How to allow access from the world to Local area connection ip?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
allsolution
OpenVpn Newbie
Posts: 3
Joined: Wed Apr 27, 2022 5:56 am

How to allow access from the world to Local area connection ip?

Post by allsolution » Thu Jun 02, 2022 4:38 am

I had installed openvpnAs on virtual appliance. I am able to login as admin to web interface with LAN and subscription is activated for 2 users.
Now how can I setup access from world? I had no static internet ip address, I have just lan connection now. For example I live in somewhere, my friend is live in Europe but he would use my internet. How is this possible to setup openvpn as on my server with no static ip?
I heard about to use Noip.com but I don't know how I connect openvpn /virtual os: ubuntu 18.04/ between noip.com, please provide me right way someone, thanks

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: How to allow access from the world to Local area connection ip?

Post by openvpn_inc » Thu Jun 02, 2022 11:47 am

Hello allsolution,

Describing step-by-step how a service like noip.com works is not something that I will be doing. There are better guides out there for explaining how that works. But I can tell you the high-level overview of how it is expected to work, and you can use that as a guide to work towards the solution that works for your situation.

For an incoming VPN connection from anywhere on the Internet to reach your particular OpenVPN Access Server virtual appliance in your network, you need it to be reachable from the Internet on a public IP. If your Internet provider does not provide you with a static public IP you can workaround this problem by using a dynamic DNS service like noip.com or entrydns.net to create a DNS record that points to your current public IP. If the public IP changes, the record can be updated, so that systems can find your public IP again. This can be updated automatically with a script on for example the OpenVPN Access Server virtual appliance or by your router itself if it has support for a dynamic DNS provider.

With the above set up you will have a DNS name like blabla.something that will point to your current public IP. And if the public IP changes, the DNS name can be updated to the new public IP. In the Access Server in the admin UI under Network Settings you can set the 'host name or IP address' field to blabla.something. This will then henceforth be used as the address for VPN clients to find your public internet IP.

Now there is one component missing. The public internet IP is assigned to your router, not to your virtual appliance. You need to set up port forwarding. Look up the manual for your router on how to do this on your router. Generally speaking you would have a private subnet like 192.168.10.0/24 or something like that, with your router at perhaps 192.168.10.1 and your Access Server virtual appliance at 192.168.10.55 (I'm just making up IP addresses here, I have no idea about your local network - so adjust as needed to your situation). In your router you would then have to specify that if requests come in from the internet at port 443 TCP, port 943 TCP, and UDP 1194, that those requests are forwarded internally to 192.168.10.55. The Access Server will then receive those requests and answer them.

That's it. That's what you need to get this working. And all of it is outside of the scope of the OpenVPN Access Server itself. So I can only advise you to start looking into dynamic DNS and getting that working, and setting up the necessary port forwards in your router.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

allsolution
OpenVpn Newbie
Posts: 3
Joined: Wed Apr 27, 2022 5:56 am

Re: How to allow access from the world to Local area connection ip?

Post by allsolution » Mon Jun 06, 2022 3:54 am

It's very clear answer. I am understanding now how dns is work.
openvpn_inc wrote:
Thu Jun 02, 2022 11:47 am
In your router you would then have to specify that if requests come in from the internet at port 443 TCP, port 943 TCP, and UDP 1194, that those requests are forwarded internally to 192.168.10.55. The Access Server will then receive those requests and answer them.
If my router's 443 is used by another connection can I change the openvpnas's 443 port?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: How to allow access from the world to Local area connection ip?

Post by openvpn_inc » Mon Jun 06, 2022 3:21 pm

allsolution wrote:
Mon Jun 06, 2022 3:54 am
It's very clear answer. I am understanding now how dns is work.
openvpn_inc wrote:
Thu Jun 02, 2022 11:47 am
In your router you would then have to specify that if requests come in from the internet at port 443 TCP, port 943 TCP, and UDP 1194, that those requests are forwarded internally to 192.168.10.55. The Access Server will then receive those requests and answer them.
If my router's 443 is used by another connection can I change the openvpnas's 443 port?
Hi alls,

Yes, you can, but it costs you the main benefit of using port 443. Access Server provides TCP/443 access because it's very difficult to block in a firewall. Even a user behind a web proxy, not having real Internet access at all, should be able to connect to OpenVPN on TCP/443.

https://openvpn.net/access-server-manua ... -settings/

regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply