Login in freenas through vpn

[tony huang]

I am using a zyxel vpn tunnel. I can use ssh into other computer at home from my office. However, I cannot ssh into my freenas server. Looks like it has a firewall comes with freenas that is blocking my vpn traffic. I google it, but most people said freenas doesn't come with firewall, but it doesn't make sense to me. Because once I ssh into my another server at home, I can ssh into my freenas server from there. I just not be able to ssh into it from my office computer directly. Are there any tutorial about how to configure the firewall or anyone know what is going on?

 

[pirateghost]

There isn't a firewall and I don't see anything in the sshd config that would block access. I use VPN access into my network and have full access to my FreeNAS boxes.

Sent from my Galaxy Nexus

 

[tony huang]

I can't ssh or visit webui through vpn. I don't see any blocking log in the vpn tunnel. Also I can ssh into other servers that in my home network. If it is not firewall, what could be the reason?

 

[pirateghost]

Does your FreeNAS have a default gateway configured?

Sent from my Galaxy Nexus

 

[tony huang]

Yes, I had the default gateway set to my router, and reboot the server. Still not be able to VPN into it

 

[pirateghost]

Is your subnet/netmask configured properly? I have seen this issue before on other networks (unrelated to FreeNAS).

 

[Whattteva]

Did you verify if you can at least SSH to it when you're on the local network (not through VPN)?

EDIT: I just reread your post CAREFULLY this time and realized my stupid answer lol.

I've never used whatever VPN tunnel you mentioned (Zyxel), but does it create its own subnet?
If it does, then either your default gateway or your FreeNAS machine needs to know how to route traffic from/to that VPN tunnel.

It could be the case that your FreeNAS machine actually gets the traffic but does not know how to route back to it (reply) since it does not have the relevant entry on its routing table.

Check /var/log/messages to see if you can at least see login attempts to it.

 

[tony huang]

I did make it work now. But setting the default gateway using webui didn't work on me. Even i reboot the server after setting it. I made it work by using the configuration function in the login. Delete the gateway and recreate one, now it works. So weirded.

 

[scurrier]

Sorry to resurrect this thread.

What do you mean by "made it work by using the configuration function in the login?" I am having this same issue when connected via VPN, whose IP range is a different subnet. I can connect to other network resources just fine, but I can't SSH to the FreeNAS box or access it via the webgui. Amazingly, I can ping it just fine.

I've checked that the gateway IP is correct (why didn't it pick this up via DHCP?)
I've tried deleting and re-specifying the gateway IP
I've added a static route to FreeNAS to the VPN subnet through the gateway
I've checked that the FreeNAS routing table properly points to the gateway
Pings to FreeNAS are successful

I tried to check the logs but after some testing I didn't see any log file which would log connection attempts.

Full disclosure, I can't connect to the internet through my VPN, which has been a long standing problem I've had with it and my android phone. But I've had no problems with my private network resources.

What else could there be? I might have to bust out wireshark tomorrow and see what communication is happening at the packet level.

 

[scurrier]

Further troubleshooting: Today I portscanned my FreeNAS box via the VPN. It was able to find ports including port 22, the SSH port. So I know that some traffic had to make it through the VPN in both directions for me to be able to scan and find this port. Strange. Like I say, when I get more time I will try wireshark and report back if I figure it out.

 

[scurrier]

I ran wireshark port mirrored w/ my FreeNAS box and filtered for traffic relating to my VPN subnet AND my freenas ethernet address. See attached picture of the important part of the capture. Here's what I note:

1. manual pings make it through before the ssh is started
2. when I start ssh, the initial communication seems to be working
3. then something happens and it appears that the remote ssh vpn client cannot get traffic to the freenas box, but...
4. manually pinging while this is happening reveals that ping traffic can make it through!
5. eventually freenas gives up and send an rst

One thing I also noticed is that packet 166 might be an out of order packet. Not sure about that though.

I have a feeling the problem is very simple. Unfortunately, I've studied this and I think I've reached the extent of my ability to diagnose it. I revisited my VPN settings and can't find anything configuration problems that are consistent with the symptoms here. Would appreciate any help that is offered to me.

Edit: One other strange thing to me is that the VPN client's address's last octet is 0. I thought this was a reserved address. Stupid VPN router won't let me look up the VPN client's address anywhere in the management interface to understand this. Maybe it is doing NAT or something between the VPN subnet and the local subnet? If so, that seems unnecessary and dumb.

Double edit: OK, I figured out why the last octet was zero. That's what the VPN pool was set to on accident. Doh. Still, I ran a packet capture again and the result is identical.