Web Access over VPN

dnicolaidis · April 1, 2021, 10:35pm

Hi,

I’m using a device as an open VPN client. The VPN setup is working using OpenVPN. Connected to the VPN client is my NAS with RSync to the “master” NAS connected to the VPN server.

The NAS connection is working for RSync along with web access to the console and SSH.

I am trying to setup the same access so that I can remotely configure the VPN client from the server side. But none of the port forwarding or firewall rules I’ve tried has worked.

Any suggestions on routing or rules on the GL device (VPN client)?

agent_smith · April 2, 2021, 9:49pm

Can you please draw the connection diagram with comments?

alzhao · April 3, 2021, 2:32am

Pls try using snaptshot firmware beta6 https://dl.gl-inet.com/firmware/snapshots/3.201_beta6/

You will find that in the vpn client page there is an option to allow local access. That is used to turn on the firewall on the vpn interface so that you can do portforwarding.

dnicolaidis · April 3, 2021, 12:47pm

Hello, hopefully this contains all the information. Needed.

dnicolaidis · April 3, 2021, 1:36pm

I’ve updated to this firmware version and the same issue remains. I have enabled the feature in the VPN client settings. Do I need to allow anything else or setup portforwarding?

alzhao · April 5, 2021, 12:29pm

First, try firmware 3.201 snapshot. https://dl.gl-inet.com/firmware/snapshots/3.201_beta6/

There is an option in the ovpn client to enable local access.

Second, Seems you have 192.168.1.0/24 subnet in both the vpn server and client, which should be avoided. Pls change the subnet of the client broad router to others instead of 192.168.1.x

dnicolaidis · April 5, 2021, 1:07pm

Hi,

I have set up location 3 to test the setup as this is local to me, this uses a LTE connection so seperate to my main network.

Location 2 has the v3.201 beta 6 fw installed, option enabled and different ip range I am still unable to connect to this from location 1. I have tried with and without port forwarding and with/without port access on the device.

blancmange · April 5, 2021, 1:14pm

Hey have you looked at Astro Relay? It’s what I’m using to view the web admin panels of routers behind other routers, no need to forward ports, took 5 minutes to setup using the YouTube guide. Way simpler.

dnicolaidis · April 5, 2021, 2:08pm

Hi, yes, I’ve seen it. As I want web access to other things within the VPN network I’d rather not use the Astro as well as security concerns over access to everything.

Johnex · April 5, 2021, 2:23pm

What security concerns do you have exactly? If you relay VPN, the traffic is already encrypted, so not more to worry about than your data going via your ISP or via the internet. Links are not made automatically to access everything, you must do them yourself for each thing you want to access.

dnicolaidis · April 5, 2021, 2:41pm

Accessing via Astro opens control outwith settings I would have full control over. I don’t see the need to use it if I have my own VPN set up correctly and would have full access to all devices within that envirmoment.

Johnex · April 5, 2021, 3:00pm

If you have a public IP in your 4G location then sure, direct connection is the way to go. But usually ISP’s don’t provide a public IP on 4G networks, that is where AstroRelay comes in.

dnicolaidis · April 5, 2021, 3:50pm

If I wanted to address via internet I could use DDNS but I should be able to accomplish from within the VPN enviroment by using the devices allocated ip address/port.

Johnex · April 5, 2021, 3:55pm

The issue is that if you don’t have a public ip, you won’t even be able to access the port on the server. We are not talking dynamic vs static ip where you can use DDNS, that is another thing. Not having a public IP is an issue that a lot of users on 4G have. The symptoms are that you open the ports you need, but you can’t connect, it just fails. Another way to check is if the WAN IP you get from your ISP is not the same as the one reported by sites that show your IP.

dnicolaidis · April 5, 2021, 3:59pm

This isn’t the issue I’m having. I’m entirely within my VPN envirmoment. I can access another device’s web page/ssh on the same network as my VPN client but not the webpage of my VPN client. From what @alzhao has confrimed it should be possible to accomplish. There’s obviously a setting / rule I’m missing to get it working.

alzhao · April 5, 2021, 4:03pm

I think it is all about routing. If you can set up the correct routing it should be OK. But I may be wrong.

If you are using beta6 firmware, you can enable ssh access from Goodcloud so that you can set up the routers remotely and manipulate the routing table.

dnicolaidis · April 5, 2021, 5:51pm

@alzhao I’d disabled the option for “Use VPN for all processes on the router” as I didn’t want to use the VPN so if it went down the device would still maintain it’s internet connection. I enabled this and now have we access from within the VPN environment.

@Johnex all sorted now, simple setting issue. New firmware needed but all sorted.

Johnex · April 5, 2021, 8:36pm

Glad you got it fixed

agent_smith · April 6, 2021, 9:10pm

On which device is this option available “Use VPN for all processes on the router”?
On my Gl-AR300M I don’t have this or similar option.

dnicolaidis · April 7, 2021, 8:11am

@agent_smith there’s a beta version of new firmware with this included

firmware 3.201 snapshot. https://dl.gl-inet.com/firmware/snapshots/3.201_beta6/