Hello, i have tried to configure ipfire for the following usecase:
Wan-router is a fritzbox, firwall behind the fritzbox is ipfire, i have a DMZ so the nettraffic goes from the fritzbox to the ip-fire firewall and from there in the green network.
I tried to install a vpn (road-warrier configuaration) extern computer should be possible to log into the company network. ( for home-working applikation).
I tried port-forwarding with NAT in the fritzbox and the openvpn configuration in the ip-fire, but all my attempts failed…can someone give me a hand to solve my problem?
I have the following configuration:
Fritzbox:
x.x.4.1 with some portforwardings to the ipfire
ipfire:
red x.x.4.6 ( here is a sip-server, the external mailserver and a web server for forwarding from the fritzbox to the devices)
green x.x.1.254 ( internal net x.x.1.y )
i want to make a roadworrier configuration for my external home office to the compay internal net
the tries with portforwarding from the fritz to the ipfire did always fails…
could be that i did not do the right ports (1194 UDP ) forward from fritzbox to ipfire.
i enabled the openvpn in the ip-fire and made certificates.
You say that the DMZ is on the IPFire but that would usually be the orange zone on IPFire and you don’t mention that. I suspect you mean something different by the term DMZ here.
The port number 1194 udp is the default port in the OpenVPN page.
What did you use for the Local VPN Hostname/IP: entry in the OpenVPN page. This should be the IP address that your Fritzbox has on its Internet connection.
It would be most useful if you could provide the client and server logs for the OpenVPN connection attempt.
Without this it is a bit of a guessing game to provide support.
today i made a new setup for my ip-fire.
I had the problem with the wrong host-name because i had the entry of the internal interface.
Tomorrow i will check the new configuration and give you a feedback.
Thank you for your help.
Till tomorrow…best regards
my new setup and test…now i can log in and do a rdp-session.
Ping on some pc’s and http and https does not work…i wil look in the logs for more informations…do you have a idea where to look? can a reason be missing firewall roules in the ip-fire? i tried to shut down firewall of the client ( road warrier ) but it did not work…
Thanks for your help…best regards georg
You shouldn’t need to do any firewall changes for the OpenVPN tunnel. OpenVPN on IPFire does that for you when it sets the tunnel up.
If you have a firewall on your client then that might interfere.
On IPFire the OpenVPN server logs are in /var/log/messages
You would need to filter it looking for openvpnserver.
For the clients it would depend on the OS you are using.
On my Arch Linux systems it is in the journal accessible vi journalctl.
In something like Ubuntu or Debian it would likely be in /var/log/messages or /var/log/syslog
In Windows, I have no idea as the last time I used Windows was more than 10 years ago
Hi Adolf,
you make a great job
I think i do the new test tomorrow and examine the logs…
I am not very glad to have a windows system, but it is the only possible OS i can use my software with,
i tried debian sometimes with wine, but had not enough time and knowhow to get it working…
my servers run linux and i use a lot of pi’s for plc jobs…
Best regards georg
