Tricky VPN: why is 1 ip not enough to access a vpn server?

N

nrv2020-03-29 11:44:01

VPN

nrv, 2020-03-29 11:44:01

To connect to the VPN, I want to use a virtual machine and forbid the virtual machine itself to go anywhere except the VPN server. The meaning of connecting to a VPN is RDP, inside the grid is my working computer.
This is necessary (virtual, VPN, of course, it works without it), because the VPN server is specific, I can only connect there with a specific client and VPN tunneling is enabled in this client (all traffic is sent to the VPN), which I cannot turn off. As a result, I have no Internet on the host.

It is clear that simply by raising the virtual machine, the issue is resolved: what needs to be done in the VPN network (RDP) - I do it in the virtual machine, and the host does not turn into a pumpkin.
But - such a Wishlist - I want to limit the network access of the virtual machine to the local area and the desired VPN server.

I tried this way: the virtual machine (Virtualbox) has the network type "network bridge" when the host's network card works for 2 and the virtual box gets into the local area with a separate IP address. The router by MAC assigns it the desired address. Further, the router limits everything to it and allows the local area and the VPN server (ip is known). It doesn't work for VPN server only. He doesn't ping. The locale is working. If you turn off the restrictions, the VPN works. If you check the operation of the scheme in general - we change the ip where you can go to 8.8.8.8, for example - 8.8.8.8 works while access is allowed on the router there and does not work when it is not allowed. As for the IP VPN server - it is not available:
- there are no restrictions on the router yet, it is available
- I restrict everything, they allow LAN, IP VPN server is not available, LAN is available
- the same scheme with replacing IP VPN with any other (for example, 8.8.8.8) - there is excellent access to this address.

Why? Well, ping would work, but the VPN did not work. But ping doesn't work either. Is it possible to process ping to answer or not, depending on something?
VPN - non-standard, CheckPoint VPN, it will not be possible to connect to it by another client.

Settings from the router

192.168.4.6 - the address of the virtual machine, the VPN address is smeared.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

Z

Zolg, 2020-03-29
@nrv

Yes, stream of consciousness.
And in the rules of the firewall it seems too. Have you read the documentation for the firewall you are using? In what order are the rules executed and when do they stop executing?
Well, to the heap:
What does the entry "192.168.4.6/192.168.4.6" mean?
And what is the sacred meaning of the first rule?

D

Dimonchik, 2020-03-29
@dimonchik2013

you can throw out the confusion (this is the whole text, if cho) and clearly, specifically, starting with the routing table (route print , route -n) and the required routes, rewrite the question

K

Karpion, 2020-03-30
@Karpion

First you need to explain what "***_remote", "***_remote_0", "***_remote_1" means.
Explain what you have written in the column "IP source." In theory - after the slash d.b. mask, as in "destination IP".
Try swapping rules 2 and 3 - first all the rules are "possible", then all the rules are "not allowed".