As I’m also struggling over this issue and don’t have an existing OpenVPN client config I’d be very glad if someone could help me out with an example string for /var/ipfire/ovpn/ovpnconfig.
I already duplicated an existing entry for ipfire’s OVPN Server, but I just dont’ know what to edit and which keywords to use to make this a valid client entry. And all my tries ended in an invalid config.
Here ya go.
2,on,myName,myFullName,host,cert,,,,,,,,,,,,,,,,,,,,,myRemark,,,,,,,dynamic,,on,192.168.6.1,,,,,,,,
FYI - I have no idea what field above belongs to what field on the OpenVPN WebUI page beside the obvious above. All fields were filled in with my?????.
DNS1 = 192.168.6.1
Keep in mind that a change to the OpenVPN WebUI page will overwrite anything manually entered in the ovpnconfig file. So this is NOT recommended.
Hi Jon,
thanks for your line! I tried inserting this line and changing it according to my OVPN client but it failed also. I think I’ll activate the client on an OPNsense instance in another cluster again and try to tunnel the routing through another ipsec tunnel. Sounds weird, but seems to me much easier than wasting more time in playing around with ipfire’s broken implementation.
It doesn’t seem to be broken to me. All works as it should.
Please tell us what errors you see on the screen and what errors you see in the logs.
Screen shots and log entries are very helpful!
EDIT: I moved this to a new thread
This is just a small example OpenVPN Net-to-Net Virtual Private Network
If you have a problem importing Client Package on IPFire client OpenVPN
you can try the solution below:
On IPfire server OpenVPN
then enter proper settings
Then on IPfire client OpenVPN
then
After add connections
on IPfire server OpenVPN and on IPfire client OpenVPN
download and unzip Client Package from IPfire server OpenVPN
then replace
Effects:
on server
on client
Note: in my case, I had to use TCP protocol, but after switching to UDP it also worked.
Edit
Ovpnconfig file on server for TCP
4,on,testn2n,testn2n,net,cert,,server,,10.0.11.0/255.255.255.0,,,10.0.0.0/255.255.255.0,,,,,,,,,,,1196,,,,red,10.10.10.0/255.255.255.0,tcp,1196,,1500,,,,,,,,,AES-256-GCM
Ovpnconfig file on client for TCP
8,on,testn2n,testn2n,net,cert,,client,,10.0.0.0/255.255.255.0,,myhost.dyndns.net,10.0.11.0/255.255.255.0,,,,,,,,,,,1196,,,,red,10.10.10.0/255.255.255.0,tcp,1196,,1500,,,,,,,,,AES-256-GCM
Ovpnconfig file on server after switch to UDP
4,on,testn2n,testn2n,net,cert,,server,,10.0.11.0/255.255.255.0,,,10.0.0.0/255.255.255.0,,,,,,,,,,,1196,,,,red,10.10.10.0/255.255.255.0,udp,1196,,1500,,,,,,,,,AES-256-GCM
Ovpnconfig file on client after switch to UDP
8,on,testn2n,testn2n,net,cert,,client,,10.0.0.0/255.255.255.0,,myhost.dyndns.net,10.0.11.0/255.255.255.0,,,,,,,,,,,1196,,,,red,10.10.10.0/255.255.255.0,udp,1196,,1500,,,,,,,,,AES-256-GCM
Edit 2
Important Note: These numbers (8,4) may be different on other IPFires
Edit 3
Content of testn2n.conf file on the server
# IPFire n2n Open VPN Server Config by ummeegge und m.a.d
# User Security
user nobody
group nobody
persist-tun
persist-key
script-security 2
# IP/DNS for remote Server Gateway
float
# IP adresses of the VPN Subnet
ifconfig 10.10.10.1 10.10.10.2
# Client Gateway Network
route 10.0.0.0 255.255.255.0
up "/etc/init.d/static-routes start"
# tun Device
dev tun
#Logfile for statistics
status-version 1
status /var/run/openvpn/testn2n-n2n 10
# Port and Protokol
port 1196
proto udp
# Paketsize
tun-mtu 1500
mssfix 0
# Auth. Server
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
# Cipher
cipher AES-256-GCM
tls-version-min 1.2
# Debug Level
verb 3
# Tunnel check
keepalive 10 60
# Start as daemon
daemon testn2nn2n
writepid /var/run/testn2nn2n.pid
# Activate Management Interface and Port
management localhost 1196
Content of testn2n.conf file on the client
# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d
#
# User Security
user nobody
group nobody
persist-tun
persist-key
script-security 2
# IP/DNS for remote Server Gateway
remote myhost.dyndns.net
float
# IP adresses of the VPN Subnet
ifconfig 10.10.10.2 10.10.10.1
# Server Gateway Network
route 10.0.11.0 255.255.255.0
up "/etc/init.d/static-routes start"
# tun Device
dev tun
#Logfile for statistics
status-version 1
status /var/run/openvpn/testn2n-n2n 10
# Port and Protokol
port 1196
proto udp
# Paketsize
tun-mtu 1500
mssfix 0
remote-cert-tls server
# Auth. Client
tls-client
# Cipher
cipher AES-256-GCM
pkcs12 /var/ipfire/ovpn/certs/testn2n.p12
tls-version-min 1.2
# Debug Level
verb 3
# Tunnel check
keepalive 10 60
# Start as daemon
daemon testn2nn2n
writepid /var/run/testn2nn2n.pid
# Activate Management Interface and Port
management localhost 1196
Below are the differences in the contents of the testn2n.conf files, between the TCP and UDP settings.
Just as pointed out in the original thread, the import of OVPN client package is currently broken.
Adding an OVPN client configuration manually doesn’t work for me as I need to edit a configuration file without knowledge about the syntax.
Thanks for your effort to point all steps out but I don’t have an IPfire to IPfire OVPN connection but my IPfire is cleint and server is an external endpoint (don’t know which model). I got a zip file with a .ovpn file containing also certificates and private key. So I first had to build a pkcs12 file out of the certificates, generate a new config file and pack it in a zip. So there are many steps where I could have done wrong. But I looked at a generated client package from my IPfire and tried my best to build same structure.
