I do have an issue which I try to understand and resolve. I have successfully installed NethServer 7.9, fully updated with 2 NIC (green and red). First it was activated only green to configure it as much as possible.
The green interface is 10.0.0.100 (LAN) with 10.0.0.1 as gateway, other OpenVPN server for VPN access with 10.10.10.x (entered also as trusted network). Everything was working perfectly and everything was accessible from LAN and from VPN.
When I have activated the red NIC with 192.168.1.250 with 192.168.1.1 as a gateway, through other router and link, Nethserver is accessible through LAN (10.0.0.x, services and web cockpit on 9090) but not any longer from VPN. The VPN is 10.10.10.x and still in trusted network but Nethserver is not accessible nor can be pinged.
I’m coming from SME, there this kind of setup was working without any issues.
I can’t figure out what is the problem. I would appreciate if anyone can point me out what am I doing wrong?
I also come from SME-Server, and as you, I have another box as firewall:
You write about a Gateway - and on LAN…
In this case you do not NEED two Interfaces.
Or only one Interface (RED) needs a Gateway, Green can not have IP 10.0.0.100 (LAN) with 10.0.0.1 as gateway…
It’s not really smart to use dual NAT at home, neither is using an oversized network for home.
You’re not going to tell me you NEED 1 million IPs at home!
So why use 10.0.0.0/8 at all?
You’re already in a “private” network with 192.168.1.250 with a Gateway 192.168.1.1…
You’re just making stuff unecessarily complicated!
If you’ve already got a working firewall / gateway (more than one, it seems 192.168.1.1 and 10.0.0.1) why not simply use NethServer as Server, and not as Gateway/Firewall? Even OpenVPN will work in “Server” configuration… (You DO need a route in your gateway pointing to NethServer for the VPN network).
Thank you, privileged to be part of the community.
You are absolutely right, and obviously I was not clear enough. The setup is complicated due financial reason. It is a small office with 20 clients in it, through the existing Firewall (IPFire, 2 NICs) they have a fiber with dynamic IP (using DynDNS, also access through OpenVPN) using it as internet gateway.
The Nethserver is a collaboration server (e-mail) connected through a much slower copper link but with fixed IP address (that’s why it has 2 NICs). Nethserver has replaced the SME 9.2 with the same setup. Booth green’s (from IPFire and Nethserver) are in the LAN.
This setup is due financial reasons only, much cheaper with two links since unfortunately on fiber the ISP is not giving fixed IP, weird rule but it is like it is. I hope I was more clear about the setup.
On NethServer only one LAN (RED) should have a Gateway. A host can not have two default gateways…
But you need a Route on IPFire pointing to the 10…x.x.x IP of the NethServer (The OpenVPN Network), so it uses the OpenVPN route, not leaving via IPFire (and get’s thrown away by the provider as an internal IP does…).
Yes, when RED was activated, the Gateway from GREEN was automatically removed (checked at \etc\sysconfig\network-scripts\ifcfg-em1) and only RED have a Gateway.
The weird issue is when I’m on VPN, I can ping and access clients on GREEN LAN except NethServer.
Now, if I release the role of RED, put a gateway on GREEN towards IPFire, then I can ping and access the Nethserver from VPN.