Hello Bernhard,
I am pretty new to the ovpn concept under IPFire, so I am trying to follow along.
As I understand it, after doing further reading, the OpenVPN server settings in IPFire are for inbound connections into the LAN using IPFire OpenVPN server as an entry point InGress into the network. I think I got it for that piece.
Also, I think I may have an understanding now on the flowchart diagram for this, whereas luani was asking if I had tried the first part of the configuration:
In this example diagram, IPFire would be the client, and the NordVPN would be the OpenVPN server. Think I have a grip on that part as well.
I have a grip, i believe, on most of this article through NordVPN.
I downloaded the configuration file .ovpn, from NordVPN, and have it staged on IPFire
- I can launch the client using #openvpn nameOfFile.ovpn and it connects without any error to the NordVPN Network.
but, the part about the POSTROUTING CHAIN in iptables seems to be giving me a little bit of grief. According to the NordVPN link instruction set I am supposed to be making a iptables entry for my network segment. In this case, I would like to have the OpenVPN Client route traffic, for both my Green LAN clients at 172.16.17.0/24 and Blue WiFi Clients at 10.10.100.0/24
The instruction set in the link says I should make the entry, as I am interpreting it as:
#iptables -t nat -A POSTROUTING -s 172.16.17.0/24 -o tun0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 10.10.100.0/24 -o tun0 -j MASQUERADE
#iptables-save
This is at the point I got chewed out later this evening, because it brought down my network when I completed these iptable entries, I initialized:
#openvpn nameOfFile.ovpn
When I tried, or anyone else tried to browse or anything else, it was hosed, so I have to cancel out of the ovpn connection. Everything immediately returned to normal afterwards.
Running the below, I could see traffic hitting the Green 172.16.17.0/24 rule, but not the Blue 10.10.100.0/24 rule, and I was testing in both locations.
#watch -d ‘iptables -t nat -L -n -v --line-number’
and the IPFire net device is there.
So a few hings I am needing to overcome and need some help understanding where I am going wrong please…
- Why is it when I start the ovpn client from command line, it locks up the traffic?
- If you look at the POSTROUTING nat entry, per NordVPN, is that a correct placement of the rule?
- Is there anything I am missing? Should know? I must be missing something very basic, thereby having huge effects when I flip the connection on.
- Why, even if it is broke 10 ways from Sunday, do I not have attempted packets on Blue, because I am also testing on Blue.
Additionally, as I mentioned, and per your thoughts on my design, I moved some stuff around and reconfigured, and yes, it does make it more simplistic to work with.
Eric