Forum / NoMachine for Mac / Can’t connect to Mac host when it’s connected to a VPN
Tagged: vpn
- This topic has 23 replies, 3 voices, and was last updated 1 year, 11 months ago by Britgirl.
-
AuthorPosts
-
December 16, 2022 at 19:10 #42028BriBriParticipant
I’m running NoMachine 8.2.3 on a macOS 10.14.6 host. This Mac is generally connected to a VPN via the OpenVPN protocol using the app Viscosity.
I know NoMachine is working, since if I try to connect to my Mac from another system on my local network, I’m able to do so just fine.
I want to be able to connect to my Mac from out in the Internet, so I have my router set up to forward port 4000 to my Mac. When the Mac is not connected to my VPN, then NoMachine works fine there too, and I am able to connect to my Mac from a client outside of my local network.
However, when I try to connect to it from the Internet and my Mac is connected to the VPN, the connection times out client-side. I searched around on the forums for solutions, and saw the idea of adding a line to server.cfg that forces NoMachine to only bind to my local IP address to avoid binding to the VPN IP address. Something like:
NXdListenAddress “192.168.1.2”
I’ve confirmed that it’s using this binding address by checking the server logs. However it did not fix the problem, and I still can’t connect to my Mac from outside my network when it’s connected to my VPN.
Can someone please assist?
December 19, 2022 at 15:18 #42035TomParticipantHi,
you need to clarify a few things.
Do you have a VPN server configured in your local network and it allows access to the local network by VPN clients? When connected to you local network via VPN can you ping your local machines IP?
If you want to connect to your Mac from the internet, and you already have a VPN set up, you don’t need to open any ports. You just connect to its local address and port 4000 unless you changed it. What info are you using in the Player when connecting over VPN from the Internet?
Regards,
TomDecember 19, 2022 at 18:31 #42044BriBriParticipantTom, you are correct, I do need to clarify! And I need to correct a few things I got wrong in my first post.
My mac is connecting to a privacy VPN service, so the VPN server is not running on my local network. This means that my mac is the only one connected to the VPN. The VPN configuration sets its gateway as the default gateway, with a few exceptions that I’ve set up, so all outgoing traffic is routed through the VPN. (Specifically, I have it create static routes for certain IP addresses that go through the local gateway rather than the VPN gateway.)
Further, I had said that other systems on my local network could connect to my mac using NoMachine and the NX protocol. This is not actually correct. When my mac is connected to the VPN, no connections can be made with NoMachine at all, including from other systems on the local network!
However, I can still ping the mac using its local IP address from other systems on the network, and I can connect to my mac using any other service. (This includes ssh, ftp, smb, http or https, and so on.) So NoMachine is the only service that I can’t connect to while my mac is connected to its VPN.
December 21, 2022 at 16:17 #42083TomParticipantHi BriBri,
I need a few more tips 🙂
First, you mentioned that when you have a VPN client enabled on the Mac (let’s call it NoMachine Server), the other computers (let’s call them NoMachine Clients) on the local network can’t connect to it. Note that you can actually connect to NoMachine Server using e.g. ssh from NoMachine Clients, regardless of whether the VPN client is enabled or not.
Can you tell me if Viscosity is used to connect via the OpenVPN server, and if your network has the same address as the network you connect to using the VPN?
Please also clarify if, when you don’t have a VPN client enabled on the NoMachine Server, you can connect to it using NoMachine from NoMachine Clients?
Regards,
Tom
December 22, 2022 at 17:12 #42107BriBriParticipantTo answer your questions:
1. Yes, Viscosity is an OpenVPN client app, and I use it to connect to my VPN using the OpenVPN protocol. The OpenVPN server is out in the internet somewhere.
2. If I understand your question correctly, the NoMachine Server’s IP address on the VPN’s network is not the same as its IP address on my local network. Both networks are a different subnet with different IPs and IP ranges.
3. Yes, when the VPN client is disabled / disconnected, I can connect to the NoMachine server using any NoMachine client. Both NoMachine clients on my local network and NoMachine clients connecting over the internet are able to connect.
December 29, 2022 at 20:16 #42210TomParticipantHi BriBri,
It could be a problem not related to NoMachine, but we can check to make sure.
Paste your OpenVPN configuration file, change all non-local IP addresses to some characters, e.g. xxx.xxx.xxx.xx
Prepare and upload logs from server and client according to the instructions at https://kb.nomachine.com/DT07S00244Paste the results of the ifconfig command run in the macOS terminal before and after starting the VPN client.
Paste the results of the netstat -nr command run in the macOS terminal before and after starting the VPN client.
Regards,
TomJanuary 3, 2023 at 16:41 #42282BriBriParticipantBrief update: I’ve found that when my mac is connected to my VPN, I can in fact connect to it from systems on my local network. I’m not sure why it wasn’t working previously.
As for clients out in the internet, I’ll have to test that separately, but won’t be able to do so until I’m at a separate office later this week. I’ll report back when I have the logs as requested.
January 6, 2023 at 18:11 #42346BriBriParticipantOkay, here’s all the information you requested. Let me know if there’s anything else you need.
Attachments:
January 9, 2023 at 17:23 #42382TomParticipantHi Bri
Logs from nxplayer are missing.Collecting client side logs manually
– launch the NoMachine UI on the user’s computer from Programs or Menu
– click on Settings -> Player -> Security
– check Don’t delete log files on exit option
– Connect to the server and reproduce the problem.
– Compress the user’s home/.nx directory containing logs.
Try collecting them and sending them againPlease view the attached drawing and confirm that this is the case you want.
The red arrow is the connection that always works.
The yellow arrow is a connection that is not working.
For the clarity of the drawing, I omitted the information that computer 1 and computer 3 are connected to the same VPN server.Ragards,
TomAttachments:
January 13, 2023 at 18:09 #42478BriBriParticipantI just tried again. Let me know if this is the logs you need.
Attachments:
January 16, 2023 at 14:48 #42501TomParticipantHi BriBri,
I checked log and I found that you try connect to host ‘whatever.xxx.net’ (I change domain name from logs to xxx).
If it is to be connected from the Internet to your host using a VPN, the address should look like this, for example, 192.168.x.x or 10.x.x.x.
Unless your DNS translates whatever.xxx.net to such an IP address.
Please see the diagram from my previous post and confirm which connection is not working.Regards,
TomJanuary 16, 2023 at 19:08 #42509BriBriParticipantTom,
The hostname I am connecting to resolves to my home office’s public IP address. I have port forwarding set up so that port 4000 is forwarded to the Mac running NoMachine.
I’ve confirmed this works because if my Mac is not connected to my VPN service, then I am able to connect just as I attempted to in the log file that I posted. It’s when the Mac is connected to the VPN that I am unable to connect from outside my local network.
January 17, 2023 at 14:25 #42523TomParticipantHi BriBri,
I don’t understand how you want to connect.
If you are trying to connect to a public IP, you are bypassing the VPN.
Is that what you meant?Please view the attached drawing and confirm which case doesn’t work
Case 1) The red arrow (connection via VPN)
Case 2) The green arrow (direct connection)For the clarity of the drawing, I omitted the information that computer 1 and computer 3 are connected to the same VPN server.
Without understanding how you want to connect, I won’t be able to help you.
Regards,
TomAttachments:
January 17, 2023 at 15:07 #42527BriBriParticipantThanks for the drawing, as it does allow me to clarify:
The green arrow represents how I am trying to connect.
The VPN service is meant for privacy, and only intended for helping to anonymize computer 1’s outgoing internet traffic. It’s not intended for connecting to other systems on the VPN, and in fact the VPN service is specifically set up to forbid this.
My home office’s router forwards all traffic on port 4000 to computer 1’s LAN IP, so that should bypass the VPN and connect to an open port on computer 1’s ethernet interface. And this is what happens for all services other than NoMachine.
January 17, 2023 at 15:57 #42531TomParticipantI think everything is clear now.
Connection from client to server works when you don’t have VPN enabled. When you turn on VPN, it stops working.Can you try connect using NoMachine to the server (with VPN enabled) using Public IP not whatever.xxx.net domain?
Can you, with VPN enabled, ping whatever.xxx.net?
Are you connecting to the server via SSH using the domain with the VPN enabled? For example, ssh user@whatever.xxx.net?Regards,
Tom -
AuthorPosts
This topic was marked as solved, you can't post.