0

i have following setup: 192.168.0.1 - my router base on routerOS with public static ip X.X.X.X. on router i have nat rules for redirect all incoming request to 80,443 port to server in LAN (192.168.0.2) also i have masquerade rule which give access client from LAN to WAN also i have private DNS server which have dns records for some private resource: management.myprettydomain.com -> 192.168.0.3 also we have same entry on public dns: management.myprettydomain.com -> X.X.X.X

so, client in LAN can access to management system and people outside on LAN also can access to it. this is work.

but now one of client need to establish VPN connection to customer server and after that this client cannot access to management system. as expected after connection establish management.myprettydomain.com resolved to X.X.X.X but client get "connection refused" error

can anybody give me some advise what i need to do for this case? i see harpin nat but with no luck

Anatoly Kryzhanovsky
  • 11
  • 2

1 Answers1

0

It depends on the vpn setup of the client. It seems that all client traffic is routed through the vpn connection. You want to access local resources so, the vpn connection must allow split tunneling. This configuration is a setting on the vpn server and is pushed to the client. You have to contact the it staff at the customer and ask him to exclude your local network in the vpn configuration.

You may have dns issues after all, depends on the vpn solution. If the vpn client overwrites your dns configuration to resolve names inside of the vpn you can't resolve hostnames on your local network.

Alexander Worlitschek
  • 326
  • 1
  • 9
  • Looks like the client gets DNS settings from VPN when connected. But if the VPN server does not have IP forwarding enabled and masquerade in place, then they they cant connect to the management site using the external IP address. – Lasse Michael Mølgaard Feb 25 '20 at 10:10