I am using openvpn on ubuntu, not openvpn-as because I need several clients to connect. I can get the server to startup, but I want windows clients to connect to it. I've downloaded the OpenVPN client for Windows. What configuration files do I need to place on the client, and what changes do I need to make on the server side so that I can give access to different addresses and ports on those addresses that are accessible by the OpenVPN server? Thanks for your help.
Related
I am trying to set up OpenVPN so that I can access machines inside an Azure subnet from my pc which is outside Azure.
I have successfully installed OpenVPN on both server (Windows Server 2019) and pc (Windows 10) using the instructions here: https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide?__cf_chl_jschl_tk__=pmd_889e3e419b8b865ffd4da6e493bef6df0782273e-1629275604-0-gqNtZGzNAfijcnBszQgi, and I can successfully connect from client to server, however, I cannot connect to any other machine on the Azure subnet upon which the server is sitting.
The server and the other machines I want to connect to are on a 10.0.0.0 subnet, and the VPN is coming up on the 10.8.0.0 network as I would expect from the examples.
I have enabled IP routing on the server as recommended in the OpenVPN FAQ but this has not fixed the issue.
I have also added a 'push "route 10.0.0.0 255.255.255.0"' line to the server config, and I can see from the client log (and the client routing table) that this has been executed, but I am still unable to connect to other machines in the subnet.
I was looking into using Tap instead of Tun, but when I dug into at what was actually being used, it looks as if as if both ends are using the Tap adaptor anyway, even though I have specified 'dev tun' in both the client and the server configs.
I have had bit of a trawl but can't find anything about the Tap adaptor when the Tun adaptor has been configured, so that is a bit of a mystery.
The only other thing that I have read is that it might be necessary to set up a route back to the OpenVPN subnet on the gateway server for 10.0.0.0, but that's not a server I control as it's part of the Azure infrastructure.
What do I have to do to get access to other machines on the 10.0.0.0 subnet? And why is the Tap adaptor being selected despite the config specifying the Tun adaptor ?
I made a number of other changes before I finally got it sorted out - I do not know if they were all necessary but in addition to the above:
I changed 'dev tun' to 'dev tap' in the server and client configs.
I followed the instructions here NAT-hack to add NAT to the server.
And finally, I added 'route 10.0.0.0 255.255.255.0 10.8.0.1' to the
server config file.
There is a server in my company and many people in the company work on it by Putty. We installed the Putty for our own computers to remote the server. BUT all of these happened in the company's inner web.
Now I want to remote the server from outer web. For example, I am home and I work on the company's server. For now I dont know how to realize this.
How can I configure the server and my PC at home?
Need I make some configuration for the router of the company? How?
Thanks in advance.
Assuming your company has a competent IT staff, there is a firewall that blocks incoming SSH attempts out. (It is called SSH, not Putty. Putty is just a program that Windows users tend to use for SSH.) Inside the company's network, you can SSH. So, from home, you will hit a firewall and you can't SSH in.
Does your company have a VPN system? If so, use that. There are many forms of VPN. Your company's IT staff can tell you how to configure your home machine so it can connect to the company's VPN. Once it does that, it will be as though your home computer is inside the company. You are inside the firewall. You can SSH.
You can ask if they will open the firewall for you. They shouldn't, but you can ask.
If you don't have VPN, all is not lost, but it gets more difficult. I don't expect you to do this, so I will only list the steps.
Install an SSH server on your home computer. Get it up and running. SSH into it from another computer at home.
Forward incoming port 22 requests to your home's firewall/router to your home computer so you can SSH into your home machine from outside your house, ie: From work. Test it from work to ensure it works.
Set up a reverse port forward SSH connection from the server at work to your home computer. What this does is initiate an SSH connection from the work server to your home computer. It then listens on a port on your home computer (pretend you used 2222 as the port). Now, from home, you SSH to your home computer (localhost) on 2222 and it connects over the previously made connection to the server at work.
Your IT staff might notice that you did this. They probably won't like it because you are bypassing their firewall.
You can either forward the port of the server to the public internet, or you can set up a VPN located inside your company's LAN that can be reached from outside the LAN such as OpenVPN.
Note: If you are planning to forward the server directly, make sure the server's security settings are set up correctly to prevent misuse of attackers. You can also restrict access to specific IP addresses using a firewall.
Assuming that your server is behind corporate network, you MUST require a VPN connection to access it. Talk to your IT department and they will be able to help with setting VPN connection.
The website says:
Tunnlr uses SSH remote tunneling. It securely connects a port on your
local machine to an open port on our public server. Once you start
your Tunnlr client, the web server on your local machine will be
available to the rest of the world through your special Tunnlr URL.
Could someone please go into a bit more detail over how this entire process works? Or maybe point to something open source that allows the same thing?
The SSH protocol allows tunneling of connections in either direction. So based on the description above here's what is happening:
You download a client program (an SSH client) to your computer and run it.
The client establishes an SSH connection out from your computer to the tunnlr remote server
On the tunnlr server an access port is opened for incoming connections. Let's say port 1234.
Now when anyone connects to tunnlr:1234 the tunnlr server will instruct your client program through the connection established in step 2 to open a connection inside your computer - let's say to port 80 (e.g. you're running a webserver there).
The tunnel connection will now shuffle data between tunnlr:1234 and your_computer:80.
So effectively this is what is running:
[some_remote_computer]<->[tunnlr:1234]<->[SSH tunnel]<->[your_computer:80]
Assume some_remote_computer is your friend or anyone else you want to be able to connect to your local web server.
SSH is available for many platforms (Linux, Windows, OSX and more). You can build such tunnels quite easily with it, but you will of course need access to both computers you want to build the tunnel between. Let's say one computer is your own computer and another is a VPS you've rented (or any other remote server with SSH access). Now you can run exactly the same setup.
The advantage with tunnlr is they manage the remote server for you, and they have a registered hostname you can use for your tunnels.
I have set up a FTP server with Apache FTP server on local machine, this machine can access internet but its IP address cannot be accessed externally.
I also have another machine in a different city - it can access the internet but it is same in that its IP address cannot be accessed externally. The two computers are not on the same network so they are unable ping each other.
How I can use FTP client from another machine to access the FTP server, I know it should be impossible but do you guys have any workarounds (whatever code change or other approaches)
I am in the US - do you guys have idea how I can make my home IP publicly accessible?
it is very possible if you control the firewall that the server is behind. this is standard network configuration, and you can find hundreds of tutorials online, but the most important bit of information is the firewall, not the ftp server. you configure port forwarding on your firewall to forward incoming ftp requests to your internal ftp server. also, you will want to use "passive" ftp from the client because the client is also behind a firewall.
So I have this issue. The issue is I am unable to connect to my red5 server from a remote client. I also have not found any tutorials on how to install red5 so that remote clients can connect to it. However, here is what I have done...
Inside My MXML Flex File I try to connect to the computers IP that the server is running on(My Server is running from within Eclipse). The line for connecting looks like this netConnection.connect(rtmp://192.168.2.12/myApp, true);
All that happens is after a lot of minutes go by, I just get NetConnection.Connect.Failed and there is no log being output by Eclipse. Almost like it never even registers the connection that the remote client is trying to make.
The other interesting thing is that I am ABLE to connect to my Red5 Server using a different computer within my local home network just fine. But only when it is remote I am unable to connect.
I have changed my Red5-web.properties file and added this...
webapp.contextPath=/myApp
webapp.virtualHosts=*, 127.0.0.1, localhost, 192.168.2.14, 174.122.104.3
The 174 one is my website where the Flex Swf Resides on.
I think maybe somehow my computer is not setup or configured to allow these remote connections and is rejecting them or something, I'm not quite sure why a remote client can't connect. Does anyone have any idas?
Your help is greatly appreciated.
You may uninstall the red5 and reinstall it.
When it ask you the server ip address type your server's LAN adress (192.168.2.* or 10.0.0.* whatever). This solved my problem.
In my opinion, if you have at least one domain name that you own, the best way for you to go is to set up an Apache Http Server to your server machine, and create subdomains for both red5, rtmp and rtmpt. Make the Apache handle your incoming requests, and decide their correct routing there.
In case you don't own a domain, or the previous way is too time-taking to set up and get it work, you should just make sure that the ip address you're trying to connect to is not an internal IP.
In your example above you are trying to connect from the client to a 192.168... address. If you try to connect to it from within your LAN, it works, since that ip there is registered to your machine.
But when you take your notebook to your neighbor, and using his internet connection to access your site and connect to red5, the client (flex application) will also try to connect to that 192.168..., and your neighbor's router has no idea about your LAN, probably it doesn't have such an internal IP address either, but SURELY cannot connect to your server.
So instead of using 192.168... in your connection string, you should try using your external IP address (the 174... one):
netConnection.connect("rtmp://174.122.104.3/myApp", true);
This will work always, as far as you have a static IP address.
Also make sure, that your red5 server is accessible over the 80 port, or if it's not, specify the correct port number there.
For that you can do following thing...
These steps I took and it's solved my problem...
1.During the installation, you must have given ip 127.0.0.1 (localhost) and port :5080
2.firstly open the port (5080 and 1935) on firewall.
Visit http://windows.microsoft.com/en-in/windows/open-port-windows-firewall#1TC=windows-7
3.Now to go red5->conf->red5.properties and open this file in notepad++. (or any other editor)
4.repalce http.host and rtmp.host ip with your ip address (ipv4)
5.start the red5 service.
6.Now check http://yourip:5080
It will start working, and you can access it from other system also (in the same network Obviously )