I'm trying to setup a scenario where my local VPN Client adapter can be reached from the Internet via the VPN Server running on AWS.
I have set up two interfaces on the instance(eth0 and eth1) and bridged eth1 to a Hub. I connect to the Hub from eth0. The Hub sees my client(softeth1) with static IP and the bridge(MAC address even though it has a private IP and an elastic IP associated) but I can't ping eth1 from my client adapter.
I will like to be able to access services on my client adapter(softeth1) from the internet via the public IP on eth1.
I'm stuck around this point. What is the best way to go about this?
Access VPN Client Adapter on PC from Internet
-
mindbender
- Posts: 2
- Joined: Wed Apr 05, 2023 9:12 am
-
solo
- Posts: 1636
- Joined: Sun Feb 14, 2021 10:31 am
Re: Access VPN Client Adapter on PC from Internet
If you intend to connect as follows, then you do not need the bridge.
[client A] ===> [AWS VPN server] <=== [client B]
VPN server
- no bridge
- yes SecureNAT with all defaults (although vNAT is optional in your context)
- no L3
- no VPN Azure
- no/yes IPsec/L2TP
- no/yes OpenVPN/MS-SSTP
- add 2 VPN users
As for the client-server no-ping issue, it's a Linux kernel limitation, don't worry about it. VPN clients will be able to ping each other.
[client A] ===> [AWS VPN server] <=== [client B]
VPN server
- no bridge
- yes SecureNAT with all defaults (although vNAT is optional in your context)
- no L3
- no VPN Azure
- no/yes IPsec/L2TP
- no/yes OpenVPN/MS-SSTP
- add 2 VPN users
As for the client-server no-ping issue, it's a Linux kernel limitation, don't worry about it. VPN clients will be able to ping each other.
-
mindbender
- Posts: 2
- Joined: Wed Apr 05, 2023 9:12 am
Re: Access VPN Client Adapter on PC from Internet
Almost but not exactly.solo wrote: ↑Wed Apr 05, 2023 10:12 amIf you intend to connect as follows, then you do not need the bridge.
[client A] ===> [AWS VPN server] <=== [client B]
VPN server
- no bridge
- yes SecureNAT with all defaults (although vNAT is optional in your context)
- no L3
- no VPN Azure
- no/yes IPsec/L2TP
- no/yes OpenVPN/MS-SSTP
- add 2 VPN users
As for the client-server no-ping issue, it's a Linux kernel limitation, don't worry about it. VPN clients will be able to ping each other.
[client A] ===> [VPN Hub on AWS server] <=== [client B(either NAT or Bridge or veth) with public IP port forwards packet to client A] <===== [Random user connecting to services on client A]
Something like the above. The idea is to expose services running on client A to the world
Thanks
-
solo
- Posts: 1636
- Joined: Sun Feb 14, 2021 10:31 am
Re: Access VPN Client Adapter on PC from Internet
Why not? As promised above, "VPN clients will be able to ping each other" and more as they are on Layer 2. They may be "clients" on VPN but on application layer they are server/client both ways. Just enable SE vDHCP, or soft tap the hub to dnsmasq, or set static IPs, and you're good to go.