Why can't I connect to my PiVPN server from some networks?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Why can't I connect to my PiVPN server from some networks?
I have a Raspberry Pi acting as VPN server using PiVPN/OpenVPN in one of our offices. I can SSH to it from my laptop over VPN from my home.
When at our second office with my laptop, the server is unreachable, I can't get into the remote network.
For one of my colleagues, it's similar. She can reach the VPN/get into the office network from my home router, but not from her home.
What are possible reasons for the connection obviously well-set up and working, but not from all locations?
I have a Raspberry Pi acting as VPN server using PiVPN/OpenVPN in one of our offices. I can SSH to it from my laptop over VPN from my home.
When at our second office with my laptop, the server is unreachable, I can't get into the remote network.
For one of my colleagues, it's similar. She can reach the VPN/get into the office network from my home router, but not from her home.
What are possible reasons for the connection obviously well-set up and working, but not from all locations?
Aside from the requests for information and advice given, the simple answer is probably due to network restrictions/firewalls.
Since you know it works at all, you rule out any misconfigurations, and you also rule out your office network at location 1. That leaves the network at your second location, and your co-workers ISP/router/modem. They may be blocking ports or filtering traffic, which is the likely reason.
Thanks for your questions and hints:
So I'm running Linux (Manjaro) on my laptop and imported the VPN connection profile using the built-in network-manager. Same goes for my co-worker (Lubuntu, LXDE, built-in VPN client).
The situation I described was such that Windows clients on location 2 were connected to the server@location1 through the OpenVPN GUI app, but I couldn't reach it over my laptop@location2.
However, right now the situation at the server's location has changed (a co-worker got the router replaced without telling, so there's that...), meaning I'll probably have to set up the whole thing from scratch aynway.
Basically all the clients that are supposed to VPN in are Windows desktops, except for me (admin) and that one co-worker.
I was told there can be conflicts of IP-addresses between networks, for instance if both access points DHCP 192.168.0.subnets, and DHCP server is looked up at same IP in target(server) network as something else in the originating(clients)network (you can clearly tell this is my first time doing this - I came to this company with PiVPN beteen locations 1 and 2 already set up, they have a very messy situation).
Other bit of unverified information I caught is that a typical VPN service will isolate the client from its originating network once connected to avoid this type of problems.
So I suspect: A. This client isolation has not been in place here and B. One home router just happens to DHCP assign IPs that aren't taken in the remote network, while another does not. These home routers provided by ISP with proprietary/branded firmware tend to give you very little control over how they manage the network.
1. Do you think there's anything to my theory?
2. If yes, how would you go about resolving the issue when first setting everything up? It's a small network with half a dozen clients max on each location (only 2). If isolating the client as described above is the standard way for avoiding IP conflicts (then I have no idea why my predecessor didn't do it that way in the first place), what's it called (good keywords to search for)? What would be a good starting point for reading?
3. If no, any other useful pointers for a noob? Cool command for diagnosing (taking note of the above one, much appreciated)?
Thanks very much!
Thanks for your questions and hints:
So I'm running Linux (Manjaro) on my laptop and imported the VPN connection profile using the built-in network-manager. Same goes for my co-worker (Lubuntu, LXDE, built-in VPN client).
The situation I described was such that Windows clients on location 2 were connected to the server@location1 through the OpenVPN GUI app, but I couldn't reach it over my laptop@location2.
However, right now the situation at the server's location has changed (a co-worker got the router replaced without telling, so there's that...), meaning I'll probably have to set up the whole thing from scratch aynway.
Basically all the clients that are supposed to VPN in are Windows desktops, except for me (admin) and that one co-worker.
I was told there can be conflicts of IP-addresses between networks, for instance if both access points DHCP 192.168.0.subnets, and DHCP server is looked up at same IP in target(server) network as something else in the originating(clients)network (you can clearly tell this is my first time doing this - I came to this company with PiVPN beteen locations 1 and 2 already set up, they have a very messy situation).
Other bit of unverified information I caught is that a typical VPN service will isolate the client from its originating network once connected to avoid this type of problems.
So I suspect: A. This client isolation has not been in place here and B. One home router just happens to DHCP assign IPs that aren't taken in the remote network, while another does not. These home routers provided by ISP with proprietary/branded firmware tend to give you very little control over how they manage the network.
1. Do you think there's anything to my theory?
2. If yes, how would you go about resolving the issue when first setting everything up? It's a small network with half a dozen clients max on each location (only 2). If isolating the client as described above is the standard way for avoiding IP conflicts (then I have no idea why my predecessor didn't do it that way in the first place), what's it called (good keywords to search for)? What would be a good starting point for reading?
3. If no, any other useful pointers for a noob? Cool command for diagnosing (taking note of the above one, much appreciated)?
Thanks very much!
It has nothing to do with IP addresses, and unless you SPECIFICALLY configure a VPN to 'isolate' traffic, it does not...it opens an encrypted tunnel between two networks. Whatever routes/information you pass between them is up to the configuration.
Again...this is back to the VPN port being blocked somewhere, either in a firewall, or from the ISP's side of things. There is no 'cool command' that you need, since the fact it doesn't work TELLS YOU that the port is blocked. So contact the network admin from the location where things don't work and ask.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
