we are normally using OpenVPN via the red interface with our main ISP. If this ISP fails, we have a FritzBox using another ISP so internal users can still access the internet. However, OpenVPN users would not be able to connect anymore.
I could switch the DNS record to the backup router and setup forwarding from that backup router (connected to the green network) to IPFire (on green). It would then be necessary to have IPFire forward those packets from green to red to the OpenVPN server.
Is this possible at all?
What I did to get this to work. Add a Nic, USB or Card. Just make sure it compatable with IPFire first. Setup an Orange DMZ.
Coming from the VPN Rule.
Sorce it the IP Address of the inside IP of the VPN
NAT is Source NAT and the IP of the public IP
Destination Standard networks ANY
IN coming Rule
NAT Destination NAT(Port Forwarding) The Public IP of the VPN
Destianation address is Local IP of the VPN
Protocal (I would make a Service Groups and add)
Port 1194 UDP, 443 TCP
Or you an just make two rules for this.
Sorry, not sure how exactly this should look like. Could you make a screenshot of your settings, please?
Also, how is you backup router connected? to Orange? If so how are the clients on Green connecting to it?
Orange would have to be its own SubNet. say you use 10.0.0.1/24 for the Green you could use 10.0.1.1/24 for the orange. The OPENVPN would have to be on the 10.0.1.1/24 subnet.
Connecting to the OPENVPN woul still have to have a public IP give to you my your ISP. Because you are using 2 ISPs the end user could have to know the 2nd Public IP or use a Dynamic DNS service to automaticly change the IP when it is flipped by the FritzBox. That can be setup in the Services / Dynamic DNS. I use NO-IP.com but you can use any from the pull down list.
It maybe better to still use IPFire as setup. on RED and just use the Dynamic DNS.
Can you provide a screenshot of the necessary rules?
Could you post your IPs to put in the setting, I can use the input informaiton above. To enter the IPs for your system, For I am not willing to give out my IPs for I have giving out such information and found myself being DDOSed for days. Nice IPFire just kept on working and we just kept on like it was nothing was happening.
Still Dynamic DNS looks like the better way to go. for it would just fail over if your using a URL for the VPN.
Sorry for the delay.
For red just use the text “External IP”.
Green network is 192.168.120.0/24.
Orange isn’t used at the moment.