i’ve already set up my OpenVPN server and am now generating the OVPN certificates for my collaborators. However, when they import the OVPN file into the Open VPN Connect app, it gives a timeout, and i get this internal error. What could it be? i’ve already updated the server and tried different versions of Open VPN, and it doesn’t work.
Hallo @stone3
Welcome to the IPFire community.
This post has a tutorial on connecting with the OpenVPN Connect App.
It may no longer be fully working as the OpenVPN Connect App has removed the use of the .p12 container to hold the key and the pem files.
This more recent post also has a user that got the OpenVPN Connect App connection working.
That user, @ritchie might be able to help you with more details of the steps they took to achieve that.
Which operating system are you using to connect to the OpenVPN server?
thank you @bonnietwin!
ubuntu 22.04 for my server and android for my device
This error message (in my experince) most often means that one side (either the client or the server) is set up for TLS auth, but the other side is not.
Edit:
Check both configs and fix this problem.
To add it to a client
Copy the file /etc/openvpn/ta.key from the server to the client
and then edit /etc/openvpn/myVpn.conf
# If a tls-auth key is used on the server
# then every client must also have the key.
tls-auth ta.key 1
The server should be on your IPFire system.
Why are you not using the OpenVPN server in IPFire?
4 Likes
I don’t know, but I never used openVpn on a router, why do people put these programs on the router?
Why have a open port for every VPN connection?
the question is rather: why do we should support OpenVPN problems on “foreign” OS
if OpenVPN on IPfire is not working you can AND should ask for help here
If there are problems on other systems, please ask in the appropriate forum
Sorry, but that’s my sight of View ^^
2 Likes
I think that if your OpenVpn server is behind IPFire you need to forward UDP port 1194 to it.
Its better to have the vpn open port routed to a DMZ server than the edge device hosting it. Its only been these past few decades people put them on the edge device when they don’t have a DMZ zone in their router.
The only thing about hosting vpn on orange with ipfire, you have to manually assign an ip address of the vpn remote network pool to the orange interface and create a firewall group for that remote network to be applied to firewall rules to network to the other color network zones.
It always boils down with flexibility, but some people don’t want to bog down their router to service VPNs. In some instances its nicer to have them separate. In a company environment where the VPNs are managed by a separate person it might be needed.
Sometimes evaluation is needed to look at how people want to use or apply technologies even though sometimes its difficult to find the reasoning for this. I have my own set of ‘just why’. One is running ipfire in a VM. Just get a motherboard that has ipmi and have a hardware based hypervisor.
If its just for KVM, a PiKVM card works well for this.