OpenVPN issue connecting to controller

toms88 · May 28, 2019, 2:25 PM

Hey Guys

I just this weekend installed two Ubiquiti nanoHD AP's, with the controller software running as a Linux (Ubuntu 18.04) VM on my QNAP NAS. The server is accessible internally on https://192.168.0.109:8443

I have OpenVPN configured on my PFSense router which gives me a client IP of 192.168.80.2 - From here everything looks OK, i can access the router when im on VPN, and i can reach other devices on the main 192.168.0.0/24 network, just not my Linux VM.

A try my best but im far from a networking guru so open to all ideas!

EDIT:

FYI - Although i cant ping my VM ip address (192.168.0.109) from my VPN network (192.168.80.0/24) i can ping the NAS which is the host (192.168.0.7) so im guessing its related to the network settings on the NAS or VM itself. Is there something i can test on the VM to see where the connection is being blocked?

tim.mcmanus · May 28, 2019, 2:54 PM

Is there a setting on your VM/NAS that restricts admin or any access to only the local subnet? That might be something to look for.

stephenw10 · May 28, 2019, 3:12 PM

Yeah the VM likely either has a local restriction to respond only to it's own subnet or has no default route.

You could workaround it by outbound NATing the specific traffic from the OpenVPN subnet to the VM address on LAN. But it would be better to solve it at the VM.

Steve

toms88 · May 28, 2019, 8:59 PM

Ive snooped around and asked on the QNAP forum but its not very lively.

How could i go about NATing as you decribe above? I cant find the interface options for the OpenVPN server :/

toms88 · May 28, 2019, 9:01 PM

I did use an app called linux station which basically gives you two ubuntu options, you press install and its done. Maybe i should try with the Virtualization station, a lot more options to play with in terms of virtual hw setup etc

stephenw10 · May 28, 2019, 10:12 PM

In Firewall > NAT > Outbound first switch to hybrid mode so you can add additional rules.

Then add a new rule.
Interface: LAN
Source: Network 192.168.80.0/24
Destination: Network 192.168.0.109/32
Address: Interface Address
Description: Something so you know what this is for later!

Leave everything else. Save and apply.
That will NAT the minimum traffic. You may need to open a new connection if you have tried to reach the server recently to hit the new rule.

Steve

tim.mcmanus · May 29, 2019, 3:48 AM

@toms88 said in OpenVPN issue connecting to controller:

Ive snooped around and asked on the QNAP forum but its not very lively.

How could i go about NATing as you decribe above? I cant find the interface options for the OpenVPN server :/

https://www.qnap.com/en/how-to/knowledge-base/article/why-cant-i-access-the-administration-page/

Item #2: “Please make sure that the NAS and the PC you are trying to connect from are connected to the same network switch and are on the same subnet. You may also try connecting them directly (crossover cable is not required).”