External access to services hosted on Windows machine connected to VPN
Hi there,
I have the PIA client running and connected on a Windows Server 2016 VM, which also runs several services with web interfaces.
On my local LAN, I can connect to these web services without issue..
However, for my external domain/IP which points to my pfSense router, if I have the appropriate ports forwarded to the internal LAN IP of this box, external access is not functional.
I assume the distinction here, is internally, the gateway isn't required as the routing is all on the same subnet.
Externally, the VPN gateway is being used, so whilst external requests may get to the box, it sends the response out via the VPN gateway and not my own gateway?
Is there any way to allow external access to these web interfaces, whilst still having all other traffic go out via the VPN?
Split-tunnelling comes into the picture here I believe, but I am unclear how to distinguish the two sets of traffic and ensure they go where they are supposed to go.
Many thanks
Eds
I have the PIA client running and connected on a Windows Server 2016 VM, which also runs several services with web interfaces.
On my local LAN, I can connect to these web services without issue..
However, for my external domain/IP which points to my pfSense router, if I have the appropriate ports forwarded to the internal LAN IP of this box, external access is not functional.
I assume the distinction here, is internally, the gateway isn't required as the routing is all on the same subnet.
Externally, the VPN gateway is being used, so whilst external requests may get to the box, it sends the response out via the VPN gateway and not my own gateway?
Is there any way to allow external access to these web interfaces, whilst still having all other traffic go out via the VPN?
Split-tunnelling comes into the picture here I believe, but I am unclear how to distinguish the two sets of traffic and ensure they go where they are supposed to go.
Many thanks
Eds
Comments
Seems to work a treat
When you're connected to the VPN, it gets complicated because while the connection comes from your ISP, the address to reply to is a public IP so the reply your computer sends back ends up through the VPN, where it's an invalid connection state (from the perspective of the VPN server) so it gets dropped. It's really hard to fix, so the best solution is to use a router that can handle this correctly for you, in this case pfSense.