I have created my own VPN service on one my VPS servers and logged in using the configuration files, i was wondering is there an easy/straight forward way to connect to my openvpn service for my community with a naive technical background.
Thanks,
Related
If I peer two Bastion VMs via VNet, and run a web application on one VM, will I be able to access its REST url from the other VM? Is there a charge involved for this type of access?
Sorry that I couldn't find it in me to understand all that jargon about ingress, egresss and gateways. I just want the simple answer to my question.
I'm really bad with networking things, but i tried today to set-up an OpenVPN server using GCP Marketplace following this tutorial:
https://openvpn.net/vpn-server-resources/google-cloud-platform-byol-instance-quick-launch-guide/
When trying to connect using OpenVPN Client on Windows 10, the connection seems ok but no traffic is redirected trough the VPN.
What i try to acheive is to route all the traffic from my Windows 10 computer trough the OpenVPN Server.
I think it's just about a settings on the server/client but i can't seem to understand while searching for a solution.
Thanks for the help!
Jimmy
I finally found the answer myself.
It was just a configuration to do in the OpenVPN web admin interface to ask the server to re-route all traffic.
I had another issue with DNS, so i did setup DNS manually in the admin interface.
Cheers.
Jimmy
I've setup neo4j on port 7474 on a Rackspace cloud server. I want to access this server from another Rackspace cloud server (appserver) but the connection is refused.
I've tried enabling access for the appserver to port 7474 on the neo4j server using ufw:
sudo ufw allow from 22.234.298.297 to any port 7474
I can see this rule when I run 'ufw staus' but it doesn't seem to make any difference when I try to connect to the appserver. I can ssh between these two servers.
How do I open port 7474 between cloud servers on Rackspace?
(my apologies for this very basic question but rackspace support are not helping and I cant find rackspace specific information on this)
Glad, we could solve the problem (see comments on the question).
It so happens that Neo4j accepts only connections from localhost per default. When trying to gain access to Neo4j via REST API from an app server within the same network, one has to configure the Neo4j server to open up.
The neo4j-server.properties configuration file has a configuration key with org.neo4j.server.webserver.address. You have a couple of options here.
Grant app servers in the same local network to consume the Neo4j REST API
Grant everybody access and let the firewall handle it
For the first case, use the local ip address of the machine where Neo4j is running. Let's say your machines are connected via a private class C network. The machine with Neo4j has an ip 192.168.1.4 - that's the ip you want to enter as the value in org.neo4j.server.webserver.address, so your app server running in the same network with maybe an ip of 192.168.1.5 can make network requests that are being answered by the Neo4j web server.
For the second case, you enter 0.0.0.0 as value for org.neo4j.server.webserver.address to denote that you want to accept connections on all available ip addresses on that machine. In that case you want to set up your firewall to handle permissions who can talk to the server and who doesn't - even with authentication enabled.
Extra
In a production environment that requires high availability, one can use Neo4j's enterprise edition with a high availability cluster in a master-slave setting. I've used in with one master and two slaves. I configured the Neo4j servers that they can only be accessed from the proxy server that routes writing cypher queries to the master, and reading queries to the slaves. The proxy itself had a hardware firewall on it to ensure only specific app servers within the network have access to the Neo4j database.
I have a zentyal in a vps in the internet that I use to connect some companies with their external offices, so far with windows this is not a problem I connect the windows server to zentyal via openvpn client and configure as many openvpn clients as external offices that they have and they work perfectly but when I try to connect same way using zentyal in a company it fails, I mean I can check the option that states allow zentyal to zentyal tunnel. ok the server of the company can connect to the zentyal vps but I cannot download a bundle for normal clients to connect to the same network, is there a work arrout to connect both zentyals and normal hosts on a same netork via openvpn? If I try to use a normal client bundle in zentyal it doesnt let me connect.
Zentyal to Zentyal connections don't work for normal clients.
Zentyal allows you to define more than one VPN server. You should use a separate VPN server for other clients.
Note that the two modes have different semantics, in regard to how routing works for each of the VPN models. In brief:
Zentyal-to-Zentyal VPN tunnels use RIP and exchange the static routes accessible to each server.
For normal "road-warrior" clients, networks that needs to be accessed by clients have to be published using the "Advertised networks" section.
In addition, it's better practice to use a separate VPN network for road warriors, another VPN for server-to-server communications.
If I guess correctly, you'd like to use Zentyal as a normal VPN client (using a normal client bundle). It's a requested feature but I believe it's not available. You could configure the OpenVPN client manually in the Zentyal box (unmanaged by Zentyal, unless you use hooks). Alternatively, you could use a Zentyal-to-Zentyal tunnel for all clients, but configure Windows clients manually based on the certificates present on the bundle and the Windows OpenVPN configuration files you already have (this way, you'd be missing RIP (route exchange) funcionality between Windows and Zentyal but it shall work).
For your use case, i think there is not way inside zentyal to manage S2S connection.
To achieved that i use one server as client (S2), download a Linux bundle from the other zentyal(S1) server, then configure the S2 to act as the others clients to connect to the S1.
here is a link for client side configuration openpvn linux client
Hope that help
I use to develop my project on my localhost, on apache in ubuntu machine.
Sometimes i need to show progress to my costumer.
Is it possible to access to localhost from remote machine?
You can use a service that provides a tunnel to your local service, such as localtunnel, pagekite or ngrok. These services simplify setting up remote demos, mobile testing and some provide request inspection as well.
I find ngrok useful because it provides a https address, which is needed to test things like webcam access.
Terms used in this answer:
Host = machine with site on it
Client = machine you are trying to access the host from
If the host and client are on the same network, you can access the host from the client by entering
http://(hostname or ip address)
in your client's browser. If the site is not running on port 80 (for http) or port 443 (for https), add the post as so (this example is for if your server is on 8080, a common alternate port):
http://(hostname or ip address):8080
If the host and client are not on the same network, and you need to reach across the internet from the client to see the host, you will need to make your host available on the internet for the client to access.
This can be extremely dangerous for your information security if you're not sure what you're doing and I'd recommend getting a cheap-o hosting account (can get them for like $10/month at places like 1:1 hosting).
There are many methods to do this - the difference is security, easiness of the configuration and cost of the solution.
Following I am typing some methods with some analyses
Port Forwarding (with Dynamic DNS and SSL encryption)
This requires router configuration (to forward your routers public port to loclhoat port), however this requires you to have fixed ip address. In case your ip address is not fixed (in most cases) you need to use Dynamic DNS services to be able to use domain name instead ip address (there are lot of available free services). Here we still have security question open. To solve security question i.e. setup ssl certificate we can use Let’s Encrypt service ( https://letsencrypt.org/ ) to get free certificate, however we should configure local server to use the certificate or we should setup reverse proxy (in most cases nginx or apache) and configure proxy to use certificate.
Conclusion – Hard to setup if we want to have secure connection (can be done for free)
VPN
For this scenario we should use VPN services. We should connect our local machine to VPN then in other side we should connect our client's machine to VPN that will allow us to access to localhost by local IP address. We can set up our own VPN server however this requires knowledge to do it right.
Conclusion – Easy, Paid, Secure, Bad User Experience (connecting to VPN every time you need to connect to localhost)
Tunneling
For this scenario we can use free tunneling services (i.e. https://tunnelin.com/). The process is very straight forward i.e. Register a User, Connect your device to service (by running one line command on device), use Web interface to open/close secure tunnels to the device.
Conclusion – Free, Secure, Easy
Yes, if you have a public and static IP. Usually, ISPs offer static ips during a session (i.e. until you disconnect and connect again)