I have configured my guest VM as described here: https://askubuntu.com/a/293817/503589
Unfortunately I cannot connect to the guest via IP or "localhost", if the Cisco AnyConnect VPN Client is connected on the host (Windows 7).
It works as long as I am not connected with the Cisco VPN AnyConnect Client on the host.
My requirements are the following:
the host should be able to access the guest with it's static IP, whether I am connected to host VPN or not.
I am working remote (WLAN) or in the office (LAN). In the office it's working, because I have no Cisco VPN Client connected.
guest can access the internet
I can move my laptop from network to network (e.g. from home to office to coffeeshop) without worrying about securing or reconfiguring the vm
What I also already tried and what didn't work:
NAT
Bridged
The Cisco VPN client is likely configured for full tunneling. Meaning all traffic is routed through the VPN interface. This is why you are unable to reach other hosts on your LAN.
You might be able to request a split-tunneled profile from your Network team, but it may go against company policy.
Related
I have a Debian VM on my Windows 10 machine, in VMWare Player 16. The VM is running a web server. Both are using my router for DHCP, and the router lists the VM as a DHCP client.
The PC is on 192.168.0.20. The VM is 192.168.0.50.
The VM's networking is set to 'bridged'. It can access the internet, and it can ping various devices on my nework. But it cannot ping the PC that is hosting the VM - it shows Destination Host Unreachable.
The PC cannot ping the VM (also destination host unreachable) and cannot see the VM's web server.
The router can ping the VM, and the PC.
My phone, on the same network via WiFi, can ping the PC and also the VM.
My phone can also access the web server of the VM.
The firewall is off in both the VM and the PC.
It seems like the host PC is not allowing traffic that it sent (even though it is sending it by proxy for the VM) to reach the VM. Traffic from other sources on the network, i.e. not the PC or the VM, can get to the VM without any problem. It is as if the PC sees data coming in and says "That traffic came from me, but I have nothing listening for it so I will just ignore it."
Any ideas on how I can fix this?
What I'm trying to achieve is:
Connect to a VPN as client and route all my internal network's traffic over the VPN.
Run a VPN server, so that people from outside can connect to my internal network and get routed over the a.m. VPN client.
I'm trying to achieve that with a router running dd-wrt (netgear D6200), and / or a raspberry pi.
Can someone tell me if this can be achieved, and if, direct me to what would be a possible solution?
(I'm not looking for a tutorial, just a direction)
Thanks!
This thread probably does not belong here.
Consider using OpenWRT instead of dd-wrt. OpenWRT gives you a usable build system and easier to customize and build. I am not advocating OpenWRT. This can be a stop gap measure.
You can setup a OpenVPN server and OpenVPN client using the standard
documentation available on OpenWRT Wiki and also OpenVPN site.
Add to OpenVPN server.conf the following directive redirect-gateway def1. This will push the default gateway to clients connecting to OpenVPN server. Further, make sure you are using a unique network IP pool for VPN clients and does not clash with the remove VPN server.
Make sure you are masquerading the VPN traffic (Clients of local VPN server) before forwarding to remove VPN server. This can be tricky as this interface does not exist at boot time. It needs to be configured using up and down scripts
Make sure you are allowing traffic (clients of local VPN Server) on VPN interface to be forwarded in your firewall rules
Before setting up the OpenVPN server, make sure
The remove VPN server is pushing the default gateway to your VPN
client
You have setup the firewall correctly
You are able to reach the cloud through the Remote VPN Server. Checking with some site like www.whatismyip.com will help
Yes this is possible with dd-wrt on Netgear.
There is no need of Raspberry (unless you meant to run the remote VPN server on it).
Configure and run VPN server on dd-wrt - and try connectivity by connecting clients. Both tun/tap should work in general (with VPN client running). I tested with tun.
Configure and run VPN client on dd-wrt and try connecting to your VPN server. By default, the router should start directing all traffic (for its own LAN clients) via the VPN server.
So far so good.
The problem comes when you want dd-wrt's VPN clients (and not just LAN clients) to take the same route. With a VPN client running on dd-wrt, dd-wrt's own VPN clients will not be able to connect to the VPN server running on dd-wrt as such. To make it work, see below.
This is only possible via PBR - i.e. you run VPN client on dd-wrt, but take the router itself off this client, and route only specific clients through this VPN client running on dd-wrt.
With some tweaks using subnet masks, it is possible to include all your LAN and VPN IPs in the PBR policy so that everything (except the router itself) routes through the remote VPN server.
The key is to include dd-wrt's VPN clients' virtual IPs in the PBR. While configuring VPN server on dd-wrt, there is a field for specifying the clients' network and netmask.
If you use this network IP and netmask in client process's PBR policy, your (dd-wrt's) VPN clients will be able to connect to the VPN server running on dd-wrt, and will in turn be routed through the remote VPN server to which dd-wrt is connected as a client.
I don't have a public ip address so I'm looking to host a server while connected to a VPN, the VPN server is running on a VPS that I own and its running SoftEther VPN server.
In my machine I connect to the VPN and then run the server app, however I check in http://www.canyouseeme.org/ to see if its successfully hosted and can be accessed from internet but its not and it shows "connection refused", if I host the server on the VPS machine it works, but I don't want that, it should be hosted on my machine and should be accessible using the ip address of the VPS/VPN.
You probably want to set up port forwarding on your VPN server.
When you connect to the VPN, your traffic goes through it, but you don't "become" it - the traffic directed to the VPN server (like an attempt to connect to your app) will not be forwarded to your VPN client machine - this is not the purpose of VPNs.
There is a page with port forwarding setup here. This is to be done on the VPN server.
The alternative I use is to setup port forwarding via SSH on the application server and ditch the need for VPN. Check Remote Port Forwarding here. It works fine, encrypts your data between the application server and the gateway, but there might be bigger overhead and it may be more prone to die when the network connection is temporarily lost.
I'm working on a website for a friend, developing using Eclipse/Tomcat. I'm running it locally and trying to open it via my internet port IP address, but I can't get it to work. The computer I am running it from is connected to a router, so it is running off of 192.168.1.4, and http://192.168.1.4:8080/Mobile_Site/index.jsp works. However when I try and open it via my internet port IP, http://67.xxx.244.xx:8080/Mobile_Site/index.jsp it doesn't find it from any device, even outside my local network. Is there a way to send the link when running locally when connected to a router?
You have to configure your router port forwarding (or virtual servers depending on the router) to forward TCP connections from 67.xxx.244.xx:NNNN to 192.168.1.4:8080.
Then you give the 67.xxx.244.xx:NNNN address to your friend.
Note: NNNN at your router doesn't need to be 8080, as long as the port forwarding is set properly.
I have a windows 2003 VM running on my windows xp machine.
The machine name of the VM is itdom.domain.com
The windows xp host machine is disconnected from the LAN.
I want to be able to connect to the VM from the host and vice versa using there computer names. For example the URL http://itlab.domain:7080/domainsm must be accessible from the host computer.
Is there any configuration that I can do on any of the machine to do this.
Just because you have no physical network connection doesn't stop you setting up networking on the host and guest machines. One way of doing this is to add an IP address to the host machine's physical network port and create a bridged network on that port so that the guest can also see it.
You don't say which VM technology you are using, but in many of them you can setup an internal network between the host and guest. All you need to do then is edit each hosts file to add a hostname for the IP address of the other machine. You may also need to configure firewalls to allow access between the two.
No doubt there are also other ways to achieve this.