I can't reach the green network

Hi, I’m connecting to openvpn and pinging only the ipfire server. I can’t access other computers on the green network. Looks like I put everything together well. Ipfire IP


indeed, it seems like you set up OpenVPN correctly.

In the third screenshot, the phrase “client has access to these networks on IPFire’s side” is perhaps a bit misleading: It means the OpenVPN client will be provided with the necessary routing information to the networks in questions, so it can reach them in theory.

However, you still need to configure a firewall rule permitting the kind of traffic (or any traffic, but that’s a bad idea in terms of security) from the OpenVPN network or client to your GREEN network.

Could you try adding such a firewall rule and report back how things go?

Thanks, and best regards,
Peter Müller

Hmmm. I don’t have a special firewall rule for VPN but I can access GREEN, BLUE and ORANGE.

And I can ping devices via IP addresses or via hostName.localdomain.

Not sure if it matters but my Default firewall behaviour are both set to Allowed.

1 Like

In the first screen I have Hash Algorithm SHA2 (512),
in the last screen DNS is empty.
No rules, I can connect with openvpn.


oh well. Yes, I was missing this - it’s been a while since I came across an IPFire with this setting. :smiley:

@tgriksas: To ensure the firewall is not causing this, could you please…

  • post a screenshot of your configured firewall rules here or
  • try to contact a PC in the GREEN network via OpenVPN and see if there are hits in the firewall log?

Thanks, sorry for the confusion, and best regards,
Peter Müller

I removed the microtik and plugged in the ipfire as one. That’s the problem. Thanks for the help


ah, I see. Didn’t know a MikroTik router was involved here as well… :slight_smile:

Thanks, and best regards,
Peter Müller


I’ve been stuck here for awhile as well. WHere do I get the DNS1 address? I tried to do set it as my ipfire green address, or the extender network from my ipfire lan port out but still no luck.

Thank you

I got mine from the IPFire WebGUI menu Network > DHCP Server and then grab the GREEN Primary DNS


I’ve tried to take a look at it and I had that at, I’ve tried to put that in the advance setting but still not connected.

Try pointing the DNS1 address and the GREEN Primary DNS to


I’ve tried on what you have suggested. HOwever the VPN still not connect frowning:

Can you be more specific in what does work and what does not work?


what is the ip of your ipfire? is it ?

You should not start DHCP from, better start from



Sorry I’m not sure how to answer your question.
My internet from RED and GREEN does have internet. I created the cert, but the step when I click in the advance client option, after apply it just say disconnected. I am able to run the openVPN server though.

I hope that answer your question.

Thank you again for all of your help

Yes, my ipfire is Oh, I’ll try to change my Green address and see what it does.

THanks for the suggestion


Sorry I tried everything I can but I still cannot get the envelope to connect. I’ve tried to change the DNS like you have suggested.

Here are some of the attachment.

In the first screen,
fix Primary DNS Leave Secondary DNS and NTP server blank, click Save.

In the second screen,
the Local VPN Hostname/IP expects an ip which is your public ip.
This ip shows if you select System > Home


I’ve changed to your recommendation but it still didn’t work.

I can start the OpenVPN server. But what I can’t do is the connection status and control. THe Dynamic OpenVPN IP address pool cannot get connected. It just say Disconnected.

I really don’t know what else to do. I’m very grateful for your time.

please provide screenshots for

  • System > Home
  • Network > DNS
  • Services > OpenVPN
1 Like