I am able to connect to the server through SSH. Pings and traceroutes from the server go fine.
First,
Code: Select all
$ uname -a
Linux freedombox 6.1.0-13-armmp-lpae #1 SMP Debian 6.1.55-1 (2023-09-29) armv7l GNU/Linux
OpenVpn configuration
Code: Select all
$ cat /etc/openvpn/server/freedombox.conf
port 1194
proto udp
# proto udp6
dev tun
# client-to-client
ca /etc/openvpn/freedombox-keys/pki/ca.crt
cert /etc/openvpn/freedombox-keys/pki/issued/server.crt
key /etc/openvpn/freedombox-keys/pki/private/server.key
dh none
server 10.91.0.0 255.255.255.0
keepalive 10 120
verb 3
log-append openvpn.log
tls-server
tls-version-min 1.2
cipher AES-256-CBC
script-security 2
Interfaces
Code: Select all
$ cat /etc/NetworkManager/system-connections/tun0.nmconnection
[connection]
id=tun0
uuid=6aef5d32-b9a2-476a-9e84-c5b93a499c98
type=tun
autoconnect=false
interface-name=tun0
timestamp=1699982689
[tun]
[ipv4]
method=auto
[ipv6]
addr-gen-mode=default
method=disabled
[proxy]
Code: Select all
$ nmcli device show tun0
GENERAL.DEVICE: tun0
GENERAL.TYPE: tun
GENERAL.HWADDR: (unknown)
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected (externally))
GENERAL.CONNECTION: tun0
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/33
IP4.ADDRESS[1]: 10.91.0.1/32
IP4.GATEWAY: --
IP4.ROUTE[1]: dst = 10.91.0.2/32, nh = 0.0.0.0, mt = 0
IP4.ROUTE[2]: dst = 10.91.0.0/24, nh = 10.91.0.2, mt = 0
IP6.ADDRESS[1]: fe80::cc20:a4fd:7603:7dd0/64
IP6.GATEWAY: --
IP6.ROUTE[1]: dst = fe80::/64, nh = ::, mt = 256
Code: Select all
$ sudo firewall-cmd --zone=internal --list-all
internal (active)
target: default
icmp-block-inversion: no
interfaces: tun1 tun2 tun3 tun4 tun5 tun6 tun7
sources:
services: dhcp dhcpv6-client dns http https mdns samba-client ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ sudo firewall-cmd --zone=external --list-all
external (active)
target: default
icmp-block-inversion: no
interfaces: end0 tun0
sources:
services: http https openvpn ssh
ports:
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Any suggestion on what else to look for is greatly appreciated.