Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn client access

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tarjanyij
      last edited by

      Hi,

      I'm using openvpn for roadwarrior clients. In some case I would like to reach the client from the LAN site via VNC, but I cannot. I tried to add firewall rules to allow packets from lan to tunnel network but it didn't help.

      My site details:

      LAN network : 192.168.40.0/24
      Tunell network : 172.26.0.0/24

      Is there any way to reach the roadwarrior tunnel IP address ? In my case the tested client has 172.26.0.14 Ip address.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If it's connected, it should be reachable - whether the client itself allows the connection is up to the client.

        Can you ping the client's IP when it comes up? Does the client have a firewall turned on? Does it work if you turn the client's firewall off?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          ^ I can verify this from work tmrw, I use openvpn to get into my home network from work like every day.  So I will verify access to road warrior from openvpn lan side.  But as mentioned, could be road warrior firewall, could be service you trying to access "VNC" is not bound to the openvpn IP on the client, etc.

          I would for starters verify that service is bound to the openvpn IP on the roadwarrior side, and no firewalls running on client or if so that they allow connections from the vpn connections.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            so connected in from work to my home network with openvpn

            My box at works gets
            ethernet adapter ovpn:

            Connection-specific DNS Suffix  . :
                  Description . . . . . . . . . . . : TAP-Win32 Adapter V9
                  Physical Address. . . . . . . . . : 00-FF-79-1A-85-63
                  Dhcp Enabled. . . . . . . . . . . : Yes
                  Autoconfiguration Enabled . . . . : Yes
                  IP Address. . . . . . . . . . . . : 10.0.200.6
                  Subnet Mask . . . . . . . . . . . : 255.255.255.252
                  Default Gateway . . . . . . . . . :
                  DHCP Server . . . . . . . . . . . : 10.0.200.5
                  DNS Servers . . . . . . . . . . . : 192.168.1.253
                  Lease Obtained. . . . . . . . . . : Monday, December 12, 2011 10:09:42 AM
                  Lease Expires . . . . . . . . . . : Tuesday, December 11, 2012 10:09:42 AM

            So from linux box on my home network, I can ping that openvpn client just fine
            johnpoz@ubuntu:~$ ping 10.0.200.6
            PING 10.0.200.6 (10.0.200.6) 56(84) bytes of data.
            64 bytes from 10.0.200.6: icmp_req=2 ttl=127 time=151 ms
            64 bytes from 10.0.200.6: icmp_req=3 ttl=127 time=143 ms
            64 bytes from 10.0.200.6: icmp_req=4 ttl=127 time=144 ms
            64 bytes from 10.0.200.6: icmp_req=5 ttl=127 time=143 ms

            johnpoz@ubuntu:~$ traceroute 10.0.200.6
            traceroute to 10.0.200.6 (10.0.200.6), 30 hops max, 60 byte packets
            1  pfsense.local.lan (192.168.1.253)  1.996 ms  1.780 ms  1.645 ms
            2  10.0.200.6 (10.0.200.6)  289.798 ms  289.721 ms  288.214 ms

            johnpoz@ubuntu:~$ ifconfig
            eth0      Link encap:Ethernet  HWaddr 08:00:27:5e:80:04
                     inet addr:192.168.1.7  Bcast:192.168.1.255  Mask:255.255.255.0
                     inet6 addr: 2001:470:xxxx:b85::200/64 Scope:Global
                     inet6 addr: fe80::a00:27ff:fe5e:8004/64 Scope:Link

            openvpnconnection.jpg
            openvpnconnection.jpg_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              tarjanyij
              last edited by

              Many thanks for all answer.

              Maybe the roadwarrior Pc's firewall causes it. I will test it again. Other good tip to check vncserver binding.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.