ClearFoundation

Hello everyone !

Well this is my first post, and I hope this gets solved
My setup :

I have a server having the ClearOS community edition on it.
Role : Gateway
Interfaces : eth0 -> Static IP, External (192.168.2.x)
eth1 -> static IP, DHCP role, DNS role, LAN (192.168.4.x)

Problem is as follows :

From within the LAN network , I can connect the OpenVPN client correctly, no errors or whatsoever.
Whenever I change my IP to match the subnet the External interface has, and thus try to connect to (within the same physical network) interface eth0, then the connection never comes to exist.

At this point the server reports using
the following :

What might be the problem ? Is it the traffic not getting passed correctly ?
Should be as I configured the Incoming firewall to allow the OpenVPN packets.

Any help will be greatly appriciated

Feel free for requesting necessary info.

Regards

Daneo

You need to open the firewall to incoming OpenVPN packets. There is a standard service for that or you can open UDP:1194. Also, because your WAN does not have a public IP, you'll have to port forward in your gateway device to ClearOS. If your gateway device is an ADSL modem/router you could consider setting it into bridge mode and changing the ClearOS WAN type to PPPoE. That way the ClearOS WAN gets a public IP and you don't have to bother with port forwards at your modem/router.

Are you using ClearOS 5.2 or 6.x?

The external interface and my computer are physically connected to the same network, so when I give my computer an IP in the same subnet as the server, the forwarding is litterally ommitted.

The forwarding is done, but as it does not work from within the same subnet as the external interface, the forwarding has no avail.
In the 'Incoming Firewall' the standard OpenVPN service is forwarded.

The external interface is connected to my router, and from there goes to a wired-subnetwork.
When I connect to that subnetwork, everything is ok, but when I connect to the network where the clearos servers' external interface is connected, and from there attempt to open an OpenVPN session, I get the previously mentioned results.

Thanks in advance for taking the time

Currently using Clearos 6.2

I am not sure about your network and cannot fully get my head around it but I'll give it a go. When you connect via your router's network, what are you changing the "remote" line to in your client's .ovpn file?

Here is an overview of the topology :


I change the remote endpoint from the , towards the ip address, when connected in the way it is displayed above.

Otherwise, the way it works, the laptop is connected to the Switch.

Hope it clears it up a little ?

Very odd. In 5.2 you cannot connect from your LAN to the OpenVPN server, but you say you can, but you cannot connect from the WAN. Have you opened the firewall to incoming traffic on port 1194 or used the Standard Service OpenVPN?

What is the result of:

Here is the output of the command , including output and forwarding.



I used the Standard Service .

And indeed , from within , it works.
Getting a bit weird here.

It works when I forward the service, using the private IP address 192.168.4.1 as the target.

Which is rather awkward for some reason, is this the way it should be used ? Because I'm forwarding it to the server itself ..?

Edit : Seems a PPPOE session can be set up trough another PPPOE session, and as my ISP allows 2 sessions my server now has a public ip.
My question still stands about the forwarding though, why does it has to be forwarded towards the inner interface?

Can you post your /etc/openvpn/clients.conf? Put it in [ code ] tags rather than use pastebin.

Did u read my modified post above ?

Is it perhaps because there is otherwise no way to make sure the port remains closed?