Community discussions

MikroTik App
 
dazzaling69
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Wed Feb 22, 2017 12:01 pm

LAN Access Problem from External VPN Connection

Wed Oct 26, 2022 4:18 pm

I have a Wireguard VPN setup on my router. This works fine for WAN access, apart from the problem below. Also, I have tried other VPN methods and had similar problems.

I have a server on the LAN called "Examplename". When I'm in the LAN I can access SMB via \\Examplename and web services via http://Examplename:port. However, when I connect from the VPN I cannot resolve Examplename using either protocol and have to use the IP address.

How can I fix this?

Thanks.

Dazzaling69
 
dazzaling69
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Wed Feb 22, 2017 12:01 pm

Re: LAN Access Problem from External VPN Connection

Tue Nov 01, 2022 6:56 pm

Can anyone help with this?
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 5:21 am

It's problematic. When you're in same LAN, it uses mDNS or some other local resolution, but that won't pass between different subnets. I never tested it, but WG has option for DNS server (you'd set it on client), which should probably have preference. So if you'd point it to router (its address accesible using WG) and added static record for Examplename (in /ip dns static), it could work. But it's manual config that you have to keep in sync. Additionally, if it's not FQDN (i.e. not Examplename.somedomain, just Examplename), client may have trouble resolving it. You know, numeric IP addresses are not too bad. ;)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 1:34 pm

Concur with SOB,
If you are already inside the router WTF are you using domain name for?
Simply use the LANIP of the server!! The domain name is to connect on the WAN side to the router in front of the server.
You are connecting via the VPN and thus are already within the router.

What you need is forward chain firewall rules to ensure access from wg users to server.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 6:03 pm

Don't get me wrong, names are not bad either. For many people it's easier to remember "myserver" than 192.168.88.172, plus you can keep it even when you change the address for some reason. I'm all for hostnames, it's just that it's not exactly straightforward and there are obstacles.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 7:10 pm

Too complex for me.....
I dont even know how that would work.

Do you put domain name in allowed IPs on a client, even allowed?
Assuming one would put 0.0.0.0 i guess.

How does client distinguish between the handshake WANIP and the domain NAME ip poresuming they are one and the same, trying to go through the tunnel.......

or do you mean using domain name where it equates to the LANIP of the server, something I have never heard of........

++++++++++++++++++++++++++++++++++
If a tree fell in a forest empty of animals, would it make a noise......

If I cant understand this scenario, is there a solution...........
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 7:42 pm

Imagine that you have nice small home network with router and NAS named "NAS" (not everyone is creative), where you store your precious files. When you're at home and want to enjoy some of your files, you just open \\NAS\MyFiles folder. Sometimes you're away, but still want to enjoy your files. So you setup a VPN to allow access to your home network from anywhere. You connect to it, and it works, wonderful! But then you try to open \\NAS\MyFiles and nothing happens. What's that, why doesn't it work? So you dig around and find out that you must open \\192.168.88.172\MyFiles. Ok, it's better than nothing, but come on, isn't it stupid? It's 2022, aren't computers good enough already to handle such simple thing? Yeah, well, ...

Clear?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 9:14 pm

Not so simple.

What is FQDN of NAS from the example? And what IP it should resolved to? If local domain of computer is set manually to a different name than the local and remote network then what is the proper one used to resolve? What if there is NAS called NAS in the local subnet and NAS called NAS in the remote one? Which is "the good one"? Staying in Windows world what about NetBIOS name resolution over TCP? Should it take over DNS or not?

Unclear? :) :)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: LAN Access Problem from External VPN Connection

Wed Nov 02, 2022 9:39 pm

My last post was for @anav, who seemed to not understand what it's all about. It describes what regular user probably expects. But it's true that reality is more complicated. To be honest, I'm not sure if there's some good solution for this, some best practice how it should be done. You can have domains, but custom ones are problematic too. I don't know, perhaps there's no "official" way how it should work for small users?
 
dazzaling69
Member Candidate
Member Candidate
Topic Author
Posts: 104
Joined: Wed Feb 22, 2017 12:01 pm

Re: LAN Access Problem from External VPN Connection

Mon Nov 07, 2022 11:59 pm

Thank you all for your replies. I guess I did just expect it to work, as in, if I VPN from client to server, using the same DNS and into the same network, I thought all would work as expected. I'm still surprised it doesn't work like that (but then I'm not a black belt in networking, probably orange belt), but a static route might be the answer.

And to add to the discussion, yes it is easier to just type \\NAS than an IP address. I can of course type the numbers, but it's annoying.

Thanks for the static route suggestion.

D.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: LAN Access Problem from External VPN Connection

Tue Nov 08, 2022 1:43 am

I dont get paid for my advice, so annoying but it works, is great news LOL.
If there is no simple MT way to do this, then annoying wins the day!!

Who is online

Users browsing this forum: outtahere, sas2k and 49 guests