Open Ports on Access Server to port forward to Client VPN

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Locked
robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Open Ports on Access Server to port forward to Client VPN

Post by robturner80 » Fri Dec 02, 2016 10:51 am

I have a 3g/4g router that doesnt have a public routable IP Address or even a static internal IP address.

I have successfully setup the router as a dial in VPN client and can remotely connect to the router and internal network devices. (Only while on the VPN as another Client)

However I need to be able to access the router without the use of a VPN for CCTV purposes.

If i had a public IP address I would simply apply some port forward rules (This isn't possible with the 3g router)

Is it possible to use the Access Servers Wan IP to forward the requested ports via the 3g routers VPN ?

Kind of senario im thinking of:
Internet -> Access Server WAN IP -> 3g router VPN Client Account -> 3g router ->LAN -> CCTV IP address and relevant open ports

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Ports on Access Server to port forward to Client VPN

Post by TinCanTech » Fri Dec 02, 2016 12:13 pm

You are sure you are using OpenVPN-Access Server not Community Edition ?
robturner80 wrote:Is it possible to use the Access Servers Wan IP to forward the requested ports via the 3g routers VPN ?

Kind of senario im thinking of:
Internet -> Access Server WAN IP -> 3g router VPN Client Account -> 3g router ->LAN -> CCTV IP address and relevant open ports
This does not make sense to me .. what is the WAN IP if you do not have a public IP address ?

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Re: Open Ports on Access Server to port forward to Client VPN

Post by robturner80 » Fri Dec 02, 2016 12:44 pm

the Wan IP of the Access Server is hosted on Digital Ocean

The 4g router gets assigned a private IP from the mobile network provider. There is a public IP when looking up "whats my IP" but this inst routeable back to the private IP.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Ports on Access Server to port forward to Client VPN

Post by TinCanTech » Fri Dec 02, 2016 1:06 pm

robturner80 wrote:the Wan IP of the Access Server is hosted on Digital Ocean
That is who I would ask ..

As I do not understand your issue and you want to solve something without using a VPN
robturner80 wrote:However I need to be able to access the router without the use of a VPN for CCTV purposes
I will have to step down.

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Re: Open Ports on Access Server to port forward to Client VPN

Post by robturner80 » Fri Dec 02, 2016 1:47 pm

This is the current setup (IPs changed for simplicity)
Working when on VPN.png
This is what I'm hoping can be achieved
Working when off VPN.png
You do not have the required permissions to view the files attached to this post.

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Port Forwarding Question

Post by robturner80 » Fri Dec 02, 2016 2:31 pm

Before I go looking for a config to suit, is this scenario possible?

Use the Open VPN server's WAN IP address to forward ports over a vpn a device on the VPN's subnet?

Basically im trying to work out a way to connect to an internal device that is working off a 4g router. (4g router doesnt have a public routable address and is behind a NAT)

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Re: Port Forwarding Question

Post by robturner80 » Fri Dec 02, 2016 2:33 pm

Current setup works when both sides are on the VPN

Image

Hopefully this senario is possible?

Image

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Ports on Access Server to port forward to Client VPN

Post by TinCanTech » Fri Dec 02, 2016 9:08 pm

You only want to take away half of the VPN .. :geek:

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Re: Open Ports on Access Server to port forward to Client VPN

Post by robturner80 » Sat Dec 03, 2016 6:32 am

Yep that's right. Although in my case I'm trying to get the NVR this could be a webserver FTP etc...

TiTex
OpenVPN Super User
Posts: 310
Joined: Tue Apr 12, 2011 6:22 am

Re: Port Forwarding Question

Post by TiTex » Sat Dec 03, 2016 1:09 pm

If you have connectivity between the DVR and the VPN Server it should work with a DNAT firewall rule

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Ports on Access Server to port forward to Client VPN

Post by TinCanTech » Sat Dec 03, 2016 1:11 pm

What software will you use to connect to the vpn server ?

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Re: Open Ports on Access Server to port forward to Client VPN

Post by robturner80 » Sun Dec 04, 2016 10:54 am

No software it's a site to site VPN from AS to Mobile 4g Router.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Open Ports on Access Server to port forward to Client VPN

Post by TinCanTech » Sun Dec 04, 2016 12:35 pm

TinCanTech wrote:You only want to take away half of the VPN .. :geek:
robturner80 wrote:Yep that's right.
TinCanTech wrote:What software will you use to connect to the vpn server ?
From the laptop to the vpv server ..

robturner80
OpenVpn Newbie
Posts: 12
Joined: Fri Dec 02, 2016 10:19 am

Re: Open Ports on Access Server to port forward to Client VPN

Post by robturner80 » Sun Dec 04, 2016 5:08 pm

This is kind of my question.

I want to use the wan IP on the Access Server.

So if we swaped the CcTv for a web Server. Would it be possible to http to the webserver via the Access Servers wan IP .

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Port Forwarding Question

Post by TinCanTech » Sun Dec 04, 2016 6:52 pm

TiTex wrote:If you have connectivity between the DVR and the VPN Server it should work with a DNAT firewall rule
Looks plausible ..

Locked