Help for configaration vpn (fritzbox-->DMZ-->ipfire-->green network

Virtual Private Networks OpenVPN
#1

Hello, i have tried to configure ipfire for the following usecase:
Wan-router is a fritzbox, firwall behind the fritzbox is ipfire, i have a DMZ so the nettraffic goes from the fritzbox to the ip-fire firewall and from there in the green network.

I tried to install a vpn (road-warrier configuaration) extern computer should be possible to log into the company network. ( for home-working applikation).
I tried port-forwarding with NAT in the fritzbox and the openvpn configuration in the ip-fire, but all my attempts failed…can someone give me a hand to solve my problem?

Thank you for your help and best regards
Georg

#2

Hi @gz_dgf,

Welcome to the IPFire Community.

What messages do you see in the client OpenVPN logs and the IPFire OpenVPN server logs.
These are needed to be able to figure out what is happening.

#3

I just looked more closely at your title. The DMZ that you mention. Is this on the Fritzbox or on IPFire?

#4

Dear Adolf,
thank you for your reply.

The DMZ is on the ipfire.

I have the following configuration:
Fritzbox:
x.x.4.1 with some portforwardings to the ipfire

ipfire:
red x.x.4.6 ( here is a sip-server, the external mailserver and a web server for forwarding from the fritzbox to the devices)
green x.x.1.254 ( internal net x.x.1.y )

i want to make a roadworrier configuration for my external home office to the compay internal net

the tries with portforwarding from the fritz to the ipfire did always fails…
could be that i did not do the right ports (1194 UDP ) forward from fritzbox to ipfire.
i enabled the openvpn in the ip-fire and made certificates.

#6

Hi Sammy (@gz_dgf),

You say that the DMZ is on the IPFire but that would usually be the orange zone on IPFire and you don’t mention that. I suspect you mean something different by the term DMZ here.

The port number 1194 udp is the default port in the OpenVPN page.

What did you use for the Local VPN Hostname/IP: entry in the OpenVPN page. This should be the IP address that your Fritzbox has on its Internet connection.

It would be most useful if you could provide the client and server logs for the OpenVPN connection attempt.
Without this it is a bit of a guessing game to provide support.

#7

Hello Adolf,

today i made a new setup for my ip-fire.
I had the problem with the wrong host-name because i had the entry of the internal interface.
Tomorrow i will check the new configuration and give you a feedback.

Thank you for your help.
Till tomorrow…best regards

#8

Hello Adolf,

my new setup and test…now i can log in and do a rdp-session.
Ping on some pc’s and http and https does not work…i wil look in the logs for more informations…do you have a idea where to look? can a reason be missing firewall roules in the ip-fire? i tried to shut down firewall of the client ( road warrier ) but it did not work…
Thanks for your help…best regards georg

#9

Hi Georg,

Great that you are making progress.

You shouldn’t need to do any firewall changes for the OpenVPN tunnel. OpenVPN on IPFire does that for you when it sets the tunnel up.

If you have a firewall on your client then that might interfere.

On IPFire the OpenVPN server logs are in /var/log/messages
You would need to filter it looking for openvpnserver.

For the clients it would depend on the OS you are using.
On my Arch Linux systems it is in the journal accessible vi journalctl.
In something like Ubuntu or Debian it would likely be in /var/log/messages or /var/log/syslog
In Windows, I have no idea as the last time I used Windows was more than 10 years ago

#10

Hi Adolf,
you make a great job :slight_smile:
I think i do the new test tomorrow and examine the logs…
I am not very glad to have a windows system, but it is the only possible OS i can use my software with,
i tried debian sometimes with wine, but had not enough time and knowhow to get it working…
my servers run linux and i use a lot of pi’s for plc jobs…
Best regards georg

#11

Hi Adolf,
now i think i managed to get it working…
Thank you your TIP was the key to resolve my problems.

Great job and thank you very much for your help…
Best regards
Georg