Connect external computers to a local domain.

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
j20003
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 09, 2023 6:26 pm

Connect external computers to a local domain.

Post by j20003 » Thu Mar 09, 2023 6:57 pm

I need to connect external computers to a local domain.

I try with TurnKey OpenVPN version (16.1)

To connect a computer outside the local network with this topology.

Central Offices
Sample static IP 45.62.84.156
| domain |||||||||| openvpn |||| <==============> internet <================> remote computer dinamic IP
| 192.168.1.7|||||| 192.168.1.13 |
|--------------+--------------------------+
lan
192.168.1.0/24
+-----------------------------------------+

Domain and openvpn are separate server.

How would the setup be?

Would it be necessary to use the openVPN application to join the Windows machine to the local domain?

Can be done?

I haven't found anything about it on the forum.

j20003
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 09, 2023 6:26 pm

Re: Connect external computers to a local domain.

Post by j20003 » Fri Apr 14, 2023 7:51 am

The truth is that this distribution has greatly facilitated the VPN connection, to access the local domain through a VPN connection, it is only necessary to configure the push option so that the equipment connected by VPN can access the network where the domain server is. working, then you have to configure the DNS of the virtual network device that the client computer uses for the VPN connection with the address of the domain server.


In OpenVPN settings example:
# push routes to clients to allow them to reach private subnets
push "route 192.168.1.0 255.255.255.0"

http://j20003.es/palaimg/opnvpn/7-server.conf.JPG

DNS for the client computer example:
192.168.1.7

http://j20003.es/palaimg/opnvpn/8-Client-DNS.JPG

j20003
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 09, 2023 6:26 pm

Re: Connect external computers to a local domain.

Post by j20003 » Wed Apr 19, 2023 7:32 am

Important, to be able to enter the domain, the VPN connection must be working.
We must start the VPN connection with the system administrator user, once the VPN connection is activated we can join the domain.
When we restart the system, to enter the domain, we must first start the local user session and connect the VPN,
without closing the local session with which we have connected the VPN,
we use the change user option and start our session with the domain user .
If we have configured the option to remember the data of connected users,
we can start the session without being connected to the domain,
this can cause security problems. We can use the windows autolon tool to automate the VPN connection.
This solution is best suited for multi-user computers.

Link: https://learn.microsoft.com/es-es/sysin ... /autologon


OpenVPN's connection automation script:

timeout 5
cd C:\Program Files\OpenVPN\bin\
openvpn-gui.exe --connect example.ovpn

Save to C:\Users\My-User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup as .bat or .cmd

Note: So far I haven't been able to connect to OpenVPN without logging in, I guess it's due to the nature of the app that needs to be launched graphically.
I will continue investigation

j20003
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 09, 2023 6:26 pm

Re: Connect external computers to a local domain.

Post by j20003 » Mon Apr 24, 2023 7:53 am

OpenVPN as a system service

Full information in the link:
https://openvpn.net/vpn-server-resource ... emon-mode/

Magvegva
OpenVpn Newbie
Posts: 3
Joined: Wed Apr 26, 2023 5:14 pm

Re: Connect external computers to a local domain.

Post by Magvegva » Wed Apr 26, 2023 6:36 pm

I did it. To work fine with MS Active Directory domains you should set up an L2 tunnel (and setup bridge). Also your remote clients/servers need to automatically connect to VPN network after booting.
I have no acces to server config right now. Try too google it out. Check this way out and if it is what you need, I'll try to get working configs (OpenVPN on Ubuntu Server).

p.s. Don't forget to push DNS options to clients and set your domain's DNS server there. Otherwise your clients would not be able to resolve the domain name and you will not be able to add them to domain (MS AD).

j20003
OpenVpn Newbie
Posts: 5
Joined: Thu Mar 09, 2023 6:26 pm

Re: Connect external computers to a local domain.

Post by j20003 » Wed Apr 26, 2023 6:53 pm

I followed this tutorial, and it works perfectly for me with OpenVPN Connect v3.
https://openvpn.net/vpn-server-resource ... emon-mode/
It connects directly without the need to start a local session that starts the connection to VPN.

I did it with specific Turnkeylinux distributions, domain and OpenVPN:

OpenVPN: https://www.turnkeylinux.org/openvpn
Domain: https://www.turnkeylinux.org/domain-controller

I'll try to make a video tutorial when I have time.

Post Reply