Cannot connect to Linux (Ubuntu) machine through NetExtender, but I can through GVC
I'll preface by saying I'm not a network administrator and have little experience in setting up VPNs, tunnels, and other networking infrastructure. So please bear with me.
We have remote servers hosted by a third party that we have originally been accessing via a Global VPN Client (GVC) connection. The only issue is that this only works from Windows, so we requested a VPN that we could access from Mac and Linux devices. We were provided with credentials and domains we could use with NetExtender to (ideally) access our resources the same way as we would with GVC.
This works fine, I'm able to connect to the network and have access to all Windows servers on the network. However, there is one resource that is a Linux server, and that's the only one we cannot access via NetExtender that we could via GVC. Can't ping it, doesn't show up with nmap -sn on the subnet, can't ssh, anything. The other ones that are windows servers are fine and normal.
We've contacted the third party for support on this issue and they insist that their setup of the VPN and network is fine, so it must be an issue with the Linux server itself that it might be blocking SSLVPN specific requests in a way the Windows machines are not. I've tested it with NetExtender on both Windows and Linux and cannot connect to the Linux server on either.
Is there some configuration or firewall rule I'm missing? I've done ufw disable
and disabled AppGuard to no effect.
Answers
GVC and NetExtender do not work in the same way. By default with GVC the VPN client will be assigned an IP out of the X0 subnet. NetExtender requires an IP address pool.
For that reason, one possibility here is that the machines cannot be reached over NetExtender, but work with GVC, don't have the correct gateway.
I figured as much, though I don't know the intricacies of how it works; I'm just not sure what to do to remedy this. Is it a server configuration issue or a VPN/gateway configuration issue on my providers end?
This would specifically be about the server.
For example, if the server has an IP address in the X0 subnet and is not using the Sonicwall as its default gateway, then GVC clients with IPs from the X0 subnet will be able to reach it. NetExtender clients with IPs from the SSLVPN pool will not, because the server will not be sending its replies to the correct gateway.