OpenVPN Support Forum

Hi

We are testing this OpenVPN cloud on our testing environment. We set up a connector on the Azure network (10.0.0.0/24) on one of the Ubuntu servers and connected online. We also have a connector on on-prem network (192.168.1.0/24) on Ubuntu server and also connected online.

Azure Network:
VM 1 - Windows 11 - IP: 10.0.0.4
VM 2 - Ubuntu Server (OvenVPN connector) - IP: 10.0.0.5

On-prem Network:
VM 6 - Kali Linux - IP: 192.168.1.147
VM 7 - Ubuntu Server (OvenVPN connector) - IP: 192.168.1.143

Mobile network
Physical machine (running a OpenVPN client) tethering to iPhone via 5G network


My observation:
1) From 192.168.1.143 (OpenVPN connector),
ping to 192.168.1.147 - OK
ping to 10.0.0.5 - OK
ping to 10.0.0.4 - OK

2) From 10.0.0.5 (OpenVPN connector),
ping to 10.0.0.4 - OK
ping to 192.168.1.143 - OK
ping to 192.168.1.147 - OK

3) From 192.168.1.147,
ping to 192.168.1.143 - OK
ping to 10.0.0.5 - timeout
ping to 10.0.0.4 - timeout
>>> which I assume this is because there is no routing on the box? Is that correct?

4) From 10.0.0.4,
ping to 10.0.0.5 - OK
ping to 192.168.1.143 - timeout
ping to 192.168.1.147 - timeout
>>> which I assume this is because there is no routing on the box? Is that correct?

My question is that I need to add routing on each machine is that the solution?

While I'm using mobile network,
From the machine,
ping to 10.0.0.5 - OK
ping to 10.0.0.4 - OK
ping to 192.168.1.143 - OK
ping to 192.168.1.147 - OK

BUT, I'm not able to do RDP (port 3389) or telnet to 3389 to 10.0.0.4.
Any ideas?
Now, this 10.0.0.4 device has a public IP and I can RDP or telnet into it.


I'm appreciated your feedback.

Thanks

Hi dcpartners,

While I'm skipping a lot of steps here in the process of diagnosing connection issues, generally I've found it to be true that when you can ping a machine, but not get access to a port on it, the issue is not OpenVPN but a firewall or service configuration issue.

To explain that a bit further, OpenVPN works on the IP level. In almost all cases Layer 3 (routing) on the OSI Layer model. So if a ping to an IP works, then any TCP/UDP protocol should be able to work just fine. There are some cases of course that can be tricky with MTU sizes and so on that can cause some interesting issues, but in general, if you can ping something over an OpenVPN tunnel, you should be able to reach all ports on it. That's because OpenVPN by itself does not concern itself with ports, it deals with IP routing. If you can reach the IP, you should be able to reach all ports on that IP.

A firewall on the local device or the device offering a particular service can be an issue. Particularly with Windows firewalls I've found that it can apply different profiles (private, domain, public) to its built-in firewall. Also antivirus programs with built-in firewall can be a problem. To ensure that this is not a problem you could for example temporarily turn these off and see if things start working then. You can also use WireShark to monitor incoming packets on the target system running the RDP service and see if you see anything coming in, and how your system responds to it.

Another possible issue is that the service you're running is configured to accept connections on a particular IP or network interface, and if a VPN interface is present, it may simply ignore that and not listen there. So that's a service configuration issue where you may be able to solve that by telling it to listen to all interfaces and IP addresses.

With RDP service on Windows I would however expect the firewall on the Windows machine offering the RDP service to be the culprit.

OpenVPN Cloud however does have a number of functions built-in to block access to things in specific ways. I would recommend that you first try turning off the firewalls temporarily. And to check with WireShark if packets are coming in at all, and how responses are sent back. If you see nothing coming in then open a support ticket on our support ticket system at https://openvpn.net/support and submit these details there. A support representative can review your setup together with you and help to figure out where it's going wrong.

Kind regards,
Johan