I configured the ovpn-server and client, but get no connection.
"TLS key negotiation failed to occur within 60 sec (check your network connectivity)
“TLS handshake failed”
And i think, the problem is, that there are no firewall rules for this vpn process.
But what rules do I need for that?
I have one client, that should just use the internet connection of the ipfire over vpn.
Do you have any other firewalls in front of IPFire? A router or something familiar? You have to port forward (UDP or TCP 1194 default) to you openvpn server.
thanks! i have the router of the internet provider. I hope i can configure it or shut the firewall down. Behind the router is the ipfire as hardware-fw.
So should i allow everybody to connect to the ipfire over the port 1194? Or is there a possibility just to allow the client? Suppose not, because the client has dynamic ip. So i need i rule from the red network to the ovpn-network with the port 1194, isn’t it?
And the first thing i don’t understand (even after reading some tutorials) is, where is the ovpn-server? Is it infront of the firewall between provider router and ipfire, is it behind the ipfire or is it just within the ipfire itself? And is the ovpn-server on red or on green network?
The second one is, if the client connects to the ipfire, does it atomatically get the internal ip over the certificate?
#edit: ok, meanwhile i connected to the vpn (just needed to forwar port 1194 on the provider router to the ipfire) Within the firewall i allowed the vpn-client to connect to the red network (to get the internet connection). So it seems to work!
BUT… the client can connect to the green network, thats what i don’t want. I can make this setting in the settings for the client on the ovpn-page, but i still can connect to the green network (even after restarting the vpn-server)
To disable the firewall within router is NOT recommend. Please port forward necessary ports only! TCP:1194 or UDP:1194 depended on your open-vpn server(find here: Services > OpenVPN: Protocol and Destination port).
Within router you have to open from all to red-IP-of-IPFire(protocol)TCP/UDP:portnumber. No rules within IPFire are necessary.
hmm… if i make no rule in the ipfire firewall, i can not connect to the internet. But then i can even connect to the ipfire itself on the GREEN, what is bad. Although i just give the rule for the RED-network.
i forwarded 1194 udp on the provider router from all to the RED-ipfire.
The client becomes the ip from the ovpn-range 10. …
by the way, is the ovpn-server normally on the green network?