Received the following comments from Greg yesterday, along with thanks for your speedy work:
Tried the guide this morning and my phone, although finding the WMT Guest opening screen could not go further, but fine this afternoon. It looks good, no comment on the voice. I hope Mandy will be able to print out and fix new signage that I will forward to her.
For reference Greg has a Samsung S9 running Android 10.
Since I last posted on this issue I've had a number of email exchanges with the author of Pistrong (strongSwan installer script for the VPN Server) in the hope that his superior networking knowledge might help. Here is the current situation:
The Webserver content is accessible to Visitors on site without any reported issues to date. This means that Nodogsplash is doing what it should do.
The Webserver (and all other networked devices) may be accessed from a laptop logged into the WMT Network on site. (see Notes below.)
The DNS Server works properly for all devices logged into the WMT Network from the site.
The Webserver is inaccessible to clients logged into the WMT Network via VPN unless an intermediate device is used as a 'stepping stone'. (eg, log into Sump Pi and then log in to the Webserver from there.
The DNS Server does not work for clients logged into the WMT Network via VPN.
Notes:
The inability to access the DNS Server from my laptop that I reported on the 7th was due to some idiosyncrasy of the on-board WiFi Adaptor. When I plugged in a TP-Link USB/WiFi Adaptor and logged on to the WMT Antenna using that, the DNS functionality was OK.
Since then I have had multiple conversations with the author of Pistrong. Despite numerous suggestions, nothing seems to work in respect to getting direct access to the Webserver or the DNS Server remotely.
I will have one last attempt to get to the bottom of this through the Linux User Group. There has been one new thing discovered; there doesn't seem to be a route between the VPN Server and the Webserver. It seems to me that would account for the behaviour I'm seeing but I can't see why the routing isn't working at the moment.
So when SSHing into the VPN Server as a stepping stone, we can't ping or SSH into the Webserver? That would confirm that there is no route. Why there wouldn't be a route, I don't know, but the output of
hamishmb wrote: ↑16/04/2022, 17:30So when SSHing into the VPN Server as a stepping stone, we can't ping or SSH into the Webserver? That would confirm that there is no route. Why there wouldn't be a route, I don't know, but the output of
That looks fine, as long as the interface names are right and haven't been swapped somehow.
One thought: why are we using eth* names, instead of the more stable enx******** names that are guaranteed to not change between reboots or hardware changes? Using those in the future might make this easier.
My understanding is that the new-style enx******** names were the default on Raspberry Pi OS nowadays.