[SOLVED] RDP to PC that is connected to external VPN...



  • Hey everyone,

    Not sure where to put this question as it could possibly be a Firewall, Routing, or OpenVPN config issue, so I thought General would be best to start.

    Here's the scenario.....I have PC that connects to an outside OpenVPN server which I can RDP to when I'm on my LAN. I also have created an OpenVPN server in pfSense so I can connect to my LAN from the internet. The issue I am having is that if I connect to my pfSense OpenVPN server, I cannot connect to my PC that is connected to the external OpenVPN server. Before I made the switch to pfSense I was able to do this on Netgear R7800 router that was flashed with DD-WRT firmware, so not sure what has changed that is now preventing me from connecting to that specific PC. Any insight would be helpful so that I can have a better understandings to how things can/should be configured. I have attach screen shots of the rules/setup for my pfSense. Thanks for your help 😁

    lan_rules.jpg

    openvpn_rule.jpg



  • I guess, your PCs firewall may block that access and your former router did masquerading on packets going out to the LAN.

    To enable masquerading on pfSense go to Firewall > NAT > Outbound. Select the hybrid mode and save it.
    Now add a new rule with these settings:
    Interface: LAN
    source: <OpenVPN server tunnel network>
    translation: interface address



  • @viragomann OMG you were right, thank you!! That did it! I've been trying to figure that out for some time. Thank you for this 🙏 🙏



  • I guess a second solution exists : inform the PC/server where to want to 'RDP' to that it should accepts connections from 'LAN' = the local network, and other networks, which can only be you, connecting to your VPN server interface.
    Or : add the IP network to the list of IP's to be accepted, if that's a possibility. This would be the best choice.



  • @Gertjan I'm confused by this answer. You're saying to add the network or IP of my VPN server on the PC itself? If so, where on the PC would I add it? One of them is a Windows 10 VM and the other is a Debian 10 VM (running xrdp). Would it be in the firewall?

    And now that I think of it, @viragomann, the one PC that connects to an external VPN server (Debian 10 VM) does not have a firewall installed/running so that wouldn't have been the issue. Regardless, your solution works.



  • @simon_lefisch said in [SOLVED] RDP to PC that is connected to external VPN...:

    the one PC that connects to an external VPN server (Debian 10 VM) does not have a firewall installed/running so that wouldn't have been the issue.

    A possible other reason for that it can be solved by the NAT method could be, that the VPN server (pfSense) is not the default gateway on the destination host.

    Yes, open up the firewall on the host is the preferred solution, but as I understood the VPN connection is only for your own purposes. In this case, the NAT is a proper workaround.
    The drawback of this is, that each connection from the VPN seems to come from pfSense on the destination device. So you're not capable to identify the real source.



  • @viragomann said in [SOLVED] RDP to PC that is connected to external VPN...:

    Yes, open up the firewall on the host is the preferred solution, but as I understood the VPN connection is only for your own purposes. In this case, the NAT is a proper workaround.

    Well like I said before, the VM I connect to does not have a firewall running.

    The drawback of this is, that each connection from the VPN seems to come from pfSense on the destination device. So you're not capable to identify the real source.

    That's ok. I have the VPN configured where I am the only user who connects to it, to the source would be me.


Log in to reply