IPSec tunnel: Cannot open remote webconsole.
-
Hi Guy's,
Configured an IPsec tunnel between home and work. Working like a charm. Can ping everything on the remote site and RDP sessions working great! Just one issue that I do not get going. At our company we use a web console for our database and one web console for monitoring.
Database is running on http://10.230.252.114/icingaweb2/dashboard
Monitoring is running on http://10.230.252.125/The strange part is that I can reach the monitoring console perfectly. The Database console on the other hand is not working???
Did configure the following Nat rules;
For the record; I can ping both remote IP addresses through the tunnel.
Any ideas why the ICINGA is working and the Database console not? Checked the syntaxes for typos many times. They are the same as on the company network and working good there.
Any help would be appreciated
Kind regards,
Herman F. -
Not sure what those NAT rules are doing, you should be able to hit everything over the tunnel without any NAT rules. What error do you get on the DB web page? Maybe some goofy config on the web server side?
-
Hi Dotdash,
Thanks a lot for your reply. I really don’t know why ICINGA does work when I create the NAT rule??? Even without the NAT rule I am able to successful ping the Web console.
Here is the error witch are displayed by the Internet browser. 10.0.0.x represents my local home network and 10.230.252.x represents the remote work network;
CacheHost: localhost
ErrPage: ERR_CONNECT_FAIL
Err: (60) Operation timed out
TimeStamp: Thu, 30 Aug 2018 17:41:39 GMTClientIP: 10.0.0.50
ServerIP: 10.230.252.125HTTP Request:
GET /index.php HTTP/1.1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6
Host: 10.230.252.125Can you make any sugar of this?
Kind regards,
Herman F. -
Can't make much of it. I'd verify the gateways were correct on everything then make sure the OpenVPN rules on both firewalls were passing TCP, not just ICMP.
-
Good day Folks,
Walked everything through again to figure out what’s going wrong here.
The remote subnet is 10.230.248.0/21. When I calculate this, the amount of host will be 2046. The host range will be 10.230.248.1 till 10.230.255.254. Correct me if I am wrong but 10.230.252.125 should be reachable as well, right? Very strange that I can ping and reach 10.230.252.114 but not 10.230.252.125?
Again, when I am at work, 10.230.252.125 van be pinged and the webhost is reachable correctly.
Does this make sense to anybody?
Kind regard,
Herman F.
