VPN server to the local LAN

cazz · February 18, 2019, 4:45pm

NethServer Version: latest

Hi
After have search a little I think I understand why I did got so much problem with the nethservers VPN server

When I did config and got everything to work I can connect to the nethservers VPN server but no other computer in the local LAN.

What I did read I did have to reroute the VPN network to the LAN network from my router.
Now that is a problem, I helping a friend to setup a VPN server but his router is not any advance or I have problem to understand how to make it work.
Is it possible from nethserver make a reroute without do something with the router??

federico.ballarini · February 18, 2019, 4:57pm

Normally I can access also to LAN PCs with a VPN tunnel.
Can you post your VPN config?

saitobenkei · February 18, 2019, 4:59pm

AFAIK this is true only if the Nethserver is the gateway of the LAN.

I think that the OP has a configuration where the Nethserver is only a server inside the LAN

I proposed this solution:

pike · February 18, 2019, 5:32pm

I don’t think that can be possible.
Anyway, for use as a VPN gateway, NethServer must have at least two network zones (RED and GREEN).

cazz · February 18, 2019, 6:05pm

yes the VPN server is just a server and no gateway.
The router in the LAN is the gateway.

Hmm ok then is not so easy for me to fix this.

I know with a old OpenVPN I did use iptable and “POSTROUTING” to connect to the LAN from VPN.
But this is maybe not possible with nethserver VPN.

But I have see the nethserver have firewall, maybe is possible to use that to reroute my traffice from my VPN to LAN??

cazz · February 18, 2019, 6:06pm

hmm I know I have got it to work when I did use Ubuntu and config my own OpenVPN

federico.ballarini · February 18, 2019, 6:07pm

What do you think to use SSH tunnels in this case? (Final user has to be a little bit expert…)

mrmarkuz · February 18, 2019, 6:13pm

I think you just need to add a static route to your router as @saitobenkei suggested.

The problem is that your router does not know about the VPN network on your Nethserver so it cannot route correctly.

cazz · February 18, 2019, 6:15pm

Going to ask my friends what kind of router he have so I can see how to make a static route

cazz · February 18, 2019, 9:38pm

ok I was thinking first install the VPN server and then see if I can remote connect to it and the config file was ok to import into client but when I trying to connect it say “connect error: missing external pki alias”
Have no idea what it mean??

mrmarkuz · February 18, 2019, 10:14pm

Which VPN client (OS, device) do you use?

cazz · February 18, 2019, 10:28pm

OpenVPN connect on Windows 7

mrmarkuz · February 18, 2019, 11:39pm

Never tested openvpn connect. Did you try openvpn gui, it works for me.

pike · February 19, 2019, 9:26am

Plus one for OpenVPN GUI, used on at least 10 installations

cazz · February 19, 2019, 10:12am

Ahh ok, I can try that when I get home

Have now talk to my friend and he have a TP-Link ER5120 and when I look at the support page it have static routing.
But I have no idea what to write to get it to work. I have found a picture of it
http://screenshots.portforward.com/routers/TP-Link/TL-ER5120/Static_Route.htm

And I can see it have
Destination
Subnet Mask
Next Hop
Interface
Metic
Description
Status.

My routing mode is
Network: 17.77.0.0
Netmask: 255.255.255.0

And his LAN network is
192.168.0.0
255.255.255.0

Have working with this sometime now and I just want to get it to work.

If I can guess it is something like this

Destination: 17.77.0.0
Subnet Mask: 255.255.255.0
Interface: LAN1

saitobenkei · February 19, 2019, 11:06am

In the “Next Hop” field put the IP of your Nethserver (192.168.0.something)

(that 17.77.0.0 is horrible…)

cazz · February 19, 2019, 11:55am

lol yes I know it is not a nice but I did just follow a guide.
I do not want to use 192.168 but I can change it to 172. to make it looks better

so

Destination: 17.77.0.0 (or 172.16.0.0 when I change it to that)
Subnet Mask 255.255.255.0
Interface: LAN
Next Hop: 192.168.0.35 (this is the IP to the nethserver)

saitobenkei · February 19, 2019, 12:39pm

I think it’s correct.

cazz · February 19, 2019, 2:19pm

hmm have now done that but I can’t connect to anything?

I can now connect with a client from a ipad to my VPN server and I can see in the status in nethserver that is connected. I also have a green light in the client in the iPad and the server have give the client 172.16.0.6.

But I can’t even ping the VPN server that is connect to?? (192.168.0.35)

I have enable roadwarrior server
I have select “Username and password”
I have select "Routed Mode (Network: 172.16.0.0, Netmask: 255.255.255.0)
I have select under the routed mode advanced “Route all traffic through VPN”
I have under advanced select both "Enable TZO cinoression and “Push all static routes”
Under DHCP options I have set DNS to 192.168.0.1 (Routerns DNS server)
And the UDP is 1194

saitobenkei · February 19, 2019, 2:26pm

You trying to ping the hostname of the Nethserver or directly the IP of the server?

Try putting in the DNS field the Nethserver IP

Remove LZO Compression and Route all traffic through VPN

If your iPad is in the same lan/wlan of the Nethserver probably the VPN doesn’t work