How are some ports still blocked after connecting to VPN?

[1Icarus2]

Hi everyone,

I'm running into this very weird issue that I cannot seem to resolve.

I have 2 (internet facing) maintenance websites that runs on port 10001 and port 5001. When I am home and I connect to the VPN, it works perfectly, but when I'm at a client, it doesn't... whether I'm connected to the VPN or not.

Now I do understand why it doesn't work at the client, because they pretty much block every single port except for 80 and 443, but what I don't understand, is that even though I do successfully connect to the VPN, I still cannot access those websites on those ports.

I have checked my VPN config settings, and it does use the VPN's default gateway and when I do a IP lookup it does show my Server IP as the public IP.

Is this something that I can configure somewhere? It was my understanding that VPN tunnels will isolate you completely from all traffic and ports... so how is it that the client's Firewall can still detect that I'm connecting to that ports?

Regards,

[kh_tsang]

Can you try to connect using private IP after establishing the vpn connection?

[1Icarus2]

kh_tsang wrote:
> Can you try to connect using private IP after establishing the vpn
> connection?

I'm not sure I understand your question. If you are referring to after I've connected to the VPN, and obtaining the server's IP addres, then yes, I have tried this.

To give an example, my ip address is x.x.x.x before VPN, after connecting to VPN it's y.y.y.y, of which is correct. I can access any website I want, except for the websites with different ports than 80 and 443.

This problem is only when I use the clients network and connect to my VPN.

[kh_tsang]

There should not be any restriction on the outbound port number after you connect to the VPN unless your destination IP is the public IP of that VPN.

[1Icarus2]

kh_tsang wrote:
> There should not be any restriction on the outbound port number after you
> connect to the VPN unless your destination IP is the public IP of that VPN.

Hmm wait that is what I'm doing right now....

My server is hosting these 2 websites. Is this a problem?

[kh_tsang]

Suppose there is a server listening port 10001 and port 5001. The server has a private IP address and a public IP address mapped to the private IP address. After you connect to the VPN, you should connect to the server using the server's private IP address.

[1Icarus2]

The VPN and the websites are on the same server. So both private and public IP address are the same for the server.

Lets say my server public and private IP address is 10.190.8.10. (This is how the host set it). I have a domain that points to the IP address with example.com.

So if I want to connect to the website without VPN, I will go to https://example.com:5001/, when I connect to the VPN, I want to go to the SAME address.

This does work when I'm on any other connection apart from this one particular clients network...

[kh_tsang]

When you connect to the VPN server, the client will add a route pointing the vpn server's public IP at the original gateway.

[thisjun]

What OS do you use on the server?

[anupamsworld]

Although this reply is being very late compared to the asked time but still I am sharing the solution assuming that it could help you of anybody else out there.
.
I faced the same kind of problem.
I found that the firewall settings for the apache server for public network was blocked.
As the SoftEther vpn client creates virtual network adapter as public one, by default, hence the incoming connection(which is public) through the virtual vpn adapter was being blocked by the firewall.
I modified the firewall entry and allowed port 80 for public connection and it worked!