Redirect/tunnel (Tight)VNC traffic over (Open)VPN connection? (Windows)
(updated routes list/OpenVPN connection data to reflect the current situation)
This probably has been asked/answered before, but i'm really lost (and i can't comment on other/existing questions yet due to lack of points).
What i'm trying (and want) to achieve, is to let my remote (WAN) users connect to my VNC server, but via my (Open)VPN public/external IP address.
I know i have to add a routing entry to the routing table, but i really have no clue what to enter.
Below is some useful information about my network:
IPCONFIG
Windows IP Configuration
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : home
IPv6 Address. . . . . . . . . . . : (assumebly public address)
Temporary IPv6 Address. . . . . . : (assumebly public address)
Link-local IPv6 Address . . . . . : fe80::71dd:e774:1c82:f1ba%12
IPv4 Address. . . . . . . . . . . : 192.168.0.227
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::98a3:ea3d:644e:7bd4%10
IPv4 Address. . . . . . . . . . . : 10.9.1.54
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . : (empty)
(Open)VPN IP data
- 10.9.1.53 (OpenVPN DHCP server/gateway)
- 10.9.1.54 (my local OpenVPN IP address)
ROUTE PRINT
===========================================================================
Interface List
12...60 a4 4c 3f 52 63 ......Intel(R) 82579V Gigabit Network Connection
10...00 ff 3c 66 f8 06 ......TAP-Windows Adapter V9
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.227 25
0.0.0.0 128.0.0.0 10.9.1.53 10.9.1.54 35
10.9.0.1 255.255.255.255 10.9.1.53 10.9.1.54 35
10.9.1.52 255.255.255.252 On-link 10.9.1.54 291
10.9.1.54 255.255.255.255 On-link 10.9.1.54 291
10.9.1.55 255.255.255.255 On-link 10.9.1.54 291
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
128.0.0.0 128.0.0.0 10.9.1.53 10.9.1.54 35
(public VPN IP) 255.255.255.255 192.168.0.1 192.168.0.227 25
192.168.0.0 255.255.255.0 On-link 192.168.0.227 281
192.168.0.227 255.255.255.255 On-link 192.168.0.227 281
192.168.0.255 255.255.255.255 On-link 192.168.0.227 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.9.1.54 291
224.0.0.0 240.0.0.0 On-link 192.168.0.227 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.9.1.54 291
255.255.255.255 255.255.255.255 On-link 192.168.0.227 281
===========================================================================
OpenVPN log:
Fri May 12 04:14:30 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.1.54/255.255.255.252 on interface {3C66F806-61B1-4EE3-9874-E1BB65CDFC75} [DHCP-serv: 10.9.1.53, lease-time: 31536000]
Fri May 12 04:14:30 2017 Successful ARP Flush on interface [10] {3C66F806-61B1-4EE3-9874-E1BB65CDFC75}
Fri May 12 04:14:30 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri May 12 04:14:30 2017 MANAGEMENT: >STATE:1494555270,ASSIGN_IP,,10.9.1.54,,,,
Fri May 12 04:14:32 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD (public VPN address) MASK 255.255.255.255 192.168.0.1
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.9.1.53
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.9.1.53
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 MANAGEMENT: >STATE:1494555272,ADD_ROUTES,,,,,,
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD 10.9.0.1 MASK 255.255.255.255 10.9.1.53
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 Initialization Sequence Completed
Fri May 12 04:14:32 2017 MANAGEMENT: >STATE:1494555272,CONNECTED,SUCCESS,10.9.1.54,(public VPN address),443,192.168.0.227,3053
VPNbook.com OpenVPN 'client' config that i use
client
dev tun1
proto tcp
remote [obtained VPN IP address] 443
remote [obtained VPN hostname] 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway
And finally some PING info:
Pinging 10.9.1.54 with 32 bytes of data:
Reply from 10.9.1.54: bytes=32 time<1ms TTL=128
Pinging [public VPN address] with 32 bytes of data:
Reply from xxx.xxx.xxx.xxx: bytes=32 time=53ms TTL=50
To recap: I want my clients to be able to VNC to my box using my public VPN IP address or its Dynamic DNS hostname that i have set-up.
Hopefully someone has the answer and a possible solution for me.
Best regards,
copyitright
Solution 1:
Great to see your working with Tight VNC.
I was running with Ultra VNC in my user's machine and connect them while I was working in the home.
I connect with Open VPN, I will just use VNC clients such as tight VNC viewer or Ultra VNC viewer.
I just put the IP of the user I want to connect as like I was in office.
I can access the office network.
So, there is no requirement for adding routing table.
Please refine your Tight VNC server in the machine, check the firewall ports that 5900 and 5901 is allowed.
If you find any other issue, or the same issue exists please don't hesitate to ask me back.
Thanks and regards,
Sathiya Moorthy K