I've worked this over from top to bottom too many times to count. I'm sure its something I am overlooking, so please walk me through what I am missing to get this working.
I appreciate the help.
I just barely installed Astaro less than a week ago. I have got everything working great internally, but I can't access my local resources from the SSL VPN.
The client is able to access the user portal, download and install the Astaro SSL VPN client app, and then can connect, and get an IP from the VPN Pool 10.242.2.0/24 For example, they would get the IP 10.242.2.6 and have the IPv4 DHCP address of 10.242.2.5. The Gateway is blank.
If I ping 10.242.2.6 from inside my network, I get 100% received. But I can't see the computer in Network places (windows file share) and they can't see me. I am also unable to use Windows RDP in either direction. On the internal network, when something isn't working, I know where to look. I can check the firewall, and add the necessary rules. But since the SSL VPN is supposedly automatically doing this, I can't find the problem.
I've attached a connection log from a remote client.
The connection is successful. I get an IP from the IP pool, but I can't access computers inside the local network.
For example, I open Windows Remote Desktop, and type the computer name, it doesn't see it.
I imagine I am just missing a step somewhere.
On the remote client, the new VPN network shows up in network and sharing center, and I have tried setting it as a "Work" network to allow file sharing. Still, I can't see any computers from Internal (Network) 192.168.45.0/24
Try to connect with RDP by IP address instead of computer name. I believe if you want to connect by name you would need to specify a WINS server on the advanced settings for the vpn in astaro.
I tried using the IP address 192.168.45.2 of a computer inside my network to connect to RDP. I wasn't able to connect.
Wouldn't 10.242.2.0/24 and 192.168.45.0/24 be on completely different subnets? Do I need to give VPN clients a local address?
I couldn't get firewall logs because I can't get to the webadmin from VPN either. I will be able to give more details once I am back at the Astaro later today.
are you running the sslvpn client as "admin" when executing the binary, and on your client when connected if you do a "route print" do you have a route to the 192.168.45.0 network? (to answer your question yes, the ssl vpn pool and the local lan are on different subnets, which is correct and intended).
To be able to access WebAdmin when logged in via VPN, add your "Username (User Network)" object to 'Allowed networks' in 'WebAdmin Settings'. Then, access WebAdmin via the IP of "Internal (Address)".
But, I think defining the problem as "it's not working" is getting in the way of finding a solution. In fact, you've mentioned several different issues, each of which can be caused by settings in the PCs. For instance, have you ever successfully RDP'd into either of the PCs in question? If not, then the PCs may need to be configured to accept remote connections.
I misunderstood exactly what the VPN does. I now am able to connect to the Internal Network. I thought that the computer names would be usable, but like AngeloC said, it appears I would need to set up a WINS server.
