Juan's picture
I need to connect external computers to a local domain. What ports must be open on the router to allow the connection? or I have to make it other way? I use the domain controller version 16.0
Jeremy Davis's picture

Ports are:

TCP: 22 80 88 135 139 389 443 445 464 631 3268 12320 12321
UDP: 123 137 138

FYI, they are noted in the appliance's Makefile. You could also check the firewall config in Webmin.

Note, of the TCP ports, that is all the ports that need to be open to access every service. If you just want Samba, then you can skip many of them. E.g. 22 is SSH, 80 & 443 are HTTP & HTTPS respectively; 12320 & 12321 are Webshell & Webmin respectively.

Having said that, personally I wouldn't be connecting a domain across the internet like that. I would be linking into the site via a VPN. Then connect to the domain via the VPN.

Juan's picture

I have downloaded and installed openVpn, but I am not sure how to use it. Any manual that can guide me?

Jeremy Davis's picture

You'll need to have 2 VPN instances running - one on each end (i.e. one within each separate LAN you want to join together). One will be the "server" and the other the "client" (it shouldn't matter which is which). The OpenVPN setup docs give an overview and the specific "site to site" instructions give more details. Note that the site to site instructions explicitly explain linking a LAN to an AWS VPC - but the theory remains the same to link 2 LANs.

Out of interest, as well as OpenVPN, we also have a WireGuard appliance. WireGuard is a newer and much more performant open source VPN. Unfortunately we haven't yet published the v17.x release yet, but it shouldn't be too far away (it's sitting in the bucket - just waiting on my colleague to do final signing and publishing to the mirror). Hopefully within the next few days.

Juan's picture

To connect a computer outside the local network with this topology.

Central Offices                                                                 
Sample static IP                                                     Dinamic IP
| domain       | openvpn   |             <=> internet <=>               remote computer  
|--------------+------------+                                                            +---------------------------+


Domain and openvpn are separate server.

How would the setup be?

Would it be necessary to use the openVPN application to join the machine to the local domain?

Can be done? 

Jeremy Davis's picture

Hi Juan, to be completely honest with you, I'm a bit vague on the specific details, but if the remote end is a standalone system (i.e. not 2 separate LANs that you want to join together) then you should be able to just install the OpenVPN client software on the remote end. Then join the VPN and access the domain server via the VPN. Obviously that won't work for roaming users or folder redirection, but it should allow the remote machine to connect to the domain server (although I'm not sure if that will support your use case or not?).

Even if that is workable for you, I'm not completely sure about how you would set it up with a DMZ as well. But I'm fairly sure that it could be done.

I'm not the best person to assist with VPN setup. I know the theory, but haven't spent a ton of time playing with VPNs - OpenVPN or otherwise.

We have a dev who is much more knowledgeable than me who I'll ask to have a look at this (and he isn't super VPN expert - just way more knowledgeable about VPNs and networking than me). Unfortunately, that won't be until Tue next week at the earliest. In the meantime (or perhaps even better still), I suggest asking over on the OpenVPN forums? If you describe your desired usage (i.e. connecting to a remote domain via OpenVPN) I'm sure someone over there should be able to help out.

Add new comment