search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.33k stars 579 forks source link

Agent installed on a network B behind VPN cant be seen in Meshcentral located in a netwerk A #4970

Open mesmariusz opened 1 year ago

mesmariusz commented 1 year ago

Describe the bug Agent installed on a network B behind VPN cant be seen in Meshcentral located in a netwerk A

To Reproduce

  1. Setup the LAN_A addressess 192.168.56.0/24 (L2TP over IPsec server)
  2. Setup the LAN_B addressess 192.168.7.0/24 (L2TP over IPsec client)
  3. Set both networks fully transparent (you can easly ping 192.168.56.0/24 <-> 192.168.7.0/24) with no any interruption
  4. Install meshcentral server on one Windows 11 host eg. 192.168.56.111 (LAN_A)
  5. Install meshcentral agent on one Windows 10 host eg. 192.168.7.100 (LAN_B)
  6. Log into meshcentral server and:
    • you can't see the agent at "my devices" (should be visible automatically and immediately after agent on remote machine installation)
    • you can add as AMT, using scan network (AMT, present)

Expected behavior Agent should be visible @ meshcentral server automatically and immediately after agent on remote machine installation

Server Software (please complete the following information):

Client Device (please complete the following information):

Remote Device (please complete the following information):

Additional context No other context.

Your config.json file Probably not necessary.

thermionic commented 1 year ago

At a guess, there is no DNS resolution for the agent to contact the server.

mesmariusz commented 1 year ago

If I'm logged in to the meshcentral server (192.168.56.111 located on LAN_A) from the same machine where the agent should be installed, using (192.168.7.100 located in LAN_B) using a webbrowser and IP address 192.168.56.111 to connect the meshcentral webpanel, and then I downloaded apropriate agent (from meshcentral to this remote host), and then I install it, I unfortunately can't see the agent visible in a meshcentral.

If I'm able to connect from this host (192.168.7.100) using the meshcentral webpanel IP address 192.168.56.111 in the browser on this host, what more should I do to make it possible make for this agent to be able to connect to meshcentral? Is this neccesary and possible to define for this agent the IP of meshcentral (192.168.56.111) ? If yes, where are stored the agent config files ?

OutbackMatt commented 1 year ago

Does your VPN restrict which ports are used?

PathfinderNetworks commented 1 year ago

If you go to one of the computers where your MeshAgent is installed and browse to the installation folder (the location of which will be dependent on if you've customized the agent or not- but should be something like C:\Program Files\MeshAgentName\Mesh Agent) and open the MeshAgent.msh file with a text editor like Notepad what are you seeing for the "MeshServer=wss://" line?
That line will tell you what the server name (or IP address) is of the Mesh Central server they are trying to connect to as well as which port. If it's using a FQDN instead of IP address make sure you can resolve that FQDN from that device.

mesmariusz commented 1 year ago

The line I see on that host (192.168.7.100) is:

MeshServer=local

But why ? Should be 192.168.56.111...

OutbackMatt commented 1 year ago

You can modify that file manually

The reason that it is incorrect is that MeshCentral server doesn't know about the VPN and the VPN addresses This could be set in the config.json with a new 'domain' or you can simply modify the agent config as you go

nzalev commented 1 year ago

The line I see on that host (192.168.7.100) is:

MeshServer=local

But why ? Should be 192.168.56.111...

Your config.json file Probably not necessary.

Ironically, this would have given it away instantly. Your mesh server is running in LAN only mode. In this mode, the agents use broadcasts on the local network to locate the mesh server. Obviously, the broadcast domains are separate on different subnets.

Set the following key in your config.json, under "settings".

    "WANonly": true,

Remove LANonly if it is present.

You will need to redeploy agents or update their .msh files to point to the mesh server.