VPN server to the local LAN

cazz · 2019-02-18 16:45:46 UTC

NethServer Version: latest

Hi
After have search a little I think I understand why I did got so much problem with the nethservers VPN server

When I did config and got everything to work I can connect to the nethservers VPN server but no other computer in the local LAN.

What I did read I did have to reroute the VPN network to the LAN network from my router.
Now that is a problem, I helping a friend to setup a VPN server but his router is not any advance or I have problem to understand how to make it work.
Is it possible from nethserver make a reroute without do something with the router??

federico.ballarini · 2019-02-18 16:57:16 UTC

Normally I can access also to LAN PCs with a VPN tunnel.
Can you post your VPN config?

saitobenkei · 2019-02-18 16:59:57 UTC

AFAIK this is true only if the Nethserver is the gateway of the LAN.

I think that the OP has a configuration where the Nethserver is only a server inside the LAN

I proposed this solution:

pike · 2019-02-18 17:32:43 UTC

I don’t think that can be possible.
Anyway, for use as a VPN gateway, NethServer must have at least two network zones (RED and GREEN).

cazz · 2019-02-18 18:05:27 UTC

yes the VPN server is just a server and no gateway.
The router in the LAN is the gateway.

Hmm ok then is not so easy for me to fix this.

I know with a old OpenVPN I did use iptable and “POSTROUTING” to connect to the LAN from VPN.
But this is maybe not possible with nethserver VPN.

But I have see the nethserver have firewall, maybe is possible to use that to reroute my traffice from my VPN to LAN??

cazz · 2019-02-18 18:06:06 UTC

hmm I know I have got it to work when I did use Ubuntu and config my own OpenVPN

federico.ballarini · 2019-02-18 18:07:17 UTC

What do you think to use SSH tunnels in this case? (Final user has to be a little bit expert…)

mrmarkuz · 2019-02-18 18:13:48 UTC

I think you just need to add a static route to your router as @saitobenkei suggested.

The problem is that your router does not know about the VPN network on your Nethserver so it cannot route correctly.

cazz · 2019-02-18 18:15:23 UTC

Going to ask my friends what kind of router he have so I can see how to make a static route

cazz · 2019-02-18 21:38:00 UTC

ok I was thinking first install the VPN server and then see if I can remote connect to it and the config file was ok to import into client but when I trying to connect it say “connect error: missing external pki alias”
Have no idea what it mean??

mrmarkuz · 2019-02-18 22:14:59 UTC

Which VPN client (OS, device) do you use?

cazz · 2019-02-18 22:28:27 UTC

OpenVPN connect on Windows 7

mrmarkuz · 2019-02-18 23:39:13 UTC

Never tested openvpn connect. Did you try openvpn gui, it works for me.

pike · 2019-02-19 09:26:09 UTC

Plus one for OpenVPN GUI, used on at least 10 installations

cazz · 2019-02-19 10:12:30 UTC

Ahh ok, I can try that when I get home

Have now talk to my friend and he have a TP-Link ER5120 and when I look at the support page it have static routing.
But I have no idea what to write to get it to work. I have found a picture of it
http://screenshots.portforward.com/routers/TP-Link/TL-ER5120/Static_Route.htm

And I can see it have
Destination
Subnet Mask
Next Hop
Interface
Metic
Description
Status.

My routing mode is
Network: 17.77.0.0
Netmask: 255.255.255.0

And his LAN network is
192.168.0.0
255.255.255.0

Have working with this sometime now and I just want to get it to work.

If I can guess it is something like this

Destination: 17.77.0.0
Subnet Mask: 255.255.255.0
Interface: LAN1

saitobenkei · 2019-02-19 11:06:42 UTC

In the “Next Hop” field put the IP of your Nethserver (192.168.0.something)

(that 17.77.0.0 is horrible…)

cazz · 2019-02-19 11:55:13 UTC

lol yes I know it is not a nice but I did just follow a guide.
I do not want to use 192.168 but I can change it to 172. to make it looks better

so

Destination: 17.77.0.0 (or 172.16.0.0 when I change it to that)
Subnet Mask 255.255.255.0
Interface: LAN
Next Hop: 192.168.0.35 (this is the IP to the nethserver)

saitobenkei · 2019-02-19 12:39:29 UTC

I think it’s correct.

cazz · 2019-02-19 14:19:06 UTC

hmm have now done that but I can’t connect to anything?

I can now connect with a client from a ipad to my VPN server and I can see in the status in nethserver that is connected. I also have a green light in the client in the iPad and the server have give the client 172.16.0.6.

But I can’t even ping the VPN server that is connect to?? (192.168.0.35)

I have enable roadwarrior server
I have select “Username and password”
I have select "Routed Mode (Network: 172.16.0.0, Netmask: 255.255.255.0)
I have select under the routed mode advanced “Route all traffic through VPN”
I have under advanced select both "Enable TZO cinoression and “Push all static routes”
Under DHCP options I have set DNS to 192.168.0.1 (Routerns DNS server)
And the UDP is 1194

saitobenkei · 2019-02-19 14:26:13 UTC

You trying to ping the hostname of the Nethserver or directly the IP of the server?

Try putting in the DNS field the Nethserver IP

Remove LZO Compression and Route all traffic through VPN

If your iPad is in the same lan/wlan of the Nethserver probably the VPN doesn’t work