OpenVPN no internet connection about utmfw HOT 6 OPEN

It's always good to hear from users.

I don't actively use OpenVPN, but your descriptions make me think:

• You never mention any OpenVPN server. Do you start openvpn with the server config on UTMFW? I guess you do, because you say that the connection is green/established.
• I guess you mean the OpenVPN section in pf.conf, not VPN, because the VPN rules are for IPsec VPN. I guess you do, because in your last comment you refer to those rules as VPN passthru. (Btw, for port configuration I guess you have already read Advanced option settings on the command line.)
• I have never used cloud servers, but I know that some containers restrict networking, so could it be something similar?
• Routing may be an issue too, as you have guessed, because if the OpenVPN server and client are connected, and if there are no issues with the pf rules, then probably the issue is with routing. Do you have any entries in the routing table on the client corresponding to the OpenVPN connection, which will route the packets over the OpenVPN connection?

But, perhaps I should test a similar setup like yours to understand what's going on. (What cloud service are you using?)

from utmfw.

Thanks for the fast answer!

• You never mention any OpenVPN server. Do you start openvpn with the server config on UTMFW?

Yes sorry forgot to write that

• I guess you mean the OpenVPN section in pf.conf, not VPN,

Yes I meant that sorry

• I have never used cloud servers, but I know that some containers restrict networking, so could it be something similar?

Hm they only block port 25 because of potential mail spam and I have no firewall enabled

• Routing may be an issue too, as you have guessed, because if the OpenVPN server and client are connected, and if there
  are no issues with the pf rules, then probably the issue is with routing. Do you have any entries in the routing table on the client corresponding to the OpenVPN connection, which will route the packets over the OpenVPN connection?

Oh do I need to add routing tables to the client? I thought the OpenVPN client software does that automatically. As said I enabled the option to send all ipv4 traffic through the VPN (which is the reason why I can't access anything on the internet if connected)

But, perhaps I should test a similar setup like yours to understand what's going on. (What cloud service are you using?)

I use Hetzner Cloud they are cheap and they were so nice to add your UTMFW iso to the installable ISOs after I requested it (normally you need to have a dedicated server for custom ISO installations)

from utmfw.

Btw I am always open for alternatives to OpenVPN as long as I can connect my clients with it from remote.

from utmfw.

Since I did not know how you tested, I asked about the routing table on the client side, I guess that's not the issue. Well, I guess my comments were not helpful at all, sorry. And I don't think I can use your cloud provider either (but it's interesting to hear that they've added the UTMFW iso among their installable isos). I don't have any other comments at the moment, but let me know if you make some progress. And do certainly let me know if this is an issue with UTMFW.

from utmfw.

Btw, another further comment, I always thought that the OpenVPN feature on UTMFW would be used to connect two UTMFW systems at remote locations, such as two offices of a company. I never thought it would be used to connect the clients to the Internet.

So, given that you connect to the OpenVPN server on UTMFW over its external interface, the connections initiated by your OpenVPN client should go out of the same external interface. That sounds interesting in terms of the pf rules and routing on UTMFW, because it seems backwards to its normal operation, i.e. the connections are expected to be initiated from the internal network running on the internal interface (which is again different from its original intention). But even so, I think it should be possible, but I cannot guess what to do unless I try it myself.

from utmfw.

Yeah as my ISP does not give me an option to use my home-firewall as a router/modem (the access to WAN is encrypted in their proprietary router) I can't use UTMFW as intended without some way to redirect traffic to it.
Btw I wrote you an Email if you want to access the server yourself.

from utmfw.