Comments (6)
It's always good to hear from users.
I don't actively use OpenVPN, but your descriptions make me think:
- You never mention any OpenVPN server. Do you start openvpn with the server config on UTMFW? I guess you do, because you say that the connection is green/established.
- I guess you mean the OpenVPN section in pf.conf, not VPN, because the VPN rules are for IPsec VPN. I guess you do, because in your last comment you refer to those rules as VPN passthru. (Btw, for port configuration I guess you have already read Advanced option settings on the command line.)
- I have never used cloud servers, but I know that some containers restrict networking, so could it be something similar?
- Routing may be an issue too, as you have guessed, because if the OpenVPN server and client are connected, and if there are no issues with the pf rules, then probably the issue is with routing. Do you have any entries in the routing table on the client corresponding to the OpenVPN connection, which will route the packets over the OpenVPN connection?
But, perhaps I should test a similar setup like yours to understand what's going on. (What cloud service are you using?)
from utmfw.
Thanks for the fast answer!
- You never mention any OpenVPN server. Do you start openvpn with the server config on UTMFW?
Yes sorry forgot to write that
- I guess you mean the OpenVPN section in pf.conf, not VPN,
Yes I meant that sorry
- I have never used cloud servers, but I know that some containers restrict networking, so could it be something similar?
Hm they only block port 25 because of potential mail spam and I have no firewall enabled
- Routing may be an issue too, as you have guessed, because if the OpenVPN server and client are connected, and if there
are no issues with the pf rules, then probably the issue is with routing. Do you have any entries in the routing table on the client corresponding to the OpenVPN connection, which will route the packets over the OpenVPN connection?
Oh do I need to add routing tables to the client? I thought the OpenVPN client software does that automatically. As said I enabled the option to send all ipv4 traffic through the VPN (which is the reason why I can't access anything on the internet if connected)
But, perhaps I should test a similar setup like yours to understand what's going on. (What cloud service are you using?)
I use Hetzner Cloud they are cheap and they were so nice to add your UTMFW iso to the installable ISOs after I requested it (normally you need to have a dedicated server for custom ISO installations)
from utmfw.
Btw I am always open for alternatives to OpenVPN as long as I can connect my clients with it from remote.
from utmfw.
Since I did not know how you tested, I asked about the routing table on the client side, I guess that's not the issue. Well, I guess my comments were not helpful at all, sorry. And I don't think I can use your cloud provider either (but it's interesting to hear that they've added the UTMFW iso among their installable isos). I don't have any other comments at the moment, but let me know if you make some progress. And do certainly let me know if this is an issue with UTMFW.
from utmfw.
Btw, another further comment, I always thought that the OpenVPN feature on UTMFW would be used to connect two UTMFW systems at remote locations, such as two offices of a company. I never thought it would be used to connect the clients to the Internet.
So, given that you connect to the OpenVPN server on UTMFW over its external interface, the connections initiated by your OpenVPN client should go out of the same external interface. That sounds interesting in terms of the pf rules and routing on UTMFW, because it seems backwards to its normal operation, i.e. the connections are expected to be initiated from the internal network running on the internal interface (which is again different from its original intention). But even so, I think it should be possible, but I cannot guess what to do unless I try it myself.
from utmfw.
Yeah as my ISP does not give me an option to use my home-firewall as a router/modem (the access to WAN is encrypted in their proprietary router) I can't use UTMFW as intended without some way to redirect traffic to it.
Btw I wrote you an Email if you want to access the server yourself.
from utmfw.
Related Issues (17)
- How to set IP and Port of SSLProxy and UTMFW? HOT 2
- Questions regarding proxy/logging HOT 1
- Does this support Wireguard and/or multi-WAN/policy-routing HOT 1
- Packet Filter changes do not work HOT 2
- SSLProxy changing default certs doesn't work: "error loading CA cert from '/etc/sslproxy/ca.crt': Invalid argument Error" HOT 1
- Configuration of Webfilter produces invalid config file HOT 7
- Client-Side BEV_EVENT_ERROR HOT 13
- SSH and web gui not accessible after installation HOT 2
- Snort UTMFW preprocessor on Linux HOT 5
- SSLProxy with Squid HOT 1
- BEV_EVENT_ERROR HOT 25
- This project is pretty good and interesting but I think it needs some serious help? HOT 3
- www not working. HOT 2
- No success HOT 8
- Downloaded ISO no boot HOT 8
- Install on top of existing OpenBSD?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from utmfw.