Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Subscribers 5 subscribers
  • Views 34753 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No WebAdmin access over VPN using public hostname

Mateusz Bender

I can't access the WebAdmin despite being connected via VPN (SSL).

Here's the basic configuration:

The UTM has a publicly accessible hostname (with matching certificate) - COMPANY.COM -> our public IP
On our internal DNS it also has a local DNS entry - UTM.LOCAL.NET -> UTM local IP
The WebAdmin has been configured to allow all connected from our internal network, as well as the IP pools for SSL.

After I connect via VPN (SSL), I can't connect via the COMPANY.COM address, but I CAN connect using the UTM.LOCAL.NET address. That said, any machines which are physically in our LAN can indeed connect to the WebAdmin using the public DNS name.

When checking the logs, it logs a blocked WebAdmin access attempt coming not from the assigned VPN IP, but from my home IP. On one hand, this is understandable, but on the other... how do I make this work?

My only idea thus far is to add a local DNS entry overriding the COMPANY.COM public DNS, so it points to the internal LAN IP of our UTM, rather than the public IP... but there's a minor issue with that (unrelated to this question) and feels like a workaround rather than an actual solution to the problem.

So... what could I do?



This thread was automatically locked due to age.
Parents
  • 0

    1) what happen if you ping a local computer by name, from VPN? Example ping ecxhange.LOCAL.NET

    2) Is your VPN Pool (L2TP) allowed to use your UTM DNS

    3) Is your VPN Pool (L2TP) under Masquerading like this VPN Pool (L2TP) -- >External (WAN)?

    If the configuration is correct in webadmin settings to allow VPN Pool (L2TP), If Masquerading is Correct, and if DNS is correct you should reach the external name by internal ip

     

     

    I did the test with successful result
    And yes VPN users reach the internet from UTM once connected

  • 0 in reply to Ol Deda

    Local DNS works fine and I can ping machines by using the internal DNS. As stated, I CAN access the WebAdmin using the internal name. This, while a workaround, is a bit annoying as it throws certificate errors.

    I didn't have a DNS masquerading rule for the VPN pool... That said, adding it didn't change anything. :(

  • 0 in reply to Mateusz Bender

    You are able to connect by public name, but that gives you a certificate error? 

  • 0 in reply to Ol Deda

    What? No.

    From INSIDE the LAN, I can connect using the public DNS name without any issues.

    From OUTSIDE the LAN (using VPN) I CANNOT connect using the public DNS. I CAN connect using the internal DNS name, but then I get certificate errors, because the internal DNS uses internal domain names, not the public ones (COMPANY.COM vs LOCAL.NET).

  • 0 in reply to Mateusz Bender

    With internal DNS what you mean, UTM Dns or internal server dns? Try to use UTM dns  instead.

    And in UTM system settings, what you provided for hostname? Try to put there the public name

  • 0 in reply to Mateusz Bender

    Anyway I never use windows or linux servers for DNS. If it needed for Active directory or internal purposes, in UTM "DNS Service" there is "Request Routing"

    Try this way

Reply Children
No Data
Unfiltered HTML