Sign in to follow this  
Followers 0
pairughdocks

Only LTE/4G Clients Can Connect to VPN/RDP

7 posts in this topic

So, hopefully this is my LAST "request for help" post for awhile as all of my other issues have been resolved. This last one is killing me.

 

Domain Controller: 192.168.1.1

-AD, AD CS, DNS, File Services, Network Policy and Access Services, Print and Document Services, Web Server (IIS)

-No services report any errors

 

Gateway: 192.168.1.2

-m0n0wall

-DHCP Server

-Opened ports: TCP 3389 (RDP) / TCP 943 (OpenVPN WebUI) / UDP 1194 (OpenVPN Connection)

-NAT: TCP 3389 (192.168.1.1) / TCP 943 (192.168.1.3) / UDP 1194 (192.168.1.3)

 

OpenVPN Server: 192.168.1.3

-Debian

-eth0 is 192.168.1.3

-eth1 is down

-eth2 is down

 

Problem: From my cell phone on an LTE connection I can connect to remote desktop via my dynamic dns name (mysite.net), I can also connect to my OpenVPN server, and if I ping my WAN address or dynamic dns name I get a response. When I attempt to connect from my home PC or any PC for that matter, I can not connect to RDP, OpenVPN, and if I try to ping my WAN address or dynamic dns address I get "request timed out"

 

Now, to me this is not possible, since my LTE connection is no different than my computer trying to access these resources. Both devices have an ISP provided address that is on a completely different subnet trying to access internal resources.

 

On my home PC I disabled my firewall and internet security (Kaspersky) to ensure that nothing was acting up there. I had a friend try to connect via the OpenVPN client with test credentials and constantly gets "connection timed out"

 

Am I really looking over something bizarre or stupid? I'm hoping I gave all the information needed the first time, I also can set up access for trusted members if they need to poke around or view a join.me / lmi rescue session.

 

Thank you so much everyone!

Share this post


Link to post
Share on other sites

What are your subnet masks?

 

Is by chance your home PC on the same IP subnet as the VPN/RDP network systems?

Share this post


Link to post
Share on other sites

subnet masks are all 255.255.255.0, and the ISP is the same (local company)

Share this post


Link to post
Share on other sites

It sounds like you are trying to connect from internal PC --> Out through Internet Router --> Back in through Internet Router --> Internal VPN --> Internal RDP is that correct?

 

You are probably running into a NAT to NAT translation issue where its getting in and then it doesn't know where to direct the traffic in/back out.

Share this post


Link to post
Share on other sites

External PC --> m0n0wall (Internal) --> NAT directs if 943/1194 to 192.168.1.3 --> VPN server = fail / External Cellular connection --> m0n0wall (Internal) --> NAT directs if 943/1194 to 192.168.1.3 --> VPN server = success.

Share this post


Link to post
Share on other sites

So what network is this external PC on.. For starters ports 3389, 943 and 1194 could be blocked from the network that PC is connecting from. Is that external PC using a proxy for internet access.

So when you say vpn server fails, do you mean you never get prompted for auth, never actually make a connection. Or does it just not work and you get authed in, etc. What does the vpn client log say about the connection attempt? Do you even see the connection attempt at the server side?

Same for the rdp connection if that is open to public net without having to vpn - do you even get prompted for auth? If you want to PM me info I would be happy to test either of those connections for your from my connection.

Other possible issues, you say your trying to connect via a dyndns mysite.net, is this external PC resolving the fqdn to the correct IP if at all? Other issue as mentioned if your only trying vpn, and you get connected but its not working - what IP address this client on.

this

192.168.1.0/24 client --- vpn --- server 192.168.1.0/24

Normally will not work without some extra nat setup at the vpn server. Or use of TAP type connection vs TUN, where your sure that no overlap in IPs in the same network range.. So like .1-128 used on one side whiel .129-254 used on other side.

Happy to help you troubleshoot this - but need bit more info about what actually happens from the external side, etc. Again if you PM me info happy to test it from my side.

Share this post


Link to post
Share on other sites

Actually has of a few hours ago, I resolved this. I MAYYYYY have forgotten to set a static route in my firewall :blush: the only thing I have left to do is figure out why RADIUS and OpenVPN aren't communicating.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.