OPENVPN Net2Net Basics Request Assist

If there is already a complete step by step idiots guide with detailed instructions, please provide a link, but I am getting conflicting information thus far. I do not need RoadWarrior VPN, but that is most of what I am finding.

1.) I am using NordVPN OpenVPN Configuration
2.) I modified the ovpn file to include my username/password
3.) I am confused about where to put the ovpn file
4.) I was able to lauch the ovpn file successfully from cli using openvpn name_of_file
5.) Does this screen have to be filled out?


6.) I generated the PKI

7.) I made the requested POSTROUTING entry in the iptables, but I am not sure how to write out the entry into startup configuration. When I reboot it isn’t there anymore.
8.) Please see the NordVPN instructions at https://support.nordvpn.com/Connectivity/Linux/1047411172/How-to-configure-IPFire-firewall.htm

How does this OpenVPN screen tie to the actual ovpn file? How can I get it to automatically start at boot-time.

Thanks,

Eric

You should read this:

I think firewall.local would be the right place for this.

It doesn’t really. This is mainly a VPN server, not a client.
Have you tried the first method mentioned on this wiki page? wiki.ipfire.org - OpenVPN alternative configurations

Yea, none of that is what I am looking for, but thank you for pointing it out. I am only looking for network 2 network, not Roadwarrior Server on IPFire, or Client to OpenVPN server.

Your N2N to NordVPN server makes IPFire to VPN client.
Therefore the cited wiki articles should help.

Hi Bernhard,

I have to catch up on the responses, as I have been plowed with work tasks, but I am still trying to figure out how the above Global settings screen ties into the use of any opvn setup.

Is the only time this screen is of use, when you manually configure an openvpn client within the GUI? If so, where does the configuration files land in the linux folder structure?

Just trying to figure out if I can control openvpn, Nord, via the little checkbox “OpenVPN on Red”, so I can turn it on and off as necessary.

If that isn’t possible, does that mean it will have to always be initialized via script?

Let me know.

Eric

Hello Bernhard,

I am pretty new to the ovpn concept under IPFire, so I am trying to follow along.

As I understand it, after doing further reading, the OpenVPN server settings in IPFire are for inbound connections into the LAN using IPFire OpenVPN server as an entry point InGress into the network. I think I got it for that piece.

Also, I think I may have an understanding now on the flowchart diagram for this, whereas luani was asking if I had tried the first part of the configuration:

In this example diagram, IPFire would be the client, and the NordVPN would be the OpenVPN server. Think I have a grip on that part as well.

I have a grip, i believe, on most of this article through NordVPN.

I downloaded the configuration file .ovpn, from NordVPN, and have it staged on IPFire

  1. I can launch the client using #openvpn nameOfFile.ovpn and it connects without any error to the NordVPN Network.

but, the part about the POSTROUTING CHAIN in iptables seems to be giving me a little bit of grief. According to the NordVPN link instruction set I am supposed to be making a iptables entry for my network segment. In this case, I would like to have the OpenVPN Client route traffic, for both my Green LAN clients at 172.16.17.0/24 and Blue WiFi Clients at 10.10.100.0/24

The instruction set in the link says I should make the entry, as I am interpreting it as:
#iptables -t nat -A POSTROUTING -s 172.16.17.0/24 -o tun0 -j MASQUERADE
#iptables -t nat -A POSTROUTING -s 10.10.100.0/24 -o tun0 -j MASQUERADE
#iptables-save

This is at the point I got chewed out later this evening, because it brought down my network when I completed these iptable entries, I initialized:

#openvpn nameOfFile.ovpn

When I tried, or anyone else tried to browse or anything else, it was hosed, so I have to cancel out of the ovpn connection. Everything immediately returned to normal afterwards.

Running the below, I could see traffic hitting the Green 172.16.17.0/24 rule, but not the Blue 10.10.100.0/24 rule, and I was testing in both locations.
#watch -d ‘iptables -t nat -L -n -v --line-number’

and the IPFire net device is there.

So a few hings I am needing to overcome and need some help understanding where I am going wrong please…

  1. Why is it when I start the ovpn client from command line, it locks up the traffic?
  2. If you look at the POSTROUTING nat entry, per NordVPN, is that a correct placement of the rule?
  3. Is there anything I am missing? Should know? I must be missing something very basic, thereby having huge effects when I flip the connection on.
  4. Why, even if it is broke 10 ways from Sunday, do I not have attempted packets on Blue, because I am also testing on Blue.

Additionally, as I mentioned, and per your thoughts on my design, I moved some stuff around and reconfigured, and yes, it does make it more simplistic to work with.

Eric