Jump to content

Having a issue with openvpn please please help


ADBYITMS

Recommended Posts

Hi all i dont know if anyone is still about on this topic but i would love some help, i love hak5 by the way¬†ūüôā¬†i have followed the video 3 times now and i can get a connection and then i can connect to the ip address of the server i have on the network i need to view remotly, the one computer i can view , ping or see if that computer, no matter what i have tried i cant seem to see any other computer in the office, this would be fine but due to out isp we no longer can see the CCTV and this is what i need to see¬†

I am using a windows server not a turtle , i hope someone can help me please 

Link to comment
Share on other sites

Going to need a bit more info.  What version of windows server?  Do you have the gateway setup properly in openvpn?  From the server itself can you see and remote into the machines in question?  What OS are those other machines using?  Can you cut and paste the info in your client.ovpn file? 

Link to comment
Share on other sites

Hi mate thanks for the reply the windows server is a Microsoft Windows Server 2012 Essentials server, 
Gateway i followed the Video so apart from the iprange its the same, the network we are connecting to is 192.168.15.0/24
from the server yes i can remote to the rest of the office, the only computer i can get into when both computers are connected to the gateway is the is the computer at the office so the server the gateway connection  is running on ,  i can only ping this computer as well

This is the gateway file :

 

# Automatically generated OpenVPN client config file
# Generated on Fri Mar 29 08:54:55 2019 by RibsandroastVPN

# Default Cipher
cipher AES-256-CBC
# Note: this config file contains inline private keys
#       and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=office
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=office@142.93.8.85/AUTOLOGIN
# OVPN_ACCESS_SERVER_AUTOLOGIN=1
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=142.93.8.85:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# MIIDEDCCAfigAwIBAgIEXJrpBzANBgkqhkiG9w0BAQsFADBBMT8wPQYDVQQDDDZP
# cGVuVlBOIFdlYiBDQSAyMDE5LjAzLjI3IDAzOjA3OjUxIFVUQyBSaWJzYW5kcm9h
# c3RWUE4wHhcNMTkwMzIwMDMwNzUxWhcNMjkwMzI0MDMwNzUxWjBBMT8wPQYDVQQD
# DDZPcGVuVlBOIFdlYiBDQSAyMDE5LjAzLjI3IDAzOjA3OjUxIFVUQyBSaWJzYW5k
# cm9hc3RWUE4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs+JRGcLGe
# 9MrIvpXsRu83RaeYIVHH2DbSOqDPxGlCFkZCV5YmaDNcOyx2tTMc8fg18XiYfpO0
# x4HqnsbSCyJhVLzl4ak22L9r1AnIqnNK5IQNfBw8yI0tSpFKi5NBZZ45yvt5urwz
# hZkzobWlnRwNj+Bwe8SikG61mpnSq7N2/yHJPcdT8VBC/HrxbgYQoFAu8BI/QjwN
# 8PuGKAydid36PNJIRMK4DgKNo48OOJwhxqJEMcerfPdg3IMvwG5iUE7bx9XzXMeP
# V32a3+X4Yg8lgQct9DTIiGZ3AsJT4QdD3z/BBYovisgxDUqKpnIskqDQb6p30Jr7
# lnE6/KbZPtqZAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
# ggEBAKfTM1VkzGawyPZNDXKRLs4OxaalNSs2SdevU3+L4Ic5LPe6pgzwDMmNS1Ik
# lvjP44W3Gh+cUuTnYqESMUtLjFZo2irypRZBU/5G0H27VtRlLsehl/0iugQrebfs
# OxseB69F2/jkzvA/c81RkcN7+HT1RY6Dhvf8y/OoyYJWd9XOADidWm9qFreAP9Dd
# yXZB6XkxYJ/8OSFogIk8wxEtDlaTbwKkJxmUd4qsMggMBuwPRL5CZ9yziJUcjFUq
# t74whAkZIWmteVIPiNrRby3O+uCo6DwprcC44xKCQYMQQ2UMl+H29aCUIHoCMhMU
# cG/jOFbvpug2o/EGBXB56hpARTk=
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Inc
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote 142.93.8.85 1194 udp
remote 142.93.8.85 1194 udp
remote 142.93.8.85 443 tcp
remote 142.93.8.85 1194 udp
remote 142.93.8.85 1194 udp
remote 142.93.8.85 1194 udp
remote 142.93.8.85 1194 udp
remote 142.93.8.85 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO

<ca>
-----BEGIN CERTIFICATE-----
MIICuDCCAaCgAwIBAgIEXJrpBDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApP
cGVuVlBOIENBMB4XDTE5MDMyMDAzMDc0OFoXDTI5MDMyNDAzMDc0OFowFTETMBEG
A1UEAwwKT3BlblZQTiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AOvzNSpm34+kskZsP6+PplP4X1ebMz/4jvvke+xH26KagSEehzgZchQzKHg/iFAj
YOapbno+3kfzHTz+8L1kmhbrls1t7Qu8BgY9KX1qtHErNBF1biRCGtwmWopJXkLX
LVlaao9JY3zREzJb71NJm/wVYTXxtM+qGt3hjv9nAs2zmWQW1aPDbE0voaddu63I
/NQjA2j0MFd90HJf3avjbc2Y3FUyN8ESukAbYRBqfd/Yfxb3hB8HUToRYvxrS1RD
JFyCGK7Hxv+zjaO3Zdqrqz82O3S5c3UaGs1eb+7TwG6ddRk4GlH4aLOWnwGrFvmW
95LSDM0jPfOg0tCo4d78LK8CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG
9w0BAQsFAAOCAQEAw/bFE/sioFJR0nNzxm7oFilRnJjhllbqxinvuZwHBCVWIIDr
lAy5VONq5mlBzejoqjlarQNb7Bn+k2gI/1PVe5z3rmdlkVQsqgrtq6/tuUMn0tUl
kRvAL8nzm/f4JA4NXSU+PtwRdAfrvAcmbllCWyVRhhJh0qiEkRMXfAy3Tw1CwZmo
oraUfbfuMmBzPwSzQN63SoIH8n+1pwV8kRcrdcRDjcdPw2ZHUt2tWuYNnQRxsWlt
GRBkQ22gg0LVRCpWJeMn5RbHvpXnzo1rxXMJMxdbrH2WUFB7QeT0E7Mdf4vlTFDP
OH/+WVjjmNVj2m1apeeNQMBG97BerYaar41ssw==
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIICyzCCAbOgAwIBAgIBAzANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApPcGVu
VlBOIENBMB4XDTE5MDMyMDIzNDI0N1oXDTI5MDMyNDIzNDI0N1owGzEZMBcGA1UE
AwwQb2ZmaWNlX0FVVE9MT0dJTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQbwLIcYu2iphHrV+bUCpuZE5CE+qtSbP0S8w3O6/w5m38EkzEntVYXw5nJ
uIOW0cEWDYrMKVrvvMFbgSTS1I9rBoa1LhCcqeg2MgdJbMcU3Hx4ypg4hRDAUcir
shAEaX90WsGwbIY+e6KLmcmgyeN5WE0Yp0SOKSjMNuAU3iDg9Sng1X9nLoHkCjsu
AA4m2tKWTlNWRLiaEnJf/KxdhPk+/vBODPJ2pMlDeQ5q3Zy4uYlKXgIqthzpBkgc
GZzGJJGDmvq68ydyTYiLguYD2d53xCtuvBkSitOSmYw0LtAxTh7dN+7MCWhGL5tT
Jy5Rx0EeGCs20y7dE7rXbOLvXXECAwEAAaMgMB4wCQYDVR0TBAIwADARBglghkgB
hvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADBv1r4VdoSvNFDmNH1SOo0D
rdU6jvMD3svmtJlHMA7P7ukW6LlGOOmMy8yUEaP3N9Cb308rr0UdeI3ctshCq7Yh
xlUWL3IvQ4y9siN9Z2Inf7j0RnoEbDzGXYol7Tsa4hm/elT09WpDdQcvRpJZdm3r
EHJxd14IjhwLXrjWElfCzRawhHNIM/Sdh+1S8XMn3rY6q9QPzCF/AQmBsCRQ9Guh
olJDO8Yyrp+TFyTZS2Uymu74nc4mgXsbt31/THsd/WD7dX7sHtmYuPzLZqf39H8g
VFi46OuwwadSlpNoQpPruklBJf7C86nRzqCE9gLLSqXHx4b1bKhvW/RsFg6CNiY=
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0G8CyHGLtoqYR
61fm1AqbmROQhPqrUmz9EvMNzuv8OZt/BJMxJ7VWF8OZybiDltHBFg2KzCla77zB
W4Ek0tSPawaGtS4QnKnoNjIHSWzHFNx8eMqYOIUQwFHIq7IQBGl/dFrBsGyGPnui
i5nJoMnjeVhNGKdEjikozDbgFN4g4PUp4NV/Zy6B5Ao7LgAOJtrSlk5TVkS4mhJy
X/ysXYT5Pv7wTgzydqTJQ3kOat2cuLmJSl4CKrYc6QZIHBmcxiSRg5r6uvMnck2I
i4LmA9ned8QrbrwZEorTkpmMNC7QMU4e3TfuzAloRi+bUycuUcdBHhgrNtMu3RO6
12zi711xAgMBAAECggEBAJ2FYETmesdnZ2Not5pUfWqUuP2+sBXCozu7pQPAo7gX
Eh5G/A0Ts482fYY1XMEJ2S3Mgc+Qu+Kipi1eQFbaZbmBW1XZhA5XVmqXa63f09lS
L3xVkKsNU6PQ8DZXpAZKNZKZSv73tBK89xi0i65CiBABAu96zmAxDWJ3KM9WsOeD
IFLMNci8Vvkv0Np1ll9y15ZTNTVDom8SpqQ53cz6u6hW5s/x59jWbYTtT7Mf8Zwn
62TchwgliYxZqOAzoBBEh1Ngkb8uKyYcIdtfFrdOSmIxaizwaz56KXfXdXHOrYML
yC2XAFvcpqZ2PGcTOlVC0Fl6oje2iRbJE0SuSZYPnjkCgYEA3m0jU4zFNysYz8kP
XXvJ5iXfl9GVY1XprhlxGLDvlXwsRpXVVYNXrL5LV8qHsmo8NK1GQxcy1sZKrol8
CTxokmoYG6RLq5OvoXL0zNyNGkSyRpvfoOxL8yr7sUsBsLJUVpqafAt5lCw+4CiD
klEjb0rT9jWXJ20huZmteYT8FHMCgYEAz0tkUBKeriWyV4LkplGdMc3nXvlW8NzR
5kcDFku7N7sW/mPrR0FAMA/sU8AbIyO5Dq+xVgEOW3CUjBBI+D/5ImOynSouz7fQ
0lYGQJkYjipWgEHA0wWplqPlTZk6SPEmTFf3rGCI+vpHzxb8M9zKs7LjeK0Bz1/I
8DdvVEHw8YsCgYBsA7AOGOSFAAbSkR9HFKBdhbLpdTwIu2X5yB0mEnamr2CI/qZV
Gq1vFBJeldoECJcoNaVTW2ay6iTGUbnMemuF/sOqWMTuk4/M5ZiAC/Lx+L5ij7uv
2FChzBPiazxs5I0UaYvwBVqLXFlEXihW29RLbZk1jZzT5qlkCn817iDEhQKBgQCo
Hg3R/vfgZsQ3wvlrhd9GCCbwWKnRGFXHO6peR7cjoMEqOaEUHfBPymoxFiksG4m3
Rng9NwgM0sY2vfJgG4oTAOZYHmDup7ZdD9VsSH2ott+Gj00yF3KNsIiEoZOqmqEj
42gDzhrp6VeZtZt++D8Q9DEVqsJAC//sChlpLT2atwKBgEMfk/b69aAA2HpLt7N4
bOGv++23g0MAECtTyILENqMEUw9ZcuGbnKjx26BJHwaMHy46t5EDn+8nmfthZ1ky
JjqFUYTR5cQoHofiGkh7zqPX/ce9OsPtkpHzEslC9WyK6jD5Jce3nm9kC841TqUZ
GRlNwKJnA0KUws3B++fJwvpR
-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
4f407abd5bf01375d5c3137e6e4bd9ef
f0e57f4953bf4269dacb9378fe856174
6b9af9968c14eceb4d071a0090c6dbbb
15081ce5b293a5eea1a16c5ac3eff79d
7130120e7a685e977b88e96b2a1186bb
30adf2d0317c91716d17382eadf3ca50
2f0a94feecf9eebd4c139740667592ec
b64dd2c524d97813e5b2c53ca2aa3c38
4b452fb3a313bd854153abffe143ac9b
619af64466f44d491866487871549531
5e2580755022965716392d8ce70c93c3
973968e7399da6f2a5ecd83c3d2c722b
8ff6c283336433fdba3066fe0791d45b
919f6794c1218bead4530f942bfdf5b0
8778b3d210fb86fec46b923078a6aa45
e09dbb669aaab66f0da0af07184ccd21
-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## DIGEST:sha256
## IFXkJKlvrRcWFgpeqkgotN5dOA3GgqyS73J5LK9O/3KQBWFWxC
## KW8xpcYeuH7iSDVhQYupSre7lRveLH4t4+8jpXTq7RjQbgxs8G
## VZthJgkFNjlvr4hMbD9SvD1uJfcV5Z62PBLklj6Kha56VNSHQF
## qHeDkvomLCanA3pJXmxZ9UttXDnoJCwqqEhNxYye118lvaH//m
## MeDUzuA2EbN5Z1krhZzPwAXZ7v6Vtj6DqGumhNb+B00yGh/FV+
## deM32zLJ8HzrSyfioizjA1MP0xZTqu/w6gLnJd8dJdkNjb8Hi5
## 5cXX9mvrDQtp4CtpeJE7F+mrrRyJYrz3VQrGnzZNdw==
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## MIIC+TCCAeGgAwIBAgIEXJrpCDANBgkqhkiG9w0BAQsFADBBMT8wPQYDVQQDDDZP
## cGVuVlBOIFdlYiBDQSAyMDE5LjAzLjI3IDAzOjA3OjUxIFVUQyBSaWJzYW5kcm9h
## c3RWUE4wHhcNMTkwMzIwMDMwNzUyWhcNMjkwMzI0MDMwNzUyWjAaMRgwFgYDVQQD
## DA9SaWJzYW5kcm9hc3RWUE4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
## AQCx92FSeay5wWuZtg+OHUa6KLaO1uRu4H33aJDf+lMpbldUO0W2NhNI37P8HxlO
## QfqlVQJh1KyxCLkeR1MLUneHJcqYtJuMP65Q+WMtH4GoflZBRhmAti5GKqK5zKMr
## m64XYwtuW+OWedCgFqZrMMs0xrDnyN67r2hA+2I8A77Qk4dTzkK4byRk5bhbSVF6
## XvjKwp/sCxJdV9Rsf8RYW8l5Ot/AG6vMm4xHYQGoStDIb9gQZ9UZ7UbKzjXMjSDG
## FaecBTh/2R9lOzLHyqJRcGCSD2lcV8wTWDHwGXq3cDGdxo+IZAsDdk0/UsleljLb
## uqbANRCvRW9nogFcoQRPeAqZAgMBAAGjIDAeMAkGA1UdEwQCMAAwEQYJYIZIAYb4
## QgEBBAQDAgZAMA0GCSqGSIb3DQEBCwUAA4IBAQAd4oUC74OJW/dXtJXIITR2yOGN
## sn+M8UXevkGCjDFIKRGDac6/pw+e5lrSzh4ukEnvF5sNzlwmn1VuklLkhHUilu2+
## N9xkVI+httkOwEt/pH/nNZYrBJmfNVshUdzKi4/MvH7CFWqOILjeQmN9NAw/v1f0
## +nCmxcFiWu79zSfUHkjLLL0jhEy16nHg60kFKTEYXJ1MJ1+Umh9in7T6IH+2qgys
## 1DbQ1UjvRyNbTtsG7h0O91Ro//jshVPzlxgfpeXtcjG7tFXWsVehIZu1o6cFkQy3
## /lUc7b2lewlQb/GOlDNTwdhDYTRwgaZwX3Mlmnv/OBBqGcsPp16rKJqQG4HO
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## MIIDEDCCAfigAwIBAgIEXJrpBzANBgkqhkiG9w0BAQsFADBBMT8wPQYDVQQDDDZP
## cGVuVlBOIFdlYiBDQSAyMDE5LjAzLjI3IDAzOjA3OjUxIFVUQyBSaWJzYW5kcm9h
## c3RWUE4wHhcNMTkwMzIwMDMwNzUxWhcNMjkwMzI0MDMwNzUxWjBBMT8wPQYDVQQD
## DDZPcGVuVlBOIFdlYiBDQSAyMDE5LjAzLjI3IDAzOjA3OjUxIFVUQyBSaWJzYW5k
## cm9hc3RWUE4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDs+JRGcLGe
## 9MrIvpXsRu83RaeYIVHH2DbSOqDPxGlCFkZCV5YmaDNcOyx2tTMc8fg18XiYfpO0
## x4HqnsbSCyJhVLzl4ak22L9r1AnIqnNK5IQNfBw8yI0tSpFKi5NBZZ45yvt5urwz
## hZkzobWlnRwNj+Bwe8SikG61mpnSq7N2/yHJPcdT8VBC/HrxbgYQoFAu8BI/QjwN
## 8PuGKAydid36PNJIRMK4DgKNo48OOJwhxqJEMcerfPdg3IMvwG5iUE7bx9XzXMeP
## V32a3+X4Yg8lgQct9DTIiGZ3AsJT4QdD3z/BBYovisgxDUqKpnIskqDQb6p30Jr7
## lnE6/KbZPtqZAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
## ggEBAKfTM1VkzGawyPZNDXKRLs4OxaalNSs2SdevU3+L4Ic5LPe6pgzwDMmNS1Ik
## lvjP44W3Gh+cUuTnYqESMUtLjFZo2irypRZBU/5G0H27VtRlLsehl/0iugQrebfs
## OxseB69F2/jkzvA/c81RkcN7+HT1RY6Dhvf8y/OoyYJWd9XOADidWm9qFreAP9Dd
## yXZB6XkxYJ/8OSFogIk8wxEtDlaTbwKkJxmUd4qsMggMBuwPRL5CZ9yziJUcjFUq
## t74whAkZIWmteVIPiNrRby3O+uCo6DwprcC44xKCQYMQQ2UMl+H29aCUIHoCMhMU
## cG/jOFbvpug2o/EGBXB56hpARTk=
## -----END CERTIFICATE-----

 

Link to comment
Share on other sites

layout.JPG.313e1da084988e3e4936f9aa4fc21603.JPG

So does your setup look like the the top setup with a virtual private server or the second setup where OpenVPN is installed on Server 2012 at your work or other location?  Just trying to get an idea of the setup.  I'm setting up my Server 2012 now and just trying to visualize where to place it.  Of the above two drawings, the top one is more of what Hak5 was trying to visualize but with a lan turtle or packet squirrel between the VPS and the Server 2012.  The second drawing is more of your typical work VPN where the Server 2012 box is also a NAT/firewall and it's forwarding network traffic from one network to another.  Note that if you have OpenVPN installed on the Server 2012 box which is on the same site as the camera PC, the camera PC needs to have a client.ovpn file on it as well, or you'll have to do some firewall work and you'll have more of a standard VPN setup to where once you are logged in, your basically just on your work network. Let me know if this makes any sense.  If it doesn't I can try to explain it again.  I've gotten this to work many times using the lan turtle and packet squirrel.  It's about time I do it with several PCs.

Link to comment
Share on other sites

Ok to just to verify a few things, from Server 2012 you can get to the camera machine correct?  And with your machine at home or whatever, you can connect to openvpn, Server 2012 can also connect to openvpn, and you can see Server 2012 from your machine correct?  Can you RDP to the server?  Depending on the admin rights you have to that server you could always just RDP from there to the camera machine. 

If that won't work for you then you'll have to setup routing and NAT on the Server 2012 box.  Do you have any of that setup?  If not what you'll have to do is add a role.  I selected both routing and the remote access and vpn roles.  Once those are installed open the getting started wizard on the direct access and vpn, and choose the bottom which is deploy vpn only.  Once that opens you'll see two server looking devices, right click on the second one (local) and click on configure.  Then you'll select custom and lan routing.  Once that's done you'll see you now have IPv4 and IPv6, under IPv4 you'll see general, right click on general and add a new routing protocol.  We'll add NAT.  Then from NAT we'll want to add our network.  Make sure you only add your actual network and not your VPN network.  And really that's all there is to it.  Once I added that I was able to browse my "work network." 

So from my pic above I had a machine on it's own network, a work network with Server 2012 and an XP box.  I connected my machine and Server 2012 to an OpenVPN AS in the cloud.  Once I enabled routing and NAT on Server 2012 I was able to then see the entire work network, including the XP box and was able to remote into it.  Hopefully adding routing and NAT is all you're missing.  Let me know if any of this works or if you need any other help.

Link to comment
Share on other sites

Thanks mate i will have to look at all of this 

 

But

12 hours ago, Bob123 said:

from Server 2012 you can get to the camera machine correct

Yes i can 

 

12 hours ago, Bob123 said:

And with your machine at home or whatever, you can connect to openvpn

Yes

 

12 hours ago, Bob123 said:

Server 2012 can also connect to openvpn, and you can see Server 2012 from your machine correct?  Can you RDP to the server? 

1

and yes again 

 

12 hours ago, Bob123 said:

epending on the admin rights you have to that server you could always just RDP from there to the camera machine.¬†ÔĽŅ

and no as the cameras are on a NVR  and i need to have a few phones and apps see them as well 

 

Link to comment
Share on other sites

Yeah if you haven't already I'd look into making sure the server is setup for routing with NAT.

If you recall from Darren's video, he spent most of it explaining how a reverse VPN works and setting up OpenVPN AS.  Then at the very last minute of the video he explained how to setup the turtle to route the traffic between the VPN or "tun" connection on the turtle and the lan or "wan" on the turtle.  So basically you'll have to do the same to your server since it's acting as the turtle.  The server needs to know how to route or translate the VPN traffic through the existing network.

Link to comment
Share on other sites

3 hours ago, ADBYITMS said:

thanks mate would i better off to install a small linux vm to do this 

 

4

ok so 

 

15 hours ago, Bob123 said:

Yeah if you haven't already I'd look into making sure the server is setup for routing with NAT.

If you recall from Darren's video, he spent most of it explaining how a reverse VPN works and setting up OpenVPN AS.  Then at the very last minute of the video he explained how to setup the turtle to route the traffic between the VPN or "tun" connection on the turtle and the lan or "wan" on the turtle.  So basically you'll have to do the same to your server since it's acting as the turtle.  The server needs to know how to route or translate the VPN traffic through the existing network.

 

ok so went through from what i could with your direction, they where good but just some of the stuff was not there in my windows for some reason,  i have attached what i am seeing now,   I can still ping the servers local address and connect it its RDP from my office but i cant see anything else, i am sure it is something dumb i am doing  , i even rebuilt the server to see if i did something during the build wronf

image.png

image.png.3e72ff9e1063cc3888ad48d63645a410.png

Edited by ADBYITMS
Link to comment
Share on other sites

I'll attach a few pics of what mine looks like once I'm back in front of that computer.  I'm guessing some of that must have been setup before we added NAT but I don't have IGMP or DCHP.  Anyways I followed this video:  

 

And like you I added everything at first like your first pic.  That didn't work, then following the video I only added my network.  Not my VPN just my network.  So from your second pic if Local Area Network doesn't work, try Ethernet then Ethernet 2 and see if either of them work.  It seemed backwards to me when I did it but once you have it right, it'll just start working.  No reboot or refresh is needed.  I instantly saw pings and was able to RDP.  Again once I'm back in front of my box I'll take a few pics but I had Ethernet and Ethernet 2 only.  And Ethernet is what did it for me.  Hope this helps.

Link to comment
Share on other sites

Here are a few pics:

networks.PNG.3e547666da587b3dd26b51112e99d604.PNG

nat.PNG.1d253c363bb4bfd6c24502b533f32fba.PNG

First pic are my networks.  The current network that is disconnected in my VPN (Ethernet) and then my physical connection (Ethernet0).  The the second pic shows Ethernet0 being the only network added to my NAT.  And that's all I had to do.  Let me know if you have any luck.

Link to comment
Share on other sites

Don't give up we'll get this.  Ok sorry but I'm going to ask some repeated questions just to verify I'm not missing anything.  Let me explain assumptions I made on my system to see if it mostly matches yours.  From the picture up top that I drew, I have my pc which is a windows 7 box.  I have a server 2012 r2 essentials box that I did my best to match yours.  I have a win xp box that we'll say is your camera system although it sounds like you have an nvr which I'm not familiar with but we'll get to that.  So between the Hak5 video and a plain server 2012 box,  when both are connected to the openvpn server in the cloud I can ping the server 2012 box VPN connection from my win7 box.  I can ping the openvpn server from my win7 box as well as from my server 2012 box.  Separately I can also ping my win xp box from my server 2012 box.  I believe you said you could do all that.  I can also RDP from my win7 box to my server 2012 box and from my server 2012 box to my win xp box.  Again currently with no changes to my server 2012 box I can NOT ping or RDP from my win7 box to my win xp box.  And as long as you can do all of that then basically this is where we began.  Again sorry to repeat myself but as long as we both have the above then all of that is good and we no longer have to focus on it.  

Here's one thing I know I didn't ask this particular way...  On my setup my "home network" I set to a 172 network.  On my "work network" I setup a 10 network.  I do not recall what the VPN server IP range was but it was different for both networks and was NOT a 172 or a 10 network.  With that said when I first set this up and got it running all I could ping on the server 2012 box was that VPN network IP address.  Initially I could not ping the 10 address.  Is this true for you too?  According to what you had above it looks like a 142 network?  So with that said you can ping the 142 correct?  Can you ping your work network?  Could you ever?  Until I enabled routing and NAT I was never able to ping my 10 network even the 10 IP on the server itself.

So with routing and NAT can you ping your work network?  Then from there do you have a PC that could act like my win xp box just in case there is something blocking your NVR system?  I'd like to make sure we can finally get to your work network and maybe another box on that network before going directly to the NVR.  Maybe there are some ports we have to open on the server 2012 box to get the NVR to see through it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...