How to setup Lan To Lan VPN thru TCP?

Forums Network Management VPN How to setup Lan To Lan VPN thru TCP?

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • June 19, 2020 at 1:12 pm #66048
    sierramike
    Participant

    Hi all,

    I had a Lan-to-Lan VPN working for years over UDP, but to improve bandwidth of the remote location Internet connection, we went to an LTE solution, over an LTE Huawei router. The thing is working great and the zeroshell box if performing correctly behind, sharing the Internet access.

    However, this LTE connection doesn’t allow incoming connections, so the UDP VPN is not working anymore. I wanted to go the TCP way, the master location being the server, waiting for incoming TCP connections, and the remote office acting as a client.

    I did setup the master location with a VPN in “server” mode, on TCP, port 1196.
    Setup also the remote location with a VPN in “client” mode, on TCP, port 1196, and remote host IP being the master location public IP.

    It doesn’t connect.

    I’m wondering why I have to set the “remote host” on the server part. Typically a server shouldn’t have to know the remote IP, it should just wait for incoming connections.

    Also, I noticed on the master location, in the VPN LOG :
    Listening for incoming TCP connection on [undef]

    Normally, OpenVPN should write :
    Listening for incoming TCP connection on [undef]:1196

    Looks like OpenVPN doesn’t know on which port it should listen …

    Also checked with an online tool for open ports on the master location public IP, and the port 1196 remains closed.

    Any help would be greatly appreciated.

    Thanks

    June 20, 2020 at 7:31 pm #66056
    Richard Araya
    Participant

    Hi, did you forward the ports on the new Huawei Router? (1196→IP of listening ETH of ZS) and make sure to select TCP

    June 21, 2020 at 11:04 am #66057
    sierramike
    Participant

    Thanks for answering. Actually the Huawei side is the client side, so no need for incoming connections. In fact, the LTE ISP doesn’t allow for incoming connections.

    The server side is a Zeroshell put in DMZ. There are other servers (Web, Mail etc.) running behind it with proper port translation and firewall rules, and all is working.

    I tried with regular OpenVPN on Debian, setup as server behind the Zeroshell router, and another one setup as client on the Huawei side, also behing the Zeroshell router, and it is working.

    Seems there is a setup issue in Zeroshell when configuring the TCP Server side.

    btw, running Zeroshell 3.4.0 on the server side, because newer versions don’t boot. (Windows Server 2012 R2 Hyper-V).

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.