Openvpn client access
-
Hi,
I'm using openvpn for roadwarrior clients. In some case I would like to reach the client from the LAN site via VNC, but I cannot. I tried to add firewall rules to allow packets from lan to tunnel network but it didn't help.
My site details:
LAN network : 192.168.40.0/24
Tunell network : 172.26.0.0/24Is there any way to reach the roadwarrior tunnel IP address ? In my case the tested client has 172.26.0.14 Ip address.
-
If it's connected, it should be reachable - whether the client itself allows the connection is up to the client.
Can you ping the client's IP when it comes up? Does the client have a firewall turned on? Does it work if you turn the client's firewall off?
-
^ I can verify this from work tmrw, I use openvpn to get into my home network from work like every day. So I will verify access to road warrior from openvpn lan side. But as mentioned, could be road warrior firewall, could be service you trying to access "VNC" is not bound to the openvpn IP on the client, etc.
I would for starters verify that service is bound to the openvpn IP on the roadwarrior side, and no firewalls running on client or if so that they allow connections from the vpn connections.
-
so connected in from work to my home network with openvpn
My box at works gets
ethernet adapter ovpn:Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-79-1A-85-63
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.200.6
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.200.5
DNS Servers . . . . . . . . . . . : 192.168.1.253
Lease Obtained. . . . . . . . . . : Monday, December 12, 2011 10:09:42 AM
Lease Expires . . . . . . . . . . : Tuesday, December 11, 2012 10:09:42 AMSo from linux box on my home network, I can ping that openvpn client just fine
johnpoz@ubuntu:~$ ping 10.0.200.6
PING 10.0.200.6 (10.0.200.6) 56(84) bytes of data.
64 bytes from 10.0.200.6: icmp_req=2 ttl=127 time=151 ms
64 bytes from 10.0.200.6: icmp_req=3 ttl=127 time=143 ms
64 bytes from 10.0.200.6: icmp_req=4 ttl=127 time=144 ms
64 bytes from 10.0.200.6: icmp_req=5 ttl=127 time=143 msjohnpoz@ubuntu:~$ traceroute 10.0.200.6
traceroute to 10.0.200.6 (10.0.200.6), 30 hops max, 60 byte packets
1 pfsense.local.lan (192.168.1.253) 1.996 ms 1.780 ms 1.645 ms
2 10.0.200.6 (10.0.200.6) 289.798 ms 289.721 ms 288.214 msjohnpoz@ubuntu:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:5e:80:04
inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:470:xxxx:b85::200/64 Scope:Global
inet6 addr: fe80::a00:27ff:fe5e:8004/64 Scope:Link
-
Many thanks for all answer.
Maybe the roadwarrior Pc's firewall causes it. I will test it again. Other good tip to check vncserver binding.