Page 1 of 1

VPN Client access other services on SE Server

Posted: Mon Aug 06, 2018 9:41 am
by cmpts_cpeacock
Hi,

I don't think it's possible after some reading but if someone can clarity that would be great...

I VPN to the SE Server. I can access all devices on the attached physical network. I cannot access the SE server's physical IP address though.

This is a Ubuntu OS running Python / web server. Once the VPN client is connected it cannot access the web pages hosted on Ubuntu.

I believe due to security this is by design, but is there any way for the VPN client to access services / ports / etc when you're using SE on the same server as a web server (or other services)?

Thanks

Chris

Re: VPN Client access other services on SE Server

Posted: Mon Aug 06, 2018 9:11 pm
by centeredki69
cmpts_cpeacock - I VPN to the SE Server. I can access all devices on the attached physical network. I cannot access the SE server's physical IP address though.

Do you mean you can access all devices on the remote network ( devices where the vpn serves is located ) or your local network (devices where the client is located)?

Re: VPN Client access other services on SE Server

Posted: Tue Aug 07, 2018 8:05 pm
by cmpts_cpeacock
Hi,

YEs - I can access all devices on the attached physical network. This means what the SE server is connected to on the physical network, I can access all those devices.

I cannot access the SE server on the physical server IP though.

Sounds like you have the same issue, which as previously mentioned seems to be by design.

If anyone has a workaround that would be great!

Chris

Re: VPN Client access other services on SE Server

Posted: Tue Aug 07, 2018 8:38 pm
by centeredki69
I am not sure about Linux as all my experience is with SE on windows based OS. However I DO NOT have this issue.
When I use a SE client to connect to my SE server VPN. The client is able to access the "VPN Server" and all "attached shared devices" on the remote network using the VPN tunnel. I am also able to access any local network Shares at the client location as well.

I assume you created the " local bridge" as you stated you have access to all attached devices other then the SE Server machine?
Can you ping the SE server machine through the VPN?

Re: VPN Client access other services on SE Server

Posted: Tue Aug 07, 2018 8:42 pm
by cmpts_cpeacock
Hi,

I used SecureNAT. Yeah Linux / Ubuntu.

I think Windows is better at working out this sort of networking, but Linux applies some separation.

Chris

Re: VPN Client access other services on SE Server

Posted: Tue Aug 07, 2018 8:52 pm
by centeredki69
Oh I see "secureNAT" is doing just what it is supposed to do Then. It isolates any VPN connections from the Local network. Basically allow you to create a separate network.

"Local bridge" connects the local network to the virtual HUB and would allow access to the local network to the clients.

Re: VPN Client access other services on SE Server

Posted: Fri Aug 10, 2018 10:28 am
by cmpts_cpeacock
This is sorted. Now using Local Bridge. Thanks for the input!

This is ARMBIAN OS so had to do a bit of reading to get it working, but essentially:

- Create a SE bridge
- Create a TAP address
- Install and enable dnsmasq to act as the DNS and DHCP
- create init.d service with the TAP IP
- tell systemd-resolved not to use DNS


Lots of guides out there but based on these too:

# references
# http://blog.lincoln.hk/blog/2013/03/19/ ... er-on-vps/
# http://blog.lincoln.hk/blog/2013/05/17/ ... al-bridge/