Jump to content



Photo

Only LTE/4G Clients Can Connect to VPN/RDP

Answered Go to the full post

  • Please log in to reply
6 replies to this topic

#1 pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 17 January 2014 - 01:09

So, hopefully this is my LAST "request for help" post for awhile as all of my other issues have been resolved. This last one is killing me.

 

Domain Controller: 192.168.1.1

-AD, AD CS, DNS, File Services, Network Policy and Access Services, Print and Document Services, Web Server (IIS)

-No services report any errors

 

Gateway: 192.168.1.2

-m0n0wall

-DHCP Server

-Opened ports: TCP 3389 (RDP) / TCP 943 (OpenVPN WebUI) / UDP 1194 (OpenVPN Connection)

-NAT: TCP 3389 (192.168.1.1) / TCP 943 (192.168.1.3) / UDP 1194 (192.168.1.3)

 

OpenVPN Server: 192.168.1.3

-Debian

-eth0 is 192.168.1.3

-eth1 is down

-eth2 is down

 

Problem: From my cell phone on an LTE connection I can connect to remote desktop via my dynamic dns name (mysite.net), I can also connect to my OpenVPN server, and if I ping my WAN address or dynamic dns name I get a response. When I attempt to connect from my home PC or any PC for that matter, I can not connect to RDP, OpenVPN, and if I try to ping my WAN address or dynamic dns address I get "request timed out"

 

Now, to me this is not possible, since my LTE connection is no different than my computer trying to access these resources. Both devices have an ISP provided address that is on a completely different subnet trying to access internal resources.

 

On my home PC I disabled my firewall and internet security (Kaspersky) to ensure that nothing was acting up there. I had a friend try to connect via the OpenVPN client with test credentials and constantly gets "connection timed out"

 

Am I really looking over something bizarre or stupid? I'm hoping I gave all the information needed the first time, I also can set up access for trusted members if they need to poke around or view a join.me / lmi rescue session.

 

Thank you so much everyone!



Best Answer +BudMan , 18 January 2014 - 15:07

So what network is this external PC on.. For starters ports 3389, 943 and 1194 could be blocked from the network that PC is connecting from. Is that external PC using a proxy for internet access.

So when you say vpn server fails, do you mean you never get prompted for auth, never actually make a connection. Or does it just not work and you get authed in, etc. What does the vpn client log say about the connection attempt? Do you even see the connection attempt at the server side?

Same for the rdp connection if that is open to public net without having to vpn - do you even get prompted for auth? If you want to PM me info I would be happy to test either of those connections for your from my connection.

Other possible issues, you say your trying to connect via a dyndns mysite.net, is this external PC resolving the fqdn to the correct IP if at all? Other issue as mentioned if your only trying vpn, and you get connected but its not working - what IP address this client on.

this

192.168.1.0/24 client --- vpn --- server 192.168.1.0/24

Normally will not work without some extra nat setup at the vpn server. Or use of TAP type connection vs TUN, where your sure that no overlap in IPs in the same network range.. So like .1-128 used on one side whiel .129-254 used on other side.

Happy to help you troubleshoot this - but need bit more info about what actually happens from the external side, etc. Again if you PM me info happy to test it from my side. Go to the full post



#2 pupdawg21

pupdawg21

    Neowinian

  • Joined: 16-June 09

Posted 17 January 2014 - 01:36

What are your subnet masks?

 

Is by chance your home PC on the same IP subnet as the VPN/RDP network systems?



#3 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 17 January 2014 - 01:38

subnet masks are all 255.255.255.0, and the ISP is the same (local company)



#4 pupdawg21

pupdawg21

    Neowinian

  • Joined: 16-June 09

Posted 17 January 2014 - 01:46

It sounds like you are trying to connect from internal PC --> Out through Internet Router --> Back in through Internet Router --> Internal VPN --> Internal RDP is that correct?

 

You are probably running into a NAT to NAT translation issue where its getting in and then it doesn't know where to direct the traffic in/back out.



#5 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 17 January 2014 - 01:50

External PC --> m0n0wall (Internal) --> NAT directs if 943/1194 to 192.168.1.3 --> VPN server = fail / External Cellular connection --> m0n0wall (Internal) --> NAT directs if 943/1194 to 192.168.1.3 --> VPN server = success.



#6 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 85
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 18 January 2014 - 15:07   Best Answer

So what network is this external PC on.. For starters ports 3389, 943 and 1194 could be blocked from the network that PC is connecting from. Is that external PC using a proxy for internet access.

So when you say vpn server fails, do you mean you never get prompted for auth, never actually make a connection. Or does it just not work and you get authed in, etc. What does the vpn client log say about the connection attempt? Do you even see the connection attempt at the server side?

Same for the rdp connection if that is open to public net without having to vpn - do you even get prompted for auth? If you want to PM me info I would be happy to test either of those connections for your from my connection.

Other possible issues, you say your trying to connect via a dyndns mysite.net, is this external PC resolving the fqdn to the correct IP if at all? Other issue as mentioned if your only trying vpn, and you get connected but its not working - what IP address this client on.

this

192.168.1.0/24 client --- vpn --- server 192.168.1.0/24

Normally will not work without some extra nat setup at the vpn server. Or use of TAP type connection vs TUN, where your sure that no overlap in IPs in the same network range.. So like .1-128 used on one side whiel .129-254 used on other side.

Happy to help you troubleshoot this - but need bit more info about what actually happens from the external side, etc. Again if you PM me info happy to test it from my side.

#7 OP pairughdocks

pairughdocks

    Neowinian

  • Joined: 06-June 09
  • Location: /bin/bash

Posted 20 January 2014 - 02:44

Actually has of a few hours ago, I resolved this. I MAYYYYY have forgotten to set a static route in my firewall :blush: the only thing I have left to do is figure out why RADIUS and OpenVPN aren't communicating.





Click here to login or here to register to remove this ad, it's free!