Question

Hi.
I have a problem connecting to a device via VPN to port 5900.
My router is RUT955.
My development is as follows:
I have 4 devices:
- PC (VPN IP: 10.8.0.14)
- Remote VPN server (VPN IP: 10.8.0.1)
- Router (VPN IP: 10.8.0.30)
- Device with VNC (Connected to the router)

The pc and router are connected to the VPN server as clients.
And the device with VNC to the router.

I already have everything configured, and from the PC I can connect to the router through the VPN, but I can't get the router with its IP VPN (10.8.0.30) to access port 5900 and redirect to the device on LAN.

- Could I call the router's IP (10.8.0.30:5900 in VPN) to redirect me to the device on LAN through the same port?

- How could I configure the firewall to connect?

Answer 1

Hi,

You need to use Port Forwarding. Can be configured from the Network → Firewall → Port Forwarding page. Create a new rule that redirects connections on port 5900 to VNC_IP/5900:

Add the rule and locate in the list. Click the 'Edit' button next to it:

And change Source zone from wan to vpn:

Save the changes and the solution should work.

Comments

Thank you very much for answering so quickly.

I have tried that configuration and it seems that it does not work.

I have tried to redirect from the LAN 192.168.1.1:5900 (LAN IP router) -> 192.168.1.42:5900 (IP of the device connected to LAN) And it works

And I've also tried to do VPN redirection 10.8.0.30:5900 (IP VPN router) -> 192.168.1.42:5900 (IP of the device connected to LAN)
this way I can't connect

Kind regards.

---

Ok, after some digging around and some tests, I think I found the solution. Can you try adding this rule to Network → Firewall → Custom Rules:

• iptables -t nat -I POSTROUTING -m tcp -p tcp -d 192.168.1.42 --dport 5900 -j MASQUERADE

At least in my tests, the end device didn't respond to connections to 5900 from VPN, until I added masquerading. Either this or add a route on VNC to the VPN subnet. Not sure what the system is but if it's Linux, you can add the necessary route like this:

• ip route add 10.8.0.0/24 via 192.168.1.1

(Replace 192.168.1.1 with the router's LAN IP address if it was changed from default.)

---

I have been able to try this solution, and it works only for devices that are in the router's network.
But when trying to access the router via port 5900 from outside the network via port 5900, I cannot.
Example:

First network:

- PC:

• IP: 192.168.2.135
• VPN IP: 10.8.0.14

Second network:

- Router:

• IP: 192.168.1.1
• VPN IP: 10.8.0.30

- VNC device:

• IP: 192.168.1.42

This way I cannot connect to the router with the PC through port 5900 and redirect to the VNC device.

Any ideas?
I am looking forward to your response. Thank you very much

---

Am I interpreting the question correctly ? If I paraphrase:

1) you have a host at 192.168.1.42 which is on the LAN of a teltonika router?
2) you want it to be routable from your 192.168.1.0/24 network to your external network via openvpn ?
3) You are using a TUN not a TAP ?
4) Your teltonika is the VPN client 

If so ...

Providing you have static routes in the EXTERNAL OPENVpn Server *
which pushes the external network target subnets to your teltonika on VPN setup 
all you should need to do on the teltonika box is allow traffic from VPN to LAN and turn off masqerading 

NETWORK Menu -> firewall Menu -> zone forwarding section


I believe the corresponding rule (LAN can go anywhere) is a default in the teltonikas ?
It was on my RUT955 at least ?

Thats how I have mine configured here and can access any LAN host on any port /
protocol

Regards 

BB

* [edited - got the push "bass ackwards!" - sorry for any confusion ]

---

I have the exact same problem.  Rtu230  OpenVPN connection to the cloud.  I can access the routers admin interface,

I have added the port forwarding rules exactly as you have said here.

Is there any static routes we need to add?