sadly I just forget to mention it
but this option is already active
Hi,
make a firewall rule:
ALLOW vpn to red any (service)
this will allow vpn to internet traffic. Cheers.
1 Like
Sadly not;
it is possible it’s because I just have one nic (green) card
and the VPN needs a red card ?
PS: I just have one nic.
I just recently posted exactly the same issue here: VPN no route to internet I will gladly join your search for a solution here.
1 green nic, vpn works, cant get out of the NS.
@filippo_carletti suggested to check “systemctl status shorewall”
Looks nominal. @JOduMonT could you check that on your end, too?
The last days I could not ping google. Today all of a sudden without any changes that seems to work. Still can not load any websites. Maybe DNS is not working?
Try with:
$ ping nethserver.org
PING nethserver.org (188.226.251.154) 56(84) bytes of data.
64 bytes from www.nethserver.org (188.226.251.154): icmp_seq=1 ttl=53 time=46.3 ms
Then if you are using the web proxy check /var/log/squid/cache.log and /var/log/squid/access.log
Excuse me, I am obviously incompetent. When I am logged into the NS via ssh as root, of cource I can ping everything. From my ouside PC I still can not. No router, no Google, only the nethserver at home.
I am not using squid and there are no such log files listed in the server manager.
Your gateway must be wrong in the client configurations. That is really awkward.
I use a Fritzbox, which should be a name to anyone in Germany.
Tell me what to look for, please.
I’m sorry, but I can’t figure out your problem.
I connect via openvpn in the evening when I’m at home, I never had problems.
Could you please sen me the output of config show openvpn@host-to-net so that I can reproduce your setup?
Thank you.
There you go.
Hi, I think You should try this scenario for checking conectivity:
-check routes on vpn client pc and nethserver:
route
-check if dns works:
ping 188.226.251.154 what response?
ping nethserver.org what response?
-check where ping goes:
mtr nethserver.org
mtr188.226.251.154
-check sysctl net.ipv4.ip_forward gives You “1”
Maybe solution is bridged insteed of routed mode on nethserver if You have only one NIC but i didn’t check that.
But it seems the problem is similar to my problem from my forgotten post:
diagnose: GUI is not creating rules properly or I miss something, any help very appreciated.
Try to post output from:
shorewall show (the ovpn2net chain and related)
Bug found, thank you for your help.
You can fix it now, I will release an update tomorrow.
Run:
cp -p /etc/e-smith/templates/etc/openvpn/host-to-net.conf/00template_vars /etc/e-smith/templates/etc/shorewall/policy/
expand-template /etc/shorewall/policy
shorewall restart
1 Like
I don’t think I quit understood. But I will try anyway.
I did the following:
0% of success. 
Steps 6-8 were not necessary, you should have had it working after shorewall restart without disconnecting.
Now I’m completely lost. Could you please post /etc/shorewall/policy?
Here you go.
Chain ovpn2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1580 101K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 /* RULE#2 */Everything seems in order.
Can you show the output of traceroute/tracert to 8.8.8.8?
Did it. Results as expected. Sorry, it’s in german, but you will get the gist.
