Openvpn client access



  • Hi,

    I'm using openvpn for roadwarrior clients. In some case I would like to reach the client from the LAN site via VNC, but I cannot. I tried to add firewall rules to allow packets from lan to tunnel network but it didn't help.

    My site details:

    LAN network : 192.168.40.0/24
    Tunell network : 172.26.0.0/24

    Is there any way to reach the roadwarrior tunnel IP address ? In my case the tested client has 172.26.0.14 Ip address.


  • Rebel Alliance Developer Netgate

    If it's connected, it should be reachable - whether the client itself allows the connection is up to the client.

    Can you ping the client's IP when it comes up? Does the client have a firewall turned on? Does it work if you turn the client's firewall off?


  • LAYER 8 Global Moderator

    ^ I can verify this from work tmrw, I use openvpn to get into my home network from work like every day.  So I will verify access to road warrior from openvpn lan side.  But as mentioned, could be road warrior firewall, could be service you trying to access "VNC" is not bound to the openvpn IP on the client, etc.

    I would for starters verify that service is bound to the openvpn IP on the roadwarrior side, and no firewalls running on client or if so that they allow connections from the vpn connections.


  • LAYER 8 Global Moderator

    so connected in from work to my home network with openvpn

    My box at works gets
    ethernet adapter ovpn:

    Connection-specific DNS Suffix  . :
          Description . . . . . . . . . . . : TAP-Win32 Adapter V9
          Physical Address. . . . . . . . . : 00-FF-79-1A-85-63
          Dhcp Enabled. . . . . . . . . . . : Yes
          Autoconfiguration Enabled . . . . : Yes
          IP Address. . . . . . . . . . . . : 10.0.200.6
          Subnet Mask . . . . . . . . . . . : 255.255.255.252
          Default Gateway . . . . . . . . . :
          DHCP Server . . . . . . . . . . . : 10.0.200.5
          DNS Servers . . . . . . . . . . . : 192.168.1.253
          Lease Obtained. . . . . . . . . . : Monday, December 12, 2011 10:09:42 AM
          Lease Expires . . . . . . . . . . : Tuesday, December 11, 2012 10:09:42 AM

    So from linux box on my home network, I can ping that openvpn client just fine
    johnpoz@ubuntu:~$ ping 10.0.200.6
    PING 10.0.200.6 (10.0.200.6) 56(84) bytes of data.
    64 bytes from 10.0.200.6: icmp_req=2 ttl=127 time=151 ms
    64 bytes from 10.0.200.6: icmp_req=3 ttl=127 time=143 ms
    64 bytes from 10.0.200.6: icmp_req=4 ttl=127 time=144 ms
    64 bytes from 10.0.200.6: icmp_req=5 ttl=127 time=143 ms

    johnpoz@ubuntu:~$ traceroute 10.0.200.6
    traceroute to 10.0.200.6 (10.0.200.6), 30 hops max, 60 byte packets
    1  pfsense.local.lan (192.168.1.253)  1.996 ms  1.780 ms  1.645 ms
    2  10.0.200.6 (10.0.200.6)  289.798 ms  289.721 ms  288.214 ms

    johnpoz@ubuntu:~$ ifconfig
    eth0      Link encap:Ethernet  HWaddr 08:00:27:5e:80:04
             inet addr:192.168.1.7  Bcast:192.168.1.255  Mask:255.255.255.0
             inet6 addr: 2001:470:xxxx:b85::200/64 Scope:Global
             inet6 addr: fe80::a00:27ff:fe5e:8004/64 Scope:Link




  • Many thanks for all answer.

    Maybe the roadwarrior Pc's firewall causes it. I will test it again. Other good tip to check vncserver binding.


Log in to reply