[solved] IPFire as OpenVPN CLIENT

Questions to IPFire Addons.
kyentei
Posts: 2
Joined: April 19th, 2013, 1:36 pm

[solved] IPFire as OpenVPN CLIENT

Post by kyentei » April 19th, 2013, 1:39 pm

Hello all,

I'm currently struggeling to get my IPFire server working as OpenVPN client. The machine is set up inside a rather closed-down network and I would like to connect to an external server using OpenVPN.

However, all the help I can find either helps one configure the IPFire machine as an OpenVPN server or the help for a client configuration is rather limited.

Can anyone please help me out (or point me in the right direction) to get my IPFire machine working as an OpenVPN client?

Thanks in advance.

SOLVED: After running openvpn with the created configuration file:
/usr/bin/openvpn --config /var/ipfire/ovpn/client.ovpn
it created the network "tun0"

All I needed to do after that (I have a 10.13.0.0 255.255.0.0 network) is:
iptables -t nat -A POSTROUTING -s 10.13.0.0/16 -o tun0 -j MASQUERADE

to make sure all the traffic on my network (starting with a 10.13 IP address) goes through the tun0 interface
Last edited by kyentei on July 29th, 2013, 4:48 pm, edited 1 time in total.

IP_NOOB
Posts: 109
Joined: April 10th, 2012, 4:58 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by IP_NOOB » May 5th, 2013, 11:15 am

Thank you very much,

i searched for a solution like that for a long time!!!

I´m gona test it tomorrow...

arnotheripper
Posts: 22
Joined: June 25th, 2013, 6:51 am

Re: [solved] IPFire as OpenVPN CLIENT

Post by arnotheripper » July 8th, 2013, 9:04 am

Hello,

The Wiki is user/pwd protected. Could you send me the credentials?

If not, could you point me to the correct openvpn config for ipfire as a client config?

Tyia,

Regards,

AR

arnotheripper
Posts: 22
Joined: June 25th, 2013, 6:51 am

Re: [solved] IPFire as OpenVPN CLIENT

Post by arnotheripper » July 10th, 2013, 8:08 am

Did anyone add the openvpn config to the Wiki somewhere?

Tyia,

Cheers!

AR

kyentei
Posts: 2
Joined: April 19th, 2013, 1:36 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by kyentei » July 29th, 2013, 4:45 pm

Proper guide I once wrote:
Installing OpenVPN on IPFire
! By default, OpenVPN is installed on IPFire, allowing one to use it directly out of the box.
Note: Fear not, even though OpenVPN only has server configuration files, it can easily be configured as a client. Which is what I am doing here.

1. First, obtain the proper configuration file for a client. To create one, visit : this page
2. Then, put the configuration file in /var/ipfire/ovpn/ (e.g. /var/ipfire/ovpn/client.ovpn)
3. Start openvpn and point it to the client config: (/usr/bin/openvpn --config /var/ipfire/ovpn/client.ovpn)
4. Tell iptables that any host on your network should be redirected through tun0 (the interface created by openvpn) as follows: iptables -t nat -A POSTROUTING -s 10.13.0.0/16 -o tun0 -j MASQUERADE This is using the network 10.13.0.0 as network with a 255.255.0.0 subnetmask. Default networks use 192.168.1.0/24 (which is 255.255.255.0)
Now, any host on your network should be redirected through tun0
Last edited by kyentei on July 29th, 2013, 4:49 pm, edited 1 time in total.

arnotheripper
Posts: 22
Joined: June 25th, 2013, 6:51 am

Re: [solved] IPFire as OpenVPN CLIENT

Post by arnotheripper » July 30th, 2013, 9:13 am

kyentei wrote:Proper guide I once wrote:
Installing OpenVPN on IPFire
! By default, OpenVPN is installed on IPFire, allowing one to use it directly out of the box.
Note: Fear not, even though OpenVPN only has server configuration files, it can easily be configured as a client. Which is what I am doing here.

1. First, obtain the proper configuration file for a client. To create one, visit : this page
2. Then, put the configuration file in /var/ipfire/ovpn/ (e.g. /var/ipfire/ovpn/client.ovpn)
3. Start openvpn and point it to the client config: (/usr/bin/openvpn --config /var/ipfire/ovpn/client.ovpn)
4. Tell iptables that any host on your network should be redirected through tun0 (the interface created by openvpn) as follows: iptables -t nat -A POSTROUTING -s 10.13.0.0/16 -o tun0 -j MASQUERADE This is using the network 10.13.0.0 as network with a 255.255.0.0 subnetmask. Default networks use 192.168.1.0/24 (which is 255.255.255.0)
Now, any host on your network should be redirected through tun0


Thanks a lot for the info. I managed to get the OpenVPN part working, I'm gonna add the routing rules.

I'm no Network guy, but currently ipfire is configured as a DHCP server. Do I need to change things there?

Tyia,

Regards,

AR

User avatar
andremorro
Global Moderator
Global Moderator
Posts: 515
Joined: July 4th, 2012, 1:17 pm
Location: Florianópolis, SC - Brasil

Re: [solved] IPFire as OpenVPN CLIENT

Post by andremorro » July 30th, 2013, 12:06 pm

arnotheripper wrote:Hello,

The Wiki is user/pwd protected. Could you send me the credentials?



They are the same from the forum.
Last edited by andremorro on July 30th, 2013, 12:13 pm, edited 1 time in total.
Image

rsmereka
Posts: 6
Joined: August 11th, 2013, 2:10 am

Re: [solved] IPFire as OpenVPN CLIENT

Post by rsmereka » August 15th, 2013, 10:59 pm

Thanks for the guide but...

I followed the instructions. Openvpn client connects to the server and then I get:

Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)


It appears that the 'tun' device does not exist. Any ideas on how to solve this?

TIA,
Rick

jonna99
Posts: 18
Joined: May 3rd, 2011, 2:44 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by jonna99 » September 10th, 2013, 12:10 pm

Hi!

As this guide is not conclusive it would be much appreciated if someone took the time to write a proper guide, not omitting important steps.

Thanks a lot,
Jonna

chrisbrookins
Posts: 1
Joined: December 12th, 2013, 1:08 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by chrisbrookins » December 12th, 2013, 1:14 pm

full instructions to route all traffic through VPN with ipfire can be found here.

http://goo.gl/WVev6l

IP_NOOB
Posts: 109
Joined: April 10th, 2012, 4:58 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by IP_NOOB » May 28th, 2014, 3:25 pm

Hi,

i have this following solution running on my IPFire Systems for more than a year:

All I needed to do after that (I have a 10.13.0.0 255.255.0.0 network) is:
iptables -t nat -A POSTROUTING -s 10.13.0.0/16 -o tun0 -j MASQUERADE
to make sure all the traffic on my network (starting with a 10.13 IP address) goes through the tun0 interface


Since the Upgrade on Core77 with the new Firewall, this isn´t working anymore!
The OpenVPN Connection is working, but only from IPFire as the Client. The Clients behind this IPFire are ignored.
On the other IPFire with the OpenVPN Server is still Core 76 running - nothing changed!

What is the Problem???

IP_NOOB
Posts: 109
Joined: April 10th, 2012, 4:58 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by IP_NOOB » May 30th, 2014, 7:27 am

SOLVED!!!

The Problem was the outgoing Firewall. Very easy Solution ^^
The Port of the service i needed was blocked...

User avatar
H&M
Posts: 471
Joined: May 29th, 2014, 9:38 pm
Location: Europe

Re: [solved] IPFire as OpenVPN CLIENT

Post by H&M » December 10th, 2014, 9:07 pm

Hi,

My ipFIRE box is connected to a remote OpenVPN server, and from the box I can ping the remote subnet.

But none of my clients behind the ipFIRE can reach remote network.

Here are the log messages generated when a client behind ipFIRE pings one server from remote site:

Code: Select all

Dec 10 23:04:08 dmx kernel: DROP_FORWARD IN=blue0 OUT=tap0 MAC=00:f4:21:10:c5:d7:00:1c:bf:6e:0c:7c:08:00 SRC=192.168.0.18 DST=192.16.100.6 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=39199 PROTO=ICMP TYPE=8 CODE=0 ID=1024 SEQ=27906


I did created a FW rule using GUI, rule that permits from BLUE all traffic to net2net, but it seems that my rule is not eefective.


From the ipFIRE box the ping works.


My Default Firewall Behavior for Forward is ACCEPT
(Firewall -> Firewall Options -> Default Firewall Behavior)

My client is connect over WiFi (blue0 as source interface for input of the traffic)



Late edit SOLVED

Code: Select all

iptables -t nat -I POSTROUTING 1  -o tap+ -j MASQUERADE
iptables -t filter -I POLICYFWD 1 -o tap+ -j ACCEPT


My client uses TAP instead of TUN.
And because I am using both GREEN and BLUE networks I wrote the rule irrespective of the source! (cut the -s part)
The second line is needed because POLICYFWD chain doesn't allow BLUE (or GREEN) to go on tap. This is the reason I've got the DROP_FORWARD logs!
Last edited by H&M on December 12th, 2014, 8:32 am, edited 1 time in total.
Have a nice day / Bonne journée / Haben Sie einen guten Tag
H&M
Image
Image

Garp
Posts: 127
Joined: July 8th, 2014, 7:38 am
Location: The Netherlands
Contact:

Re: [solved] IPFire as OpenVPN CLIENT

Post by Garp » April 25th, 2015, 1:00 pm

I opened another topic for my specific question (viewtopic.php?f=27&t=13325)
Image
Provide some additional protection for the clients on your network in a few easy steps: viewtopic.php?f=27&t=12122&p=78219#p78219

jeldo
Posts: 4
Joined: March 1st, 2017, 4:44 pm

Re: [solved] IPFire as OpenVPN CLIENT

Post by jeldo » March 3rd, 2017, 3:23 pm

IP_NOOB wrote:SOLVED!!!

The Problem was the outgoing Firewall. Very easy Solution ^^
The Port of the service i needed was blocked...
What port is should allow and how?

I got the same problem

Post Reply