VM not accessible from different subnet (VPN)

ℹ️ Support 📦 Appliances (Docker, Snappy, VM, NCP, AIO)
1

Hello,

My VM is running on the 192.168.1.0 network. If I connect to it using VPN (on sub 10.0.1.0) I cannot reach the weblogin page. Nmap confirm that port 443 is filtered, however, my firewall isn’t blocking that port. Do you have any tip on how troubleshoot this?

Thanks!

2

Sorry, my crystal ball is broken, but my gut tells me that this is most likely not a Nextcloud issue.

1 Like
3

Your crystal ball isn’t broken indeed, however, I’m using the Nextcloud VM image

So, I assume is something set on the VM?

4

Does it work if you are connecting directly from your local network, without VPN?

I don’t :wink:

https://nmap.org/book/man-port-scanning-basics.html

filtered

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software

I’m not a network expert, but as far as I understand it, something on the host you are running nmap or something in between is preventing you from probing port 443 on the target machine.

Off the top of my head I can think of the following, which are just wild guesses…

  • A routing or firewall issue on the VPN network (10.0.1.0/24) that prevents traffic going to your server network (192.168.1.0/24)
  • A routing or firewall issue on the network or device from which you are connecting to the VPN.
  • overlapping subnets. I.e. identical or overlapping IP ranges on both ends of the tunnel (Tip: Don’t use 10.0.1.0/24 or 192.168.1.0/24 for networks you want to connect to over a VPN)
5

Thanks for the tips, however, seems to be related to something else, that’s why I’m asking about the VM. Obviously, I have checked iptable already and isn’t the issue. I’m thinking about apache…

6

Please check the Apache log-files, whether requests via VPN got noticed there.

7

Nothing on apache logs coming from the client on the VPN subnet, all work as soon as I disconnect.

However, tcpdump:

20:23:30.986916 IP 10.0.8.3.40232 > nextcloud.https: Flags [S], seq 806076491, win 64240, options [mss 1358,sackOK,TS val 728645850 ecr 0,nop,wscale 7], length 0
20:23:30.986951 IP nextcloud.https > 10.0.8.3.40232: Flags [S.], seq 2866230686, ack 806076492, win 65160, options [mss 1460,sackOK,TS val 2652682577 ecr 728610176,nop,wscale 7]

8

So it seems to be VPN-related.
Either rules in the router to forward requests to the Nextcloud instance are missing or mis-configured or - depending on the VPN-client - the settings may be not ok to access the Nextcloud server.

9

well, I was able to fix it, no idea why but turn out the issue was on a rule in my ha-proxy setup. It doesn’t make sense to me so I cannot even provide more details.

1 Like