I'm working on a ASP.net web application and I want to bind it so it can be used from a remote network through OpenVPN. I already have the connection with the network and I can ping my device from the other devices inside the network. This is the configuration I used for OpenVPN
client
dev tap
proto tcp
dev-node openvpn
remote 86.89.135.168 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
#ifconfig 192.168.201.221 255.255.255.0
#route-gateway 192.168.201.1client
In the applicationhost.config I'm binding this:
<bindings>
<binding protocol="http" bindingInformation="*:52022:*" />
<binding protocol="http" bindingInformation="*:52022:192.168.201.68" />
<binding protocol="http" bindingInformation="*:52022:localhost" />
</bindings>
I can access the application by localhost or by the local ip adress. But when I try to access it with the vpn ip from a device in the network I get this:
My firewall is off and even though it doesn't work. And like I said it works in other devices in my local network and in the host machine but it doesn't work with devices from the remove network.
Can someone help me solving this? I'm new at this.
I solved my problem by:
1.Adding my VPN executor as an Exclusive in the 'virus and threat protection settings'.
2.Adding it to “Allow an app or feature through Windows defender Firewall” (if its not in the list you got to click on "allow another app"
3.Add a TCP Inbound rule in the "Windows Defender Firewall with Advanced Security” to the port that you VPN will be using for communication. In my case it is 443.
Related
I have configured Windows Server 2016 for a L2TP VPN connections via pre-shared key. The server's LAN side address is 192.10.0.100. I can access the VPN from the LAN side.
From outside the local network, I get an error message saying "the remote server is not responding" and mentioning the possibility of NAT or firewall issue.
Here are the rules I have put in place for the VPN:
NAT
add action=dst-nat chain=dstnat comment="NAT Rule for L2TP General Port 500" \
dst-address="Mikrotik public IP Address" dst-port=500 protocol=udp to-addresses=\
192.10.0.100 to-ports=500
add action=dst-nat chain=dstnat comment="NAT Rule for L2TP General Port 1701" \
dst-address="Mikrotik public IP Address" dst-port=1701 protocol=udp to-addresses=\
192.10.0.100 to-ports=1701
add action=dst-nat chain=dstnat comment="NAT Rule for L2TP General Port 4500" \
dst-address="Mikrotik public IP Address" dst-port=4500 protocol=udp to-addresses=\
192.10.0.100 to-ports=4500
Firewall:
add action=accept chain=input comment="allow L2TP port 500" dst-port=4500 \
protocol=udp
add action=accept chain=input comment="allow L2TP port 1701" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow L2TP port 4500" dst-port=4500 \
protocol=udp
add action=accept chain=forward comment=\
"Allow forwarding for L2TP VPN (udp)" dst-address=192.10.0.100 \
protocol=udp
It appears the client can contact the server but is getting no response. Is there another NAT for return traffic that I am missing? Thanks in advance.
If you get an error message indicating a problem with firewall, might check your client and server side Registry entries.
The instructions here for setting up an L2TP VPN on a windows server, point out that you have to add a DWord Value to the Registry on both the Server and the client to make the NPS changes work.
Go to
HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> PolicyAgent
Add
AssumeUDPEncapsulationContextOnSendRule
Change the Value Data to 2.
Turns out you do NOT need that for testing the VPN on the LAN side but do on the WAN side. Consequently, did not think to check my spelling until I was able to connect to the VPN from my MacBook Pro.
I have installed mirthconnect on windows virtual machine in azure resource manager. I am able to access admin console with http://localhost:8080 .But same is not accessible from internet. I have added endpoints in network security.
Is there any other configuration I am missing here ?
I am able to RDP to the machine . I have tried with source as * and destination as * also . But still no luck.
I am not able to telnet also with the VM public IP and the given ports.
Connect to your Virtual Machine, Open the Firewall Advanced Settings and add an exception for the port 8080 as the EndPoint Configuration doesn't do that for you
Did you allow 8080/TCP from anywhere, for all profiles in Windows Firewall?
Is you daemon listening on 0.0.0.0 or just 127.0.0.1?
netstat -ban
should give you the answer there.
e.g.
[spoolsv.exe]
TCP 0.0.0.0:1540 0.0.0.0:0 LISTENING
[lsass.exe]
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING
[vmms.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
If you're only listening on localhost (127.0.0.1) you need to address the configuration of your daemon and then restart it.
I have two VMs. Both on the nat (vmnet8) adapter. Both machines appear to be on the same subnet.
Guest1 - 192.168.18.146
Guest2 - 192.168.18.150
I can ssh between the machines. However, when I try http it fails:
[root#localhost conf]# wget 192.168.18.146
--2016-02-18 09:53:03-- http://192.168.18.146/
Connecting to 192.168.18.146:80... failed: No route to host.
How can I access a webserver hosted on guest1 from guest2?
I have also tried a custom adapter and bridged with the same result.
OS firewall issue. I originally verified that iptables was not running but another service, firewalld was running and blocking access to port 80. Disabling the firewall allows me to access port 80 from my guests and host.
Hi StackOverflow members,
I have an issue with ssh connection on my Debian 7 system to a remote OpenSSH server located on the same network. It looks like there is some network configuration problem but I cann't find where it lays. This two debian machines are connect with a switch that is NOT connected to a router. So the two machines have no internet connection.
A-Debian 7
IP: 192.168.1.2
MASK: 255.255.255.0
GW: 192.168.1.1
B-Debian 7
IP: 192.168.1.3
MASK: 255.255.255.0
GW: 192.168.1.1
With that configuration the ssh command prompts my for a password in less then a second. But the with the following network configuration I get the password prompt after a 10+ second delay:
A-Debian 7
IP: 10.10.1.83
MASK: 255.255.255.128
GW: 10.10.1.1
B-Debian 7
IP: 10.10.1.82
MASK: 255.255.255.128
GW: 10.10.1.1
The ssh connection from the server A -> B runs with both configs on custom 1111 port.
The B machine has also a Web server running on port 8080 that has no delays with both net configurations.
Thank you in advance for any clues or tips how to solve that problem.
SOLVED: Removing of the gateway parameter "GW: 10.10.1.1" in the network settings has solved the problem.
The usual culprits here are IPv6 and DNS lookups.
SSH might try to connect via IPv6, first, but the timeout is too low for that. You can see whether IPv6 is enabled with
cat /proc/sys/net/ipv6/conf/eth0/disable_ipv6
To disable:
echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6
The second culprit is DNS; my guess is that DNS lookups don't work correctly with the second configuration. Try host www.google.com to test this theory.
If that also has a delay, you need to fix your DNS setup.
If that's not it, check the rest of your networking parameters: Gateway, cables, etc.
Start to ping the other host. Is that fast & reliable?
Next, try remote login (ssh, telnet). Note that you can give telnet a port to connect to, so if you have DB server running, you can still use telnet to connect to the server. It will print an error but it allows you to test the TCP/IP connection without any extra error sources.
Recently, I upgraded my dev env from ver1.1 to ver 1.5 of the Azure SDK (I know - am a little too late :))
What I noticed was that my webrole was opening up at the port 81 always. Is there a way for me to force open the azure webrole on port 80 in my dev env?
The reason I need this is :
I have a browser extension which connects to my webrole - and it expects the webrole to be on port 80; Until now, testing on the dev env was easy - I just need to do an etc/host redirection and my regular browser plugin would connect to my dev fabric.
On my website, I also provide open-auth authentication from google/facebook. I would not be able to test that on my dev env if I access it as www.mywebsite.com:81/ instead of www.mywebsite.com
Anyone has a pointer?
Kapil
Just make sure port 80 is available. The compute emulator takes the port you asked for or the first available port above that.
If you are using emulator - this will be an issues, cause it opens first free port.
If you will host your role on azure, you can configure your port in config file.
For example , in this configuration:
<WebRole name="TestApplication1">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
<Imports>
<Import moduleName="Diagnostics" />
</Imports>
<ConfigurationSettings>
<Setting name="MyCustomSettingInAzure" />
</ConfigurationSettings>
You can see that for endpoint1 we configured port to use with number 80.
Update:
I've searched a bit, and found this post:
http://social.msdn.microsoft.com/Forums/en/windowsazuredevelopment/thread/ae2df7e0-5005-4bcd-8b69-bb53323eb589
There are some ideas which i believe can help you. It will require adding some commands to your pre-build actions.
One more update
Please run command : Netstat -a -n -o
This will show who is using port 80
If you can't force it to use port 80 in stead of port 81 in your development environment even if it the port is available, then you could install Fiddler2 and try to add the following Fiddler rule at the bottom of OnBeforeRequest():
// Windows Azure force socket 80
if (oSession.host == "app.dev.com:81") { oSession.host = "127.0.0.1:80"; }
if (oSession.host == "127.0.0.1:81") { oSession.host = "127.0.0.1:80"; }
if (oSession.url == "127.0.0.1:81") { oSession.url = "127.0.0.1:80"; }
I haven't tested it, but I think that could give you a pointer of how to do it.
Okay - the issue has been solved. Please see this thread for more details.
http://social.msdn.microsoft.com/Forums/en-US/windowsazuredevelopment/thread/5447f16e-2eed-4170-9771-17c7c9e7e570?prof=required
Basically I pointed my default site in the IIS to point to a different port and that worked
Kapil