thanks! i have the router of the internet provider. I hope i can configure it or shut the firewall down. Behind the router is the ipfire as hardware-fw.
So should i allow everybody to connect to the ipfire over the port 1194? Or is there a possibility just to allow the client? Suppose not, because the client has dynamic ip. So i need i rule from the red network to the ovpn-network with the port 1194, isn’t it?
And the first thing i don’t understand (even after reading some tutorials) is, where is the ovpn-server? Is it infront of the firewall between provider router and ipfire, is it behind the ipfire or is it just within the ipfire itself? And is the ovpn-server on red or on green network?
The second one is, if the client connects to the ipfire, does it atomatically get the internal ip over the certificate?
#edit: ok, meanwhile i connected to the vpn (just needed to forwar port 1194 on the provider router to the ipfire) Within the firewall i allowed the vpn-client to connect to the red network (to get the internet connection). So it seems to work!
BUT… the client can connect to the green network, thats what i don’t want. I can make this setting in the settings for the client on the ovpn-page, but i still can connect to the green network (even after restarting the vpn-server)