IPSec tunnel: Cannot open remote webconsole.



  • Hi Guy's,

    Configured an IPsec tunnel between home and work. Working like a charm. Can ping everything on the remote site and RDP sessions working great! Just one issue that I do not get going. At our company we use a web console for our database and one web console for monitoring.

    Database is running on http://10.230.252.114/icingaweb2/dashboard
    Monitoring is running on http://10.230.252.125/

    The strange part is that I can reach the monitoring console perfectly. The Database console on the other hand is not working???

    Did configure the following Nat rules;

    0_1535652652927_0cd0a054-ca42-4bb3-b37d-c273819f7a0c-image.png

    For the record; I can ping both remote IP addresses through the tunnel.

    Any ideas why the ICINGA is working and the Database console not? Checked the syntaxes for typos many times. They are the same as on the company network and working good there.

    Any help would be appreciated

    Kind regards,
    Herman F.



  • Not sure what those NAT rules are doing, you should be able to hit everything over the tunnel without any NAT rules. What error do you get on the DB web page? Maybe some goofy config on the web server side?



  • Hi Dotdash,

    Thanks a lot for your reply. I really don’t know why ICINGA does work when I create the NAT rule??? Even without the NAT rule I am able to successful ping the Web console.

    Here is the error witch are displayed by the Internet browser. 10.0.0.x represents my local home network and 10.230.252.x represents the remote work network;

    CacheHost: localhost
    ErrPage: ERR_CONNECT_FAIL
    Err: (60) Operation timed out
    TimeStamp: Thu, 30 Aug 2018 17:41:39 GMT

    ClientIP: 10.0.0.50
    ServerIP: 10.230.252.125

    HTTP Request:
    GET /index.php HTTP/1.1
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
    Accept-Encoding: gzip, deflate
    Accept-Language: nl-NL,nl;q=0.9,en-US;q=0.8,en;q=0.7,de;q=0.6
    Host: 10.230.252.125

    Can you make any sugar of this?

    Kind regards,
    Herman F.



  • Can't make much of it. I'd verify the gateways were correct on everything then make sure the OpenVPN rules on both firewalls were passing TCP, not just ICMP.



  • Good day Folks,

    Walked everything through again to figure out what’s going wrong here.

    The remote subnet is 10.230.248.0/21. When I calculate this, the amount of host will be 2046. The host range will be 10.230.248.1 till 10.230.255.254. Correct me if I am wrong but 10.230.252.125 should be reachable as well, right? Very strange that I can ping and reach 10.230.252.114 but not 10.230.252.125?

    Again, when I am at work, 10.230.252.125 van be pinged and the webhost is reachable correctly.

    Does this make sense to anybody?

    Kind regard,
    Herman F.