Configuring OpenVPN when NG Firewall is not at the network edge

Overview

When NG Firewall is not at the network edge, it downstream of another router or firewall which protects the network. This means, among other things, that NG Firewall does not have a public IP address or hostname, which adds complexity the process of using it as an OpenVPN server.

In order to ensure you're able to connect to your OpenVPN server, you'll need to make two changes.

1. Use manually specified address

The first configuration requirement will be specify the router or firewall that sits in front of the NG Firewall. In Config > Network > Hostname, you will choose "Use Manually Specified Address" and enter the IP/Hostname of the router or firewall in front of the NG Firewall

If you are using a Dynamic DNS service, you can also configure that option instead of selecting "Use Manually Specified Address".

2. Create an upstream port forward

The second configuration requirement will be to set a forward on the router or firewall that sits in front of the NG Firewall to the NG Firewall on port 1194. This will allow OpenVPN to connect to the NG Firewall and the network itself without being blocked by the edge router or firewall.