Page 1 of 1

Open Ports on Access Server to port forward to Client VPN

Posted: Fri Dec 02, 2016 10:51 am
by robturner80
I have a 3g/4g router that doesnt have a public routable IP Address or even a static internal IP address.

I have successfully setup the router as a dial in VPN client and can remotely connect to the router and internal network devices. (Only while on the VPN as another Client)

However I need to be able to access the router without the use of a VPN for CCTV purposes.

If i had a public IP address I would simply apply some port forward rules (This isn't possible with the 3g router)

Is it possible to use the Access Servers Wan IP to forward the requested ports via the 3g routers VPN ?

Kind of senario im thinking of:
Internet -> Access Server WAN IP -> 3g router VPN Client Account -> 3g router ->LAN -> CCTV IP address and relevant open ports

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Fri Dec 02, 2016 12:13 pm
by TinCanTech
You are sure you are using OpenVPN-Access Server not Community Edition ?
robturner80 wrote:Is it possible to use the Access Servers Wan IP to forward the requested ports via the 3g routers VPN ?

Kind of senario im thinking of:
Internet -> Access Server WAN IP -> 3g router VPN Client Account -> 3g router ->LAN -> CCTV IP address and relevant open ports
This does not make sense to me .. what is the WAN IP if you do not have a public IP address ?

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Fri Dec 02, 2016 12:44 pm
by robturner80
the Wan IP of the Access Server is hosted on Digital Ocean

The 4g router gets assigned a private IP from the mobile network provider. There is a public IP when looking up "whats my IP" but this inst routeable back to the private IP.

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Fri Dec 02, 2016 1:06 pm
by TinCanTech
robturner80 wrote:the Wan IP of the Access Server is hosted on Digital Ocean
That is who I would ask ..

As I do not understand your issue and you want to solve something without using a VPN
robturner80 wrote:However I need to be able to access the router without the use of a VPN for CCTV purposes
I will have to step down.

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Fri Dec 02, 2016 1:47 pm
by robturner80
This is the current setup (IPs changed for simplicity)
Working when on VPN.png
This is what I'm hoping can be achieved
Working when off VPN.png

Port Forwarding Question

Posted: Fri Dec 02, 2016 2:31 pm
by robturner80
Before I go looking for a config to suit, is this scenario possible?

Use the Open VPN server's WAN IP address to forward ports over a vpn a device on the VPN's subnet?

Basically im trying to work out a way to connect to an internal device that is working off a 4g router. (4g router doesnt have a public routable address and is behind a NAT)

Re: Port Forwarding Question

Posted: Fri Dec 02, 2016 2:33 pm
by robturner80
Current setup works when both sides are on the VPN

Image

Hopefully this senario is possible?

Image

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Fri Dec 02, 2016 9:08 pm
by TinCanTech
You only want to take away half of the VPN .. :geek:

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Sat Dec 03, 2016 6:32 am
by robturner80
Yep that's right. Although in my case I'm trying to get the NVR this could be a webserver FTP etc...

Re: Port Forwarding Question

Posted: Sat Dec 03, 2016 1:09 pm
by TiTex
If you have connectivity between the DVR and the VPN Server it should work with a DNAT firewall rule

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Sat Dec 03, 2016 1:11 pm
by TinCanTech
What software will you use to connect to the vpn server ?

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Sun Dec 04, 2016 10:54 am
by robturner80
No software it's a site to site VPN from AS to Mobile 4g Router.

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Sun Dec 04, 2016 12:35 pm
by TinCanTech
TinCanTech wrote:You only want to take away half of the VPN .. :geek:
robturner80 wrote:Yep that's right.
TinCanTech wrote:What software will you use to connect to the vpn server ?
From the laptop to the vpv server ..

Re: Open Ports on Access Server to port forward to Client VPN

Posted: Sun Dec 04, 2016 5:08 pm
by robturner80
This is kind of my question.

I want to use the wan IP on the Access Server.

So if we swaped the CcTv for a web Server. Would it be possible to http to the webserver via the Access Servers wan IP .

Re: Port Forwarding Question

Posted: Sun Dec 04, 2016 6:52 pm
by TinCanTech
TiTex wrote:If you have connectivity between the DVR and the VPN Server it should work with a DNAT firewall rule
Looks plausible ..