FW-Rules for openVPN neccessary?

The openVPN connection is configured with access into the GREEN network. It is displayed as “CONNECTED” in the IPFire “WebUI”.
The external device (Android with ‘OpenVPN for Android’) shows that the connection is established.
The IPFire-Proxy is set in /var/ipfire/ovpn/scripts/server.conf.local (push dhcp-option PROXY_HTTP 8080) and populated to the VPN-Client. (The log at the external device shows that the option is set on the device.)
The OpenVPN-Client is configured to route all traffic through the tunnel.

But the browser, k9, dav and other apps are not able to reach they targets.

IPFire Filrewall logs does not show any blocked connections. The proxy log does not show any connections.

Any hints to get this running?

I quote my own howto openvpn guide for mobile devices:

In other words, in android you have to MANUALLY set the proxy configuration in the wifi and apn settings, and possibly even in some app. This works instead automatically in iOS devices.

Hi @berny.

Can you access to IPFire console when you are connect with OpenVPN?. I explain this.

  1. Connect with your Android to OpenVPN connection.
  2. Try to connect the IPFire to the Console using Green’s IP.

Me, without doing any rules or anything, I can connect to the IPFire Console (when connected via OpenVPN) and also to Samba and a computer via RDP from my Android phone.

It may be a problem with the equipment you want to access.

Do you have a load balancer in your network?

Try and say us something.


No problem. Even if a app does not use the proxy its traffic should be routed through the VPN.

How is your IPFire configured? I have choosen to block all traffic by default (FireWall Options / Default Firewall behavior / Blocked at forward and outgoing.

Therefore I ask for needed rules to allow the traffic.

Here you have the “Firewall Options” settings:

And to force everyone to go through the Proxy (I have it “non-transparent”):


If you have closed the Forward and outgoing by default, I suppose in source you select the OpenVPN network and in destination the firewall, allow on UDP port 1194 (this should take care of the forward block). Also, source Firewall and destination the OpenVPN network UDP:1194 allowed (outgoing block bypass). Never tried though.

I do not understand how the packets are flow trough the FW.
My IPFire is connected to the Internet at red; both main settings (forward and outgoing) are set the 'Blocked"; no masquerading disabled on green.
I have two mobiles (iOS, with ‘OpenVPN’ from OpenVPN Technologies and Android with ‘OpenVPN for Android’ from F-Droid). I configured both apps that all traffic is routed through the tunnel (via cellular network). Both shows ‘connected’ in the IPfire / Services / OpenVPN.
But it seems that there are no connection possible.
At the iPhone the AppStore, or any other Website (checked with Firefox, Firefox Klar and Safari) is not reachable, the same at the Android, the OpenVPN App shows ‘connected’ but nothing is reachable. (I try to reach the IPFire-WebUI at Port 444, too.)

Is there a graphic how the packet are flow trough the IPFire? Are there additional settings neccesary when configuring a OpenVPN?