Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clients.

This forum is for general conversation and user-user networking.
xh43k
OpenVpn Newbie
Posts: 19
Joined: Tue Jun 09, 2020 8:55 pm

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by xh43k » Thu Jun 11, 2020 4:55 pm

300000 wrote:
Thu Jun 11, 2020 4:43 pm
what dns server from openvpn you push to openvpn client , check that first
I push no default gw or dns servers whatsoever, since it's split tunnel vpn.
I am able to ping the IP 10.100.0.10 without problems, just unable to actually access the web interface that runs on it from VPN.
When I connect to the server 10.100.0.2 via rdp, I can access the 10.100.0.10 without problems.

So there must be something that's blocking my vpn subnet IP (10.100.1.4) from accessing LAN devices via http/https protocols..

I checked firewall logs on both server as well as default GW (router) and seemingly all traffic is being passed between both subnets without problems..

Could it be that the devices I am trying to access are refusing connections from other than LAN subnets ?

300000
OpenVPN Power User
Posts: 189
Joined: Tue May 01, 2012 9:30 pm

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by 300000 » Thu Jun 11, 2020 5:04 pm

you need try tracert first from client to see . if it stop at address openvpn server it meant your server not working good .

open cmd and typre


tracert 10.100.0.10 and if it stop at 10.100.1.1 it mean your openvpn server not nat

xh43k
OpenVpn Newbie
Posts: 19
Joined: Tue Jun 09, 2020 8:55 pm

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by xh43k » Thu Jun 11, 2020 5:09 pm

Well...

Code: Select all

>tracert 10.100.0.10

Tracing route to 10.100.0.10 over a maximum of 30 hops

  1    27 ms    27 ms    27 ms  xxxxxxx [10.100.1.1]
  2    29 ms    28 ms    29 ms  10.100.0.10

Trace complete.
Also testing of ports works...

Code: Select all

PS C:\Users\xxxxxx> Test-NetConnection 10.100.0.10 -Port 80                                                                                                                                                                                                                                                                                                    ComputerName     : 10.100.0.10
RemoteAddress    : 10.100.0.10
RemotePort       : 80
InterfaceAlias   : Local Area Connection 2
SourceAddress    : 10.100.1.2
TcpTestSucceeded : True

PS C:\Users\xxxxxx> Test-NetConnection 10.100.0.10 -Port 443
ComputerName     : 10.100.0.10
RemoteAddress    : 10.100.0.10
RemotePort       : 443
InterfaceAlias   : Local Area Connection 2
SourceAddress    : 10.100.1.2
TcpTestSucceeded : True

But still cannot access the web interface via ANY browser..
Image

And when I try to telnet 10.100.0.10 port 80/443 I get this:

Code: Select all

HTTP/1.0 408 Request Timeout                                                                                            
Content-Length: 19                                                                                                                                                                                                                              408 Request Timeout

Connection to host lost.

300000
OpenVPN Power User
Posts: 189
Joined: Tue May 01, 2012 9:30 pm

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by 300000 » Thu Jun 11, 2020 5:25 pm

try to restart web server , everything works as normal so nothing wrong with it network is ok ,

xh43k
OpenVpn Newbie
Posts: 19
Joined: Tue Jun 09, 2020 8:55 pm

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by xh43k » Thu Jun 11, 2020 5:33 pm

Soooo I think I have some movement.. I didnt restart anything, but I disabled SPI (Stateful Packet Inspection) on the cisco router.. and boom, connection now works.

I wonder if there is any way on how to allow such connection from VPN subnet to LAN subnet without triggering SPI and forcing it to cancel the connection.

User avatar
Pippin
Forum Team
Posts: 799
Joined: Wed Jul 01, 2015 8:03 am

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by Pippin » Thu Jun 11, 2020 9:36 pm

You should read Cisco's docs or seek their support ;)

But ok,
Does it have an option that looks something like "Clear DF bit", "Reject/block/drop fragmented packets"?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Remote clients can access resources on the OVPN server and also access main router, but cannot access other LAN clie

Post by TinCanTech » Thu Jun 11, 2020 10:22 pm

And definitely disable *all* Windblows Fireballs :mrgreen:

Post Reply