Openvpn client access

tarjanyij

Hi,

I'm using openvpn for roadwarrior clients. In some case I would like to reach the client from the LAN site via VNC, but I cannot. I tried to add firewall rules to allow packets from lan to tunnel network but it didn't help.

My site details:

LAN network : 192.168.40.0/24
Tunell network : 172.26.0.0/24

Is there any way to reach the roadwarrior tunnel IP address ? In my case the tested client has 172.26.0.14 Ip address.

jimp

If it's connected, it should be reachable - whether the client itself allows the connection is up to the client.

Can you ping the client's IP when it comes up? Does the client have a firewall turned on? Does it work if you turn the client's firewall off?

johnpoz

^ I can verify this from work tmrw, I use openvpn to get into my home network from work like every day.  So I will verify access to road warrior from openvpn lan side.  But as mentioned, could be road warrior firewall, could be service you trying to access "VNC" is not bound to the openvpn IP on the client, etc.

I would for starters verify that service is bound to the openvpn IP on the roadwarrior side, and no firewalls running on client or if so that they allow connections from the vpn connections.

johnpoz

so connected in from work to my home network with openvpn

My box at works gets
ethernet adapter ovpn:

Connection-specific DNS Suffix  . :
      Description . . . . . . . . . . . : TAP-Win32 Adapter V9
      Physical Address. . . . . . . . . : 00-FF-79-1A-85-63
      Dhcp Enabled. . . . . . . . . . . : Yes
      Autoconfiguration Enabled . . . . : Yes
      IP Address. . . . . . . . . . . . : 10.0.200.6
      Subnet Mask . . . . . . . . . . . : 255.255.255.252
      Default Gateway . . . . . . . . . :
      DHCP Server . . . . . . . . . . . : 10.0.200.5
      DNS Servers . . . . . . . . . . . : 192.168.1.253
      Lease Obtained. . . . . . . . . . : Monday, December 12, 2011 10:09:42 AM
      Lease Expires . . . . . . . . . . : Tuesday, December 11, 2012 10:09:42 AM

So from linux box on my home network, I can ping that openvpn client just fine
johnpoz@ubuntu:~$ ping 10.0.200.6
PING 10.0.200.6 (10.0.200.6) 56(84) bytes of data.
64 bytes from 10.0.200.6: icmp_req=2 ttl=127 time=151 ms
64 bytes from 10.0.200.6: icmp_req=3 ttl=127 time=143 ms
64 bytes from 10.0.200.6: icmp_req=4 ttl=127 time=144 ms
64 bytes from 10.0.200.6: icmp_req=5 ttl=127 time=143 ms

johnpoz@ubuntu:~$ traceroute 10.0.200.6
traceroute to 10.0.200.6 (10.0.200.6), 30 hops max, 60 byte packets
1  pfsense.local.lan (192.168.1.253)  1.996 ms  1.780 ms  1.645 ms
2  10.0.200.6 (10.0.200.6)  289.798 ms  289.721 ms  288.214 ms

johnpoz@ubuntu:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:5e:80:04
         inet addr:192.168.1.7  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: 2001:470:xxxx:b85::200/64 Scope:Global
         inet6 addr: fe80::a00:27ff:fe5e:8004/64 Scope:Link

tarjanyij

Many thanks for all answer.

Maybe the roadwarrior Pc's firewall causes it. I will test it again. Other good tip to check vncserver binding.