Redirect/tunnel (Tight)VNC traffic over (Open)VPN connection? (Windows)

vpn vnc openvpn

(updated routes list/OpenVPN connection data to reflect the current situation)

This probably has been asked/answered before, but i'm really lost (and i can't comment on other/existing questions yet due to lack of points).

What i'm trying (and want) to achieve, is to let my remote (WAN) users connect to my VNC server, but via my (Open)VPN public/external IP address.

I know i have to add a routing entry to the routing table, but i really have no clue what to enter.

Below is some useful information about my network:

IPCONFIG

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home
   IPv6 Address. . . . . . . . . . . : (assumebly public address)
   Temporary IPv6 Address. . . . . . : (assumebly public address)
   Link-local IPv6 Address . . . . . : fe80::71dd:e774:1c82:f1ba%12
   IPv4 Address. . . . . . . . . . . : 192.168.0.227
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::98a3:ea3d:644e:7bd4%10
   IPv4 Address. . . . . . . . . . . : 10.9.1.54
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Default Gateway . . . . . . . . . : (empty)

(Open)VPN IP data

  • 10.9.1.53 (OpenVPN DHCP server/gateway)
  • 10.9.1.54 (my local OpenVPN IP address)

ROUTE PRINT

===========================================================================
Interface List
 12...60 a4 4c 3f 52 63 ......Intel(R) 82579V Gigabit Network Connection
 10...00 ff 3c 66 f8 06 ......TAP-Windows Adapter V9
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.227     25
          0.0.0.0        128.0.0.0        10.9.1.53        10.9.1.54     35
         10.9.0.1  255.255.255.255        10.9.1.53        10.9.1.54     35
        10.9.1.52  255.255.255.252         On-link         10.9.1.54    291
        10.9.1.54  255.255.255.255         On-link         10.9.1.54    291
        10.9.1.55  255.255.255.255         On-link         10.9.1.54    291
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0        10.9.1.53        10.9.1.54     35
  (public VPN IP)  255.255.255.255      192.168.0.1    192.168.0.227     25
      192.168.0.0    255.255.255.0         On-link     192.168.0.227    281
    192.168.0.227  255.255.255.255         On-link     192.168.0.227    281
    192.168.0.255  255.255.255.255         On-link     192.168.0.227    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link         10.9.1.54    291
        224.0.0.0        240.0.0.0         On-link     192.168.0.227    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link         10.9.1.54    291
  255.255.255.255  255.255.255.255         On-link     192.168.0.227    281
===========================================================================

OpenVPN log:

Fri May 12 04:14:30 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.9.1.54/255.255.255.252 on interface {3C66F806-61B1-4EE3-9874-E1BB65CDFC75} [DHCP-serv: 10.9.1.53, lease-time: 31536000]
Fri May 12 04:14:30 2017 Successful ARP Flush on interface [10] {3C66F806-61B1-4EE3-9874-E1BB65CDFC75}
Fri May 12 04:14:30 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri May 12 04:14:30 2017 MANAGEMENT: >STATE:1494555270,ASSIGN_IP,,10.9.1.54,,,,
Fri May 12 04:14:32 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD (public VPN address) MASK 255.255.255.255 192.168.0.1
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.9.1.53
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.9.1.53
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 MANAGEMENT: >STATE:1494555272,ADD_ROUTES,,,,,,
Fri May 12 04:14:32 2017 C:\Windows\system32\route.exe ADD 10.9.0.1 MASK 255.255.255.255 10.9.1.53
Fri May 12 04:14:32 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Fri May 12 04:14:32 2017 Route addition via IPAPI succeeded [adaptive]
Fri May 12 04:14:32 2017 Initialization Sequence Completed
Fri May 12 04:14:32 2017 MANAGEMENT: >STATE:1494555272,CONNECTED,SUCCESS,10.9.1.54,(public VPN address),443,192.168.0.227,3053

VPNbook.com OpenVPN 'client' config that i use

client
dev tun1
proto tcp
remote [obtained VPN IP address] 443
remote [obtained VPN hostname] 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-128-CBC
fast-io
pull
route-delay 2
redirect-gateway

And finally some PING info:

Pinging 10.9.1.54 with 32 bytes of data:
Reply from 10.9.1.54: bytes=32 time<1ms TTL=128

Pinging [public VPN address] with 32 bytes of data:
Reply from xxx.xxx.xxx.xxx: bytes=32 time=53ms TTL=50

To recap: I want my clients to be able to VNC to my box using my public VPN IP address or its Dynamic DNS hostname that i have set-up.

Hopefully someone has the answer and a possible solution for me.

Best regards,

copyitright


Solution 1:

Great to see your working with Tight VNC.

I was running with Ultra VNC in my user's machine and connect them while I was working in the home.

I connect with Open VPN, I will just use VNC clients such as tight VNC viewer or Ultra VNC viewer.

I just put the IP of the user I want to connect as like I was in office.

I can access the office network.

So, there is no requirement for adding routing table.

Please refine your Tight VNC server in the machine, check the firewall ports that 5900 and 5901 is allowed.

If you find any other issue, or the same issue exists please don't hesitate to ask me back.

Thanks and regards,

Sathiya Moorthy K

Related

How to configure subnets/VLANs to restrict access to WAN/other VLANs?
A new logical volume appearing after reducing the size of another
How can I check the outgoing HELO name of my sendmail server?
Using certbot DNS authorization with multiple API accounts?
How to view all the steps involved in ldapsearch operation?
Zabbix doesn't run custom alert script
DNSSEC - Google Cloud and Cloudflare - Which DS Record do I give to the Registrar?
Setup in nginx will lead to security warning in Google Chrome
How to give permissions to local computers using computers' MAC addresses in Windows Server 2016 for file sharing
connect to smb share with root access [closed]
between ex4 and XFS which is better for large small files [closed]
nginx return 404 if query param contains special char '<'