Hyper-V with single nic, behind ADSL modem, OpenVPN for Road warriors

Hello,

This is my first ever NethServer. So, I am a newbie!

I am using NethServer Version: 7.7.1908 installed on a Hyper-V with single nic. Nic is set to static IP number. It stays on location A behind a fixed IP address ADSL modem. OpenVPN UDP port is routed to NethServer static IP number.

I would like to have access from location B to any computer on location A over OpenVPN. I think this is called “OpenVPN for road warriors” setup. I want the access to use username+password+certificate.

I do not want to use location A to access internet after establishing a connection. location B has to use its own internet. However, location B must have access to computers in location B like ping, RDP and similar should be working.

location A local IP group: 192.168.1.0/24
location B local IP group: 192.168.8.0/24

NethServer has eth0 set as Local (green).

So, I have setup an LDAP for adding users.
Added one user.
Installed OpenVPN
Setup it as Roadwarrior. (routed mode, 10.10.0.0/24 network)
Assigned my system user as VPN user.
Downloaded ovpn file and tried to connect to my server from location B.

I could establish a connection. My location B assigned 10.10.0.6 IP number. However, it was not possible to reach any computer on location A.

I have below lines in my location A routing table:
Active Routes:
Network Destination Netmask Gateway Interface Metric
10.10.0.1 255.255.255.255 10.10.0.5 10.10.0.6 281
10.10.0.4 255.255.255.252 On-link 10.10.0.6 281
10.10.0.6 255.255.255.255 On-link 10.10.0.6 281
10.10.0.7 255.255.255.255 On-link 10.10.0.6 281
192.168.1.0 255.255.255.0 10.10.0.5 10.10.0.6 281

I do not know how much of above details is relevant. I just tried to provide as much detail as possible. I failed to find a tutorial to follow for achieving what I want.

I did not change any other setting on NethServer. They are all defaults.

Any help is appreciated.

Thanks & regards,
Ertan

@ertank

Hello and welcome to our community!

I am a Network guy, but as I use a separate firewall at all 20-30 clients I run NethServer for, I can’t really help you here.
I do use OpenVPN and IPsec a lot, IPsec more for site2site and OpenVPN and /or IPsec for Road Warriors!

I’m not sure, but maybe a second NIC might be needed.

Maybe @mrmarkuz can help, he’s VERY good at this…

My 2 cents
Andy

1 Like

You may need to configure a static route on the ADSL router to route traffic to the VPN network 10.10.0.0/24 via the Nethserver.

The option “Route all client traffic to VPN” is disabled by default so location B should use it’s own internet.

I assume location B needs to access computers in location A. This should just work with the static route I mentioned above.

1 Like

I did add a static route from my ADSL modem as 10.10.0.0/24 → NethServer LAN IP. That did help me ping any internal computer in location A by using my OpenVPN connection from location B.

Though, there is still one problem I have now. I cannot establish an RDP connection from location B to any computer in location A. When I try, I am asked for a username/password for login. I enter them, after I have a black screen for about 15-30 seconds and after black screen I get a message saying:

Your Remote Desktop Services session has ended.

The connection to the remote computer was lost, possibly due to network connectivity problems. Try connecting to the remote computer again. If problem continues, contact your network administrator or technical support.

I am simply after having an RDP session running from location B on any computer on location A.

If you use IPS disable it for testing.

Which Windows versions are you using? Please include full version like “Win 10 1909 Build 18363.720”.

Are you connecting as a local PC user or with a domain account?

Does RDP work with port forwarding instead of VPN? (just for testing)

You may try disabling NLA on the machine you want to connect to:

Are there any relevant errors logged in windows event log?

We figured that our ADSL modem has bridging.

1- We have added another physical ethernet on our Windows 2016 server
2- We set ADSL modem to bridge to our Windows 2016 Server second ethernet.
3- Hyper-V set so that second ethernet is assigned to NethServer.
4- NethServer set for PPPoE. After that our fixed IP number is displayed on that second nic.
5- We did not change any setting for our OpenVPN server.

After having RED and GREEN ethernets visible in NethServer we are able to ping any computer in location A from location B. We can establish successful RDP connections from location B.

Now we are to setup all routing and IP phone settings that were existing on our ADSL modem. No complaints about that though.

In the mean time, I wanted to test suggestions in below thread (putting RDP to TCP only mode).


I couldn’t do that test as too many people involved in and configuration changed more than a couple times.

Just posting in here because I find it relevant. Reason for me to think it is relevant is because I can have communication over OpenVPN until I can enter my user password. If there was no communication, I couldn’t be able to get to login screen of RDP.

There is another location with identical configuration. I did setup NethServer there. Unfortunately, I could not test results there as ADSL modem has no support for static routes.

Thanks for all the help.

Regards,
Ertan

1 Like

I remember I had a similar problem with a Vmware hosted Windows server 2016 and fortinet vpn. I think it’s a virtualization related issue.

Following instructions that I found in your link helped: