I want to setup a render farm in EC2 (all Win2012r2) with several slaves an one instance with a OpenVPN connection to our office LAN (all OSX).
What I have done so far:
setup VPC 10.42.0.0/16
setup OpenVPN 10.8.0.0/24, one instance as client, the server is in our office 192.168.1.0/24, the connection is working flawlessly
added 10.8.0.0/24 and 192.168.1.0/24 to the VPC Route Tables/Routes Tab with target: VPN client instance
Source/dest checks turned off for the VPN client instance
What is working:
I can ping around in the VPC
I can ping around the VPN
What doesn't work:
ping from VPN server to the clients VPC-address
ping from a slave node to the VPN net
some debugging:
wireshark on the VPN client 10.8.0.14 shows a ping echo 'no response' when trying to ping 10.8.0.14 from 10.42.243.30, so the return route seems to be broken
So how do get the VPC working that every instance can ping to the VPN server and additionally our office lan?
Regards,
Dennis
I suspect you need to configure your Network ACLs (Security Groups) to allow all inbound and outbound traffic between your VPC nodes.
I figured out the Windows service Routing and Remote Access didn't run as suspected.
No everything works like a charm!
--Dennis
Please check your VPN Settings from OpenVpn Admin Page. Specify the private subnets to which all clients should be given access at Rooting section from the VPN Settings Tab on OpenVPN Admin Page.
Related
Is there any way for me to connect to a VPN without having it use my DNS? My internet provider where im connected can only use the DNS to connect to a separate server, which then connects to the internet as the router only interacts with that server, so if I change my DNS, my connection instantly stops working.
Is there any service that connects to a server without DNS as a VPN, or even some way to set up a proxy to go to another server after it interacts with my DNS?
Tried Changing DNS, no connection using cloudflare or google DNS servers (1.1.1.1, 8.8.8.8), Hotspot Shield VPN wouldn't connect, VPN from my home network wouldn't connect.
So, your ISP allows DNS traffic only to its server. And you want to by-pass this limitation.
Solution 1: SSH Proxy
ssh -D 5000 user#host
Now, you can set your applications to use proxy on socks5://localhost:5000
You must set "Proxy DNS on socks5"
This proxy goes throught the SSH server
Of course you need SSH server somewhere to connect to.
Solution 2: DNS over HTTPS
https://en.wikipedia.org/wiki/DNS_over_HTTPS
https://manpages.ubuntu.com/manpages/bionic/man1/dnss.1.html
It should work because your DNS packages go as HTTPS packages.
Solution 3: VPN or other services like nordvpn
It should work also since packages go encrypted to the VPN.
Actually, VPN should work without your ISP DNS as long as you connect to the VPN IP address instead the hostname.
Finally
Solution 2 seems to be the only one you are able to perform without external services.
VPC and Subnet => Public and has an Internet Gateway
I've Apache web server running on the instance listening on port 80 & 443 and I can reach it from within the ec2 instance.
VPC and Subnet NACL is set to default and allows all network.
Instance has a public DNS
I can RDP into the instance from my local.
Instance can reach the internet
I cannot reach the instance via my local on browser or telnet on port 80/443
Do you guys have any idea what's causing it?
I've verified that the subnet is public, has an internet gateway, NACL's good and I can RDP into the server. The instance can access the internet.
Edit: Security Group on the Instance allows all ports from my IP address.
It was the windows firewall settings. I had to allow ports 80 and 443 to go through.
Thanks to Steve G in the question comments for the answer.
I have an ECS instance running in alibaba. My ECS is in a VPC that has a SSL server. I have downloaded the SSL client certificate which allows me to connect to openVPN and to ping the ECS instance from my local box while connected to openVPN.
However, when I login to the ECS instance, I am unable to ping back my local box. My security group is a basic one which allows all connections. I didn't touch the outbound connection.
Here are the details of my SSL Server, and successful ping screenshot (My ECS Primary Private IP Address is 192.168.0.201)
Here is a screenshot of my unsuccessful attempt to ping my local home IP address (The IP, 192.168.10.190,in the screenshot below is an arbitrary one for illustration purpose) from the ECS instance.
When you connect to VPN, you're assigned a private client IP of 192.168.2.0/24 as per your SSL VPN settings. This is the network that will be used for your VPN connection. From your screenshot I see that you're pinging to your local 192.168.10.190. Your cloud server does not have access to this network.
You can try pinging to your client 192.168.2.0/24 IP from your ECS. You probably will need to a the route to your VPC > Route Tables. I haven't tried connecting cloud server via SSL VPN myself, but I've used IPSec for two-way site-to-site connection, which is more suitable for this situation.
I want to have a SSH connection from my local windows machine or VM on my computer to Azure windows server VM. I tried Cygwin and Putty but both of them gave timeout connection. I used public ip address and opened port 22 on Azure VM.
I will appreciate if some one can give me any hints or links.
There are multiple firewalls that can be the reason here. Fist you must have a rule on the server to allow incoming SSH requests (port 22). Then you need to configure the NSG(Network security group) to allow incoming on port 22. If it still doesn't work, you need to verify that you are allowed to do an outgoing SSH request from your computer.
Thanks for suggestions, I found the problem which was the host machine IP address(ipconfig) (where is a local VM inside domain) was different from the IP address that communicate outside the domain to internet. I was set in NSG of Azure VM to only accept this IP and because of that it gave time-out error. After changing the IP it works.
I have tried everything, I can get to my application using the ec2-x-x-x-x.compute-1.amazonaws.com, I cannot ping the address.
However, when I do ping the amazon DNS, it identifies with the IP address of but does not respond to ping.
When I put the IP address in the browser, it times out and gives me the Chrome "Oops", I have went through the Security vgroup several times.
I have checked the server, including the IPtables and the ports that Apache is listening to.
I don't have a lot of knowledge in this area, But I tried everything in the forum and more.
I even created another Elastic IP and associated it with the instance.
Please help.
By default, you cannot ping an EC2 instance, since it is blocked by the firewall (see why can't I ping my instance):
Ping uses ICMP ECHO, which by default is blocked by your firewall.
You'll need to grant ICMP access to your instances by updating the
firewall restrictions that are tied to your security group.
ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0
Check out the latest developer guide for details.
Section: Instance Addressing and Network Security -> Network Security
-> Examples
As for HTTP requests - your instance is available and looks fine (I suggest you remove the real DNS name from your post though)...
For ec2 best options is
1) open port 5060 and 10000-20000 udp on firewall(security group)
2) order and attach elastic IP.
3) in sip.conf add
externhost=elastic_ip_her
localnet=10.0.0.0/255.0.0.0
Every time you start/stop that instance attach same elastic IP.
For web access you also need open port 80 in security group