New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Connecting to Webserver on VPN Client
Hi,
I have a (probably) stupid question. I'm running a simple kvm vps with a dedicated ip. connecting to it from some random machine is possible via ssh. now when i connect the vps to a openvpn server, it is not possible to connect the vps on any port from outside the vpn. Lets say I want to run a webserver on the vps which should be reachable from the internet while the vps is also being connected to a openvpn server. (via systemd [email protected], if thats important). so port 80 and 443 should be reachable from the internet.
thanks in advance.
Comments
Check if you’re using the vpn’s gateway. Check of your services are bound to your vpn’s ip range or to 0.0.0.0 if you want them available as well without vpn. First thoughts.
Bind the vhost to the internal IP you get from the openvpn host.
http://httpd.apache.org/docs/current/en/bind.html
how do i set the vpns gateway? the services are not bound. i'll need to make sure, that the vpn traffic OUTSIDE of any vpn clients is still being masqueraded..
run a traceroute from your VPS to the Internet to see how it is being routed, I suspect it is routing via the VPN server.
thanks for your answers. actually i was expecting someone to give a tangible example of how to do that. The problem is, I don't want to "open" the routing in such a way, that connected clients are leaking the real ips. So is there any advice on how to set up the route for a certain interface and certain ports only.. i'm just stuck with this
Very likely routing related. Try adding something like
pull-filter ignore "route "
(route-nopull
orroute-noexec
might also be worth a try) to your OpenVPN (i guess that's what your using) client config and see if that helps. If it does all you have to is set some sane routes otherwise your VPN is probably not goign to do much.OK, here's a tangible and probably working example. Run the following commands before connecting to the VPN server, and you should be good to go.
edit: Note, this will probably make your web server only accessible "outside" the VPN.
Cool, thank you.. I realised before, that there will be one day I regret not being more into sed Can you probably describe what's happening in the first line?
I'll try that. Found something comparable via google before but didn't really understand it. iptables, sed.. a lot to learn
thanks again!
sed is really just a text editor, and that should be your least concern in this case.
The first line adds
ip r r t 1
to each line of the output of commandip r
and runs these new lines as commands. For example, if there is a linedefault via 10.0.0.1 dev eth0
in theip r
output, it runsip r r t 1 default via 10.0.0.1 dev eth0
.See, you can simply achieve this by copy-paste with a notepad, without bothering learning sed. However, in order to understand how policy routing works, you might need to learn more about Linux networking.
ok.. took some time. but still didn't quite get it. but actually, after googleing again i finally found the solution i was looking for.
on my nginx vps, which is connected via openvpn, i just added two lines to the client config
problem solved. thanks
now i'm just using iptables to block all non needed ports accordingly.
Do test from several locations, see if it works.. I think it will work only for <50% of the whole Internet. ..
If you really want a solution, I think it'd be best to post network diagram along with all configurations both on server and client so people can get full detail before responding.