Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOne NZ (including Farmside)OpenVPN and Ultra Hub
ArnoldGoat

57 posts

Master Geek
+1 received by user: 4


#289027 8-Aug-2021 11:27
Send private message

I want to be able to connect to LAN devices from the internet via OpenVPN. This requires a reverse path to be set preferably in the router to send replies via the OpenVPN router (on a Windows Server). I tried adding a static route, but Ultra Hub didn't offer LAN as an interface. I tried leaving it blank but it didn't work.

 

My workaround was to add a static route in Option 121 on the DHCP server. This works OK for Windows machines, but now I have some ESP8266 LAN server devices, and although they accept addresses from DHCP, it appears they ignore option 121 - hardly surprising for a $4 gadget. It's all OK within the LAN, so I can live with no remote access.

 

What can I do? Is there a backdoor to Ultra Hub to add the route? I don't really want to specify the OpenVPN server as my default LAN router as it might crash and/or be a bottleneck on my 900Mb/s  Internet connnection. I wouldn't mind telling the ESP8266s to do that, but I don't know how.

Create new topic
nztim
4015 posts

Uber Geek
+1 received by user: 2713

ID Verified
Trusted
TEAMnetwork
Subscriber

  #2756684 8-Aug-2021 11:39
Send private message

Sounds like what you are wanting is a port forward




Any views expressed on these forums are my own and don't necessarily reflect those of my employer. 



ArnoldGoat

57 posts

Master Geek
+1 received by user: 4


  #2756696 8-Aug-2021 12:12
Send private message

Do you mean to each device on the LAN that I want to access? I am trying not to make unnecessary inbound holes, AND make it easy to use: connect to VPN from outside, then use iPad/iPhone as if it were local.

cyril7
9075 posts

Uber Geek
+1 received by user: 2499

ID Verified
Trusted
Subscriber

  #2756701 8-Aug-2021 12:25
Send private message

Hi, you seem to have a distored way to think about how a VPN is best to work. If it terminates on the Windows server then assuming you have it correctly setup, devices outside the network tunnelling in can access ALL devices in the network with no further effort. It would be normal to port forward the required ports for OpenVPN to the OpenVPN server. i.e. 443 TCP and 1194 UDP

 

Cyril



michaelmurfy
meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2756703 8-Aug-2021 12:33
Send private message

Your setup sounds messy.

 

Consider grabbing a Raspberry Pi or firing up a Linux server via Hyper-V on the Windows Server and using Wireguard which is a much faster VPN protocol. There is a simple installation script for this: https://www.pivpn.io/

 

You then shouldn't have to do any routes.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Spyware
3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

  #2756764 8-Aug-2021 13:36
Send private message

For traffic from the tunnel to the LAN you would need to src nat it to the VPN server address so that the traffic appears to be local. How this is done in Windows Server is not my area of expertise.




Spark Max Fibre using Mikrotik CCR1009-8G-1S-1S+, CRS125-24G-1S, Unifi UAP, U6-Pro, UAP-AC-M-Pro, Apple TV 4K (2022), Apple TV 4K (2017), iPad Air 1st gen, iPad Air 4th gen, iPhone 13, SkyNZ3151 (the white box). If it doesn't move then it's data cabled.

ArnoldGoat

57 posts

Master Geek
+1 received by user: 4


  #2757304 9-Aug-2021 15:54
Send private message

Michael: Well if it's messy, it's because I had to work around not being able to addi a static route to the router, or put OpenVPN on the router, because of Vodafone restrictions.

 

Cyril: I don't think I have a distorted view. It is set up just as you describe, except that devices outside the network tunnelling in can access ALL devices in the network with no further effort isn't so. What I have read says that each device behind the OpenVPN server needs a route to the OpenVPN Server, which is automatic if you can put OpenVPN on the default gateway machine, or provide a route from there to the OpenVPN server, neither of which I can do.

 

It would be true if I shifted from routing to ethernet bridging, in which case all the routing problems disappear. I think I will try that. I only have a handful of mobile clients.

 

But thanks to both of you for trying to help.

 

Ken

 

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright