Hi, I’m connecting to openvpn and pinging only the ipfire server. I can’t access other computers on the green network. Looks like I put everything together well. Ipfire IP 192.168.2.254
Hi,
indeed, it seems like you set up OpenVPN correctly.
In the third screenshot, the phrase “client has access to these networks on IPFire’s side” is perhaps a bit misleading: It means the OpenVPN client will be provided with the necessary routing information to the networks in questions, so it can reach them in theory.
However, you still need to configure a firewall rule permitting the kind of traffic (or any traffic, but that’s a bad idea in terms of security) from the OpenVPN network or client to your GREEN network.
Could you try adding such a firewall rule and report back how things go?
Thanks, and best regards,
Peter Müller
Hmmm. I don’t have a special firewall rule for VPN but I can access GREEN, BLUE and ORANGE.
And I can ping devices via IP addresses or via hostName.localdomain.
Not sure if it matters but my Default firewall behaviour are both set to Allowed.
1 Like
In the first screen I have Hash Algorithm SHA2 (512),
in the last screen DNS is empty.
No rules, I can connect with openvpn.
Hi,
oh well. Yes, I was missing this - it’s been a while since I came across an IPFire with this setting. 
@tgriksas: To ensure the firewall is not causing this, could you please…
- post a screenshot of your configured firewall rules here or
- try to contact a PC in the GREEN network via OpenVPN and see if there are hits in the firewall log?
Thanks, sorry for the confusion, and best regards,
Peter Müller
I removed the microtik and plugged in the ipfire as one. That’s the problem. Thanks for the help
Hi,
ah, I see. Didn’t know a MikroTik router was involved here as well… 
Thanks, and best regards,
Peter Müller
Hello,
I’ve been stuck here for awhile as well. WHere do I get the DNS1 address? I tried to do set it as my ipfire green address, or the extender network from my ipfire lan port out but still no luck.
Thank you
Hello,
I’ve tried to take a look at it and I had that at 8.8.8.8, I’ve tried to put that in the advance setting but still not connected.
Try pointing the DNS1 address and the GREEN Primary DNS to 192.168.0.1
Can you be more specific in what does work and what does not work?
what is the ip of your ipfire? is it 192.168.0.1 ?
You should not start DHCP from 192.168.0.1, better start from 192.168.0.10
2 Likes
Hello,
Sorry I’m not sure how to answer your question.
My internet from RED and GREEN does have internet. I created the cert, but the step when I click in the advance client option, after apply it just say disconnected. I am able to run the openVPN server though.
I hope that answer your question.
Thank you again for all of your help
Yes, my ipfire is 192.168.0.1. Oh, I’ll try to change my Green address and see what it does.
THanks for the suggestion
Hello,
Sorry I tried everything I can but I still cannot get the envelope to connect. I’ve tried to change the DNS like you have suggested.
Here are some of the attachment.
In the first screen,
fix Primary DNS 192.168.0.1 Leave Secondary DNS and NTP server blank, click Save.
In the second screen,
the Local VPN Hostname/IP expects an ip which is your public ip.
This ip shows if you select System > Home
2 Likes
Hello,
I’ve changed to your recommendation but it still didn’t work.
I can start the OpenVPN server. But what I can’t do is the connection status and control. THe Dynamic OpenVPN IP address pool cannot get connected. It just say Disconnected.
I really don’t know what else to do. I’m very grateful for your time.
please provide screenshots for
- System > Home
- Network > DNS
- Services > OpenVPN
1 Like