can't access some resources vpn

rabienz · November 16, 2017, 10:03pm

Dear Guys,
i have setup RB configured as VPN l2tp over ipsec
and i connect to it normally from windows 10 client
everything is working fine i can ping all devices on LAN normally
my only problem is that i can’t access my PBX web admin while i can ping its IP address
i checked it on firewall connections and i can see connection on port 8089 which is exactly my PBX port
N.B : its https web admin

my wan connection is PPPOE client on RB with public static ip address

N.B i also tried to setup PPTP VPN in order to test and it leads to the same problem
i also disabled all firewall rules and no success

N.B i have in different location a similar setup but the only difference is there is no PPPOE connection but its microwave connection with static ip directly to Ethernet

am i missing something in my configuration ? please help
thank you in advance

rabienz · November 17, 2017, 10:10am

any help ?

jmatwyko · November 19, 2017, 10:12am

It is possible that you have the setup correctly configured but you are being misled by the web browser your are using to manage the PBX remotely (and its failure to connect message).

I’ve had this occur occasionally. Example. if you are trying to connect to https://xxx.xxx.xxx.162:4229/base/web_main.html and this portion “/base/web_main.html” already exists in browser cache due to previously connecting locally (at premise) on LAN or a similar management webpage (same hardware but different remote LAN). Try clearing browser cache or using a different browser that could not have previously cached this bit of html.

Worth a try…

docmarius · November 19, 2017, 10:19am

If you use a different subnet on your tunnel and your PBX there could be an issue. For added security, it is possible that the PBX does not accept management connections from hosts outside its LAN. In this case you need to set up some src-nat/masquerading on the LAN port, so that the PBX sees your connection as locally originated.
This applies by default e.g. on windows machines, where one can ping them, but no smb connection can be established.

rabienz · November 19, 2017, 10:25am

thank you for reply
i already tried clearing cache and used many browsers but without success

on another note
vpn users are using the same subnet as lan

rabienz · November 19, 2017, 10:31am

for info
the problem is not only for accessing PBX i can’t access any devices on lan via webadmin while i can ping them all
example devices are :
printer
nvr
ip phone

the only device i can access via webadmin is the hp switch which i noticed that its http and not https
even the mikrotik firewall itself i can’t access webconfig