Unpingable Nextcloud VPN

Frithy · November 30, 2021, 10:14pm

Hello,

After a good week of struggle I finally manage to make a VPN to have access to my private network.
But an incomprehensible concern appears!
Using my VPN I have the possibility to ping my NAS (192.168.0.15) but when I try to ping my nextcloud (192.168.0.14) it does not work …

Is the fact due to my port forwarding? Indeed I redirected my port to my NAS, is that the cause?
How can I access my NextCloud?

Thanks in advance =)

JimmyKater · December 1, 2021, 12:06am

can you reach your NC from within your local/private network?
how?

OliverPifferi · December 1, 2021, 6:19am

Does your Nextcloud have the proper gateway?

Frithy · December 1, 2021, 8:23am

I can to reach by her private IP (192.168.0.14) in local.

Frithy · December 1, 2021, 8:30am

How i can set this ? Becauce i dont think to having done this.

JimmyKater · December 1, 2021, 8:37am

so for me it seems more like a problem of your vpn-connection (apart from the fact that it’s not recommended to run NC via local ip-address but by a qualified domainname.)

Frithy · December 1, 2021, 8:41am

Ha sorry i can reach it via my domaine too, just a want to “delete” this option for maximize the security.

JimmyKater · December 1, 2021, 8:48am

ummm that’s what we call “security through obscurity”…
anyways… it’s not recommended doing that. but well… it’s your choice, though it’s not neccessary.

you see yourself now why it’s not recommended. it’s just a source for more error, mistakes and setup-fails.

again: i still think it’s a problem of your vpn.

Frithy · December 1, 2021, 8:55am

But with my VPN i can reach at my TrueNas who is not possible to reach via the WAN. It means that i can to reach at my private network by my VPN.

So why not at my NC ?

JimmyKater · December 1, 2021, 8:58am

could you please elaborate this a bit more in detail?

Frithy · December 1, 2021, 9:11am

On my router, i have forwarding the port 1194 toward of my NAS IP (192.168.0.15) who is my serveur VPN for OpenVPN.

JimmyKater · December 1, 2021, 9:15am

ummm NC doesn’t need that port afaik.
If you can reach it from within your local network it means: nc is working correctly. Maybe it blocks your requests that come via VPN… I dunno

But let me get that one straight… you want more security and hence block ports 443 and 80… only to open port 1194 for being able to reach your nas? for me that sounds a bit like a contradiction in itself.

Frithy · December 1, 2021, 9:27am

Port 1194 is for OpenVPN.
The difference with the current solution is that I don’t have that NC and I want to reach all.
For security, it is better to have an “App” that reaches others that many and always check for a new update that fixes a flaw.

OliverPifferi · December 1, 2021, 6:06pm

This gets confusing ! UDP 1194 is the standard open VPN port whereas NC runs on TCP 80/443 (with redirection). As OpenVPN usually assigns an address from another IP-range (172.16.X.X. etc.) when dialing in, it rather seems you cannot route to your Nextcloud but to the NAS which (possibly?) also contains the OpenVPN-service.

Anyway, you can either forward 80/443 instead or work with a DMZ to put your Nextcloud in, seperating it from your internal and VPN network - but this is yet another different story to be told…

Frithy · December 1, 2021, 7:38pm

Ok i understand, so i going reexplaine my problem with a diagram for to be sure of your answer.

e.drawio

My problem :
I can have acces at my Truenas with my VPN when i use in nomade.
But i can’t reach my Nextcloud … (again via my VPN)
I can use Nexcloud in local via the IP 192.168.0.14 and in public with my domain.

My objective is to have access at Nextcloud via my VPN for close the port 80 and 443.

It’s better ?

gas85 · December 2, 2021, 12:44pm

Can U use other localhost services, e.g. ssh via VPN? Just wondering if your VPN Server allows local host bindings.

Frithy · December 2, 2021, 11:42pm

Yes, i can reach my Truenas no problem for this

gas85 · December 3, 2021, 10:00am

And when U connected to VPN, how you tries to reach your NC? In meaning what you are typing in browser? Direct IP? FQDN?

What is IP address of Nomade without VPN? Is this also in some LAN with 192.168.0.* range?
What is IP address of Nomade via VPN when connected? Is this 192.168.0.* or 10.0.0.*, something else?

I have doubts that via VPN there is no route or firewall access to your LAN and 192.168.0.14. Your 192.168.0.15 is your localhost for VPN Server.

Can you ping/reach your NC on 192.168.0.14 IP when you are in Truenas localhost without VPN, e.g. via ssh?
Can you ping/reach via VPN other devices e.g. your Computer, your Router?

Frithy · December 6, 2021, 6:39pm

I use his IP (192.168.0.14)
My nomade has 192.168.0.2 when i use the VPN.

Yes i can ping all machins on my network without VPN but not with it…

gas85 · December 7, 2021, 8:34am

And Default Gateway, I suppose 192.168.0.1?

Then seems your nomade tries to reach 192.168.0.14 but it search inside of VPN network, not in LAN, because you have the same IP Range and Subnet.

Usually you have to configure your VPN server with different IP Range and Subnet, e.g. 192.168.100.0/24 or 10.0.0.0/24. In this case your nomade VPN Client will have e.g. 192.168.100.2 and should be able to reach your LAN device in 192.168.0.0/24 network.
Depends on your solution probably you have to configure route or bridge between VPN and LAN Networks.

Try different VPN Server/Client configurations and you always can check if you can ping other devices in LAN via VPN or not.