This is the scenario… I want remote access to a USB hard drive attached to a Linux client that is behind IPFire device.
External public IP is dynamic. DynDNS has been set up. Modem router has internal IP xxx.xxx.1.0/24 The router address for IPfire device is xxx.xxx.1.90. IPFire device is on subnet xxx.xxx.10.0. Linux client is behind IPfire on IP xxx.xxx.10.10. The port forwarding on the modem router has been configured to point to the IPFire device.
I have made a couple of attempts but I’m not sure what IP addresses go in the OpenVPN settings. The wiki has been of some help but I’m still a bit confused. Any suggestions please?
Also I noted that if I change the ‘OpenVPN subnet’ in the Global Settings page it reverts to a different IP after its saved.
Where in IPFire (what directory) is the .ovpn file stored? When I looked in /var/ipfire/ovpn/ the config file was empty.
Thanks
If the ovpnconfig file is empty then you have not created any client configurations in the OpenVPN WUI page.
If you are looking for the actual .ovpn files for a client, after its definition is created in the OpenVPN WUI page, then you won’t find them. They are defined on the fly when you select the icon to download the client configuration file.
OK, thank you for the information. I thought I had created the config. The server was showing in the WUI as running. I’ll keep plugging away at it.
Do you have any suggestions for which IP addresses go where in relation to my set up? Do I need to change the OpenVPN subnet in the WUI to match the subnet I use for IPFire device? You have probably gathered that I’m not a network person 
If your OpenVPN Server is running then you have defined the server which is in the
/var/ipfire/ovpn/server.conf
file.
To define your clients you then need to go to the section on the OpenVPN page titled
Connection Status and -Control
and press the add button.
This is the wiki page related to that section.
https://wiki.ipfire.org/configuration/services/openvpn/config/client_conf
However before doing that let’s look at the IP’s you mention.
The Hostname/IP that is pointed to by the green arrow should either be the Fully Qualified Domain Name (FQDN) of your red interface or the public IP that you have from your ISP. The FQDN would basically apply if you have set up a Dynamic DNS provider to give you a domain name for your IP.
The simplest approach would be to use the IP that is shown on the main page of your WUI where under Network it says INTERNET and use the IP address that is given next to that.
This presumes that you do have a public IP from your ISP and that you don’t have another router from your ISP between your IPFire and the internet connection.
Then for the OpenVPN subnet that is pointed to by the red arrow you need to use a private IP subnet.
The key thing with this subnet is that it must not overlap with the subnets used for the green, blue and/or orange subnets.
There are three ranges of private IP address ranges
- 192.168.0.0 to 192.168.255.255
- 10.0.0.0 to 10.255.255.255
- 172.16.0.0 to 172.31.255.255
Typically, but you can use any of the above, people tend to end up using IP addresses for the green, blue and orange subnets from the 192.168.xxx.xxx private IP address range.
Then the easiest thing to do for the OpenVPN subnet (red arrow) is to use a range from either the 10.xxx.xxx.xxx or 172.16.xxx.xxx range.
If you have used 192.168.xxx.xxx for your green, blue & orange then you could just use the value that is shown in the wiki.
The key thing is not to use IP addresses for the OpenVPN tunnel that are the same as used in the green, blue or orange lans.
Hope that helps.
Once you are clear on those IP’s on your system then you can follow the Client Configuration link that I gave above.
You guys are great! Thank you very much. This is just what I needed. I will have to tell Michael the donations I have made is money well spent (he hits me up every time there is a new release) 
Yes the server conf is there. I was looking for a .ovpn file which you said is created on the fly when the download icon is selected.
I guess when I get this part working I’ll be able to figure out how to specify the IP of the internal client that I want to access (behind the IPFire device)?
Mailing list… the thing that hits. He’s only the “main contractor” of the “hitlist”.
