I have set up an SSL VPN using 2 Draytek 2860 routers. Connection is fine and I can see and ping all connected IPs
Except 1 IP, My SIP server IP. I can ping it locally, but not remotely via SSL VPN.
I can login to remote router also once connected. Am I missing something or should I be able to see it.
Thanks :)
I found the issue
i had "From first subnet to remote network, you have to do"
Set to Route, Changed to NAT all good now :)
Related
What I'm trying to achieve is:
Connect to a VPN as client and route all my internal network's traffic over the VPN.
Run a VPN server, so that people from outside can connect to my internal network and get routed over the a.m. VPN client.
I'm trying to achieve that with a router running dd-wrt (netgear D6200), and / or a raspberry pi.
Can someone tell me if this can be achieved, and if, direct me to what would be a possible solution?
(I'm not looking for a tutorial, just a direction)
Thanks!
This thread probably does not belong here.
Consider using OpenWRT instead of dd-wrt. OpenWRT gives you a usable build system and easier to customize and build. I am not advocating OpenWRT. This can be a stop gap measure.
You can setup a OpenVPN server and OpenVPN client using the standard
documentation available on OpenWRT Wiki and also OpenVPN site.
Add to OpenVPN server.conf the following directive redirect-gateway def1. This will push the default gateway to clients connecting to OpenVPN server. Further, make sure you are using a unique network IP pool for VPN clients and does not clash with the remove VPN server.
Make sure you are masquerading the VPN traffic (Clients of local VPN server) before forwarding to remove VPN server. This can be tricky as this interface does not exist at boot time. It needs to be configured using up and down scripts
Make sure you are allowing traffic (clients of local VPN Server) on VPN interface to be forwarded in your firewall rules
Before setting up the OpenVPN server, make sure
The remove VPN server is pushing the default gateway to your VPN
client
You have setup the firewall correctly
You are able to reach the cloud through the Remote VPN Server. Checking with some site like www.whatismyip.com will help
Yes this is possible with dd-wrt on Netgear.
There is no need of Raspberry (unless you meant to run the remote VPN server on it).
Configure and run VPN server on dd-wrt - and try connectivity by connecting clients. Both tun/tap should work in general (with VPN client running). I tested with tun.
Configure and run VPN client on dd-wrt and try connecting to your VPN server. By default, the router should start directing all traffic (for its own LAN clients) via the VPN server.
So far so good.
The problem comes when you want dd-wrt's VPN clients (and not just LAN clients) to take the same route. With a VPN client running on dd-wrt, dd-wrt's own VPN clients will not be able to connect to the VPN server running on dd-wrt as such. To make it work, see below.
This is only possible via PBR - i.e. you run VPN client on dd-wrt, but take the router itself off this client, and route only specific clients through this VPN client running on dd-wrt.
With some tweaks using subnet masks, it is possible to include all your LAN and VPN IPs in the PBR policy so that everything (except the router itself) routes through the remote VPN server.
The key is to include dd-wrt's VPN clients' virtual IPs in the PBR. While configuring VPN server on dd-wrt, there is a field for specifying the clients' network and netmask.
If you use this network IP and netmask in client process's PBR policy, your (dd-wrt's) VPN clients will be able to connect to the VPN server running on dd-wrt, and will in turn be routed through the remote VPN server to which dd-wrt is connected as a client.
I am having some trouble allowing my 2wire router (provided by AT&T to forward certain ports.
I have a raspberry pi running subsonic (a music server) and I would like to access it from the outside internet. I have configured the pi with a static LAN IP address and have opened the specified ports (4040 and 80) on both TCP and UDP. I have also confirmed the service is active and is listening on the specified ports via netstat.
When I attempt to connect, however, from my WAN IP I am confronted with a connection refused dialog. Checking the firewall logs on my router, I see this message
IN=br1 MAC=--:--:--:--:--:-- SRC=(my computer IP) DST=(My WAN IP) LEN=40 TTL=240 PROTO=TCP DPT=5060 Unknown inbound session stopped
It appears that my firewall is still blocking the external connection. What strikes me as odd is, although I am unable to connect I can still see that the port is open from an outside port scanner. Using the service provided from http://www.yougetsignal.com/tools/open-ports/ I have confirmed that my IP has port 4040 to be open.
Once again, I have confirmed that the service is indeed listening on the raspberry pi, setup a static LAN address and created the protocol for both TCP and UDP....
Any help on this matter would be greatly appreciated.
Thanks in advance!
Ok so for whatever reason it was working all along. Apparently it was just getting confused by me trying to connect to my own router. I confirmed this by connecting to the server via 4G on my phone.
Dumb mistake by me.
Thanks fellows, here's my question.
I have a FTP server running on my PC behind a router. Let's say its IP Address is 192.168.1.2
My public IP Address which is the IP I set in my Router is let's say it's 137.132.228.27
How I should I access my FTP server from Internet?
Normally people use port forwarding. Forward port 21(the FTP port) to my PC. But in my case the Router which is the property of university is out of my control so how can I access my FTP server with the two IP addresses given above.
Thanks
Linus
In this case you can only run FTP server for(accessible from) local Computers. not the computers from the internet. Unless you forward ports to your pc(that you mentioned you can not so its not possible)
As others have suggested, getting a Dropbox account is probably the simplest solution.
If you can't get your university IT admins to set up the port forwarding, then you may not be able to connect to it.
I have a simple requirement of hosting a webserver on my computer. But unfortunately, the internet connection provided by my employer has only ports 21 & 80 open. Rest of all the ports are closed. I tried port forwarding for ports 80 and 21 but they are already in use by my employer itself. So, is there any other way of hosting a webserver on my computer?
P.S.: I am on linux with Apache.
Does the firewall run an HTTP proxy, or is it just a simple port forwarder? If it's a proxy, it may be able to forward to different internal IPs based on the Host: header, similar to the way virtual web hosts operate.
If not, you won't be able to use these ports. A NAT router can forward a port to only one IP. If hosting the webserver is a job requirement, as you say, you should be able to contact the network administrator and get another port opened for it. If they won't do it on your request, your manager should be able to confirm the requirement.
I have a working SSL server implementation, but the problem is that the server is visible only for devices in my local network, and can't be accessed from outside.
Is this a common problem for servers, or have I done something wrong? Could it be my Linux distribution limiting the visibility?
Best regards,
Rat
If you are behind a NAT firewall which most modem/router/switch all-in-one boxes use, then you will need to set up port forwarding on the router.
Port forwarding allows an incoming connection on a port on the WAN side of the modem/router to get forwarded to a LAN computer.
See http://portforward.com/ for help setting up port forwarding.