/24 network via the LAN IP of your NethServer…

Hello, I have a router but I bridged it and put the Nethserver as a DHCP router and gateway, but I still have a problem I can access some IPs from the LAN network but not all and I also don’t access the shared folders, etc…

My nethserver network configuration it connects to the provider by pppoe:

This is my lan ip: 192.168.80.0

VPN configuration:

I did all the configuration through the new 9090 interface I’m using the old one just to show

I created this static route on the Nethserver as it is the Gateway

And even so I can not access , I create several new virtual machines and redid the configuration from scratch and nothing works normally as another network that is bridged on another server.

@onlitec

You have another server with routing to another network?
You may need to show the routing from a client or another server showing this.
You may need to add a route on every other server pointing to the 10.x.x.x network…

And how does the network look like on your Proxmox?

Some people “misuse” NICs, and have a lot of issues.

On your Proxmox, a vmbr0 (LAN) and vmbr1 (Passthru / Internet / PPPoE) is what I’d use.
Only vmbr0 is configured on Proxmox, the second is defined as bridge, but not allocated any IPv4/IPv6.

→ each vmbr is bridged to two NICs on the Proxmox host.

All other virtual hosts use vmbr0 for LAN.

My 2 cents
Andy

hello i believe i use the network in proxmox as you described

I thought if it would be some wrong configuration in proxmox, but I believe the configuration is right, although in the firewall of proxmox I didn’t create any security group, could that be it?

Here I don’t have another server turned on, I’m thinking about getting one that is turned off and installing Nethserve on it without the proxmos to do a test…

@onlitec

Good morning

Try turning off the firewall on all VM NICs…
NethServer is acting already as firewall.

What IP is your NethServer using?
(From the Proxmox settings, I’d assume 192.168.80.254 (As the gateway of Proxmox points there…)

I’d suggest as follows:

Proxmox LAN (vmnr0) 192.168.15.61/24 (I use 61-64 for Proxmox servers)
Gateway would be 192.168.15.20

Your NethServer would use (On LAN / Green): 192168.15.20/24
Gateway none (It is firewall / Gateway)

-> Normally I always use 192.168.15.1 as gateway (End IP always 1)…

DHCP would be your NethServer: DHCP Scope: 192.168.15.201-192.168.15.250

AD: 192.168.15.11 (AD is always 11 for me).


This is a friends home Network, based on Proxmox.

The Firewall we’re using here is OPNsense.
Proxmox is configured as you have: vmbr0 is 192.168.209.61/24, Gateway is 192.168.209.1 (The OPNsense).

The NethServer, with AD is providing also: File / Print / NextCloud / Mail / etc.
Backups from NethServer and Proxmox go to the NAS, a Synology.

OpenVPN is provided by OPNsense, also the DNS and DHCP server. This is also the NTP Server for all other hosts.

You can also use these IPs here, this complete concept works…
If I need to restart the OPNsense firewall (Only accessible for me via VPN), I can reach the Network with VPN in about 2-3 Minutes again. No issues!

I can also provide a working config for OPNsense, if you really want! Send me a PM…

My 2 cents
Andy


The next steps:

Here is a doctors practice, also with Proxmox, NethServer and a hardware OPNsense firewall (PCEngined apu4d4). There’s also a big NAS as Backups, and a dedicated Proxmox Backup Server. There is also a dedicated Storage Network (Between Proxmox and NAS) and a dedicated Backup Network, between Proxmox and PBS.

This Network is FAST! The Proxmox, a HP Proliant ML350 Gen10 equipped with SSD for OS, and a seperate NVME SSD 2 TB Storage for VMs in ZFS. The PBS has a small SSD for OS and 2*6 TB Seagete Ironwolf Pro Disks in ZFS.
Backups are fast (incremental), and are done at 09:00, 12:30, 15:00 and 20:00 - and ALL VMs are done in less than 30 Minutes!

A Raspberry acts as dedicated NUT UPS Server, for all hardware in the Server room including Cable-Modem and Firewall but also all VMs and NAS/PBS.

All Data are also stored offsite - the NAS on the lower left is at the doctors home, connected by VPN.

Hello sooo thank you for all the explanations I learned a lot from them, I redid all the settings following your model and finally4 I found that the problem here is in the router provided by the operator. It works as if the route did not exist with other routers it worked normally.

1 Like