Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


OpenVPN AS as reverse proxy
New on LowEndTalk? Please Register and read our Community Rules.

OpenVPN AS as reverse proxy

I have a dedicated server which I run Proxmox on and I created one container as the OpenVPN Access Server, my idea is to have all the traffic from my public IP:1194 to my OpenVPN Access Server container with the following entry to my host IPTables:

iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 1194 -j DNAT --to 10.10.0.2:1194

And then use this as a reverse proxy to access the resources on other containers in the physical server (all other containers have private IP that are in the 10.10.0.1~10.10.0.10 range)

In the OpenVPN AS configuration, I have the OpenVPN to be in the 172.27.0.0/20 network, however I have, in the "Specify the private subnets to which all clients should be given access (one per line):" option, specified 10.10.0.0/24

My PC could connect to OpenVPN AS server without any issue, and the IP address shown is the public IP of the server (verified by Googling what's my IP).

However I could not browse to other containers even though I managed to get a proper response via curl on the OpenVPN AS (hence my OpenVPN AS server is connected to the internal subnet and there is no problem with the destination container).

Anyone could give me some idea/help?

Or even better, is there an easier solution that would allow me to do accomplish what I'd like to do (and work on not just PCs but Android devices as well and not only for web response but get access to the internal network in general)?

Comments

  • Have you setup IPv4 forwarding? May be that will solve this issue.

    /etc/sysctl.conf:
    net.ipv4.ip_forward = 1
    sysctl -p /etc/sysctl.conf

    Thanked by 1spammy
  • spammyspammy Member

    @hostcircle said:
    Have you setup IPv4 forwarding? May be that will solve this issue.

    /etc/sysctl.conf:
    net.ipv4.ip_forward = 1
    sysctl -p /etc/sysctl.conf

    Thanks, forgot to mention I've done that as well...I used sysctl -p to reload but I'll check to see your command would work better

  • spammyspammy Member

    I have tried to enable net.ipv4.ip_forward = 1 on both the host and the VPN container with no luck. However one thing I found very interesting is when my VPN is connected to the OpenVPN AS container, it is unable to connect to the other container with the web server installed, however as soon as I disconnect the OpenVPN session on my phone, ping and curl both works from the OpenVPN AS container to the container with the webserver:

    >  ping 10.10.0.3
    
    PING 10.10.0.3 (10.10.0.3) 56(84) bytes of data.
    64 bytes from 10.10.0.3: icmp_seq=54 ttl=63 time=0.049 ms
    From 10.10.0.254: icmp_seq=55 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=55 ttl=63 time=0.079 ms
    From 10.10.0.254: icmp_seq=56 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=56 ttl=63 time=0.071 ms
    From 10.10.0.254: icmp_seq=57 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=57 ttl=63 time=0.078 ms
    From 10.10.0.254: icmp_seq=58 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=58 ttl=63 time=0.059 ms
    From 10.10.0.254: icmp_seq=59 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=59 ttl=63 time=0.066 ms
    64 bytes from 10.10.0.3: icmp_seq=60 ttl=63 time=0.046 ms
    From 10.10.0.254: icmp_seq=61 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=61 ttl=63 time=0.065 ms
    64 bytes from 10.10.0.3: icmp_seq=62 ttl=63 time=0.076 ms
    64 bytes from 10.10.0.3: icmp_seq=63 ttl=63 time=0.033 ms
    From 10.10.0.254: icmp_seq=64 Redirect Host(New nexthop: 10.10.0.3)
    64 bytes from 10.10.0.3: icmp_seq=64 ttl=63 time=0.046 ms
    64 bytes from 10.10.0.3: icmp_seq=65 ttl=63 time=0.056 ms
    64 bytes from 10.10.0.3: icmp_seq=66 ttl=63 time=0.064 ms
    64 bytes from 10.10.0.3: icmp_seq=67 ttl=63 time=0.075 ms
    64 bytes from 10.10.0.3: icmp_seq=68 ttl=63 time=0.057 ms
    ^C
    --- 10.10.0.3 ping statistics ---
    68 packets transmitted, 15 received, 77% packet loss, time 68562ms
    rtt min/avg/max/mdev = 0.033/0.061/0.079/0.014 ms
    

    Wondering if that helps to solve any mystery?

  • nobizzlenobizzle Member
    edited July 2018

    Have you set the following in your server.conf?

    push "route 10.10.0.0 255.255.255.0"
    client-to-client
    
    Thanked by 1spammy
  • lemonlemon Member

    I struggled with this too, so I just installed openvpn on the proxmox host itself.

  • spammyspammy Member

    @nobizzle said:
    Have you set the following in your server.conf?

    push "route 10.10.0.0 255.255.255.0"
    client-to-client
    

    I am running OpenVPN AS (Access Server)...does it also have a server.conf somewhere?

  • @spammy said:

    @nobizzle said:
    Have you set the following in your server.conf?

    push "route 10.10.0.0 255.255.255.0"
    client-to-client
    

    I am running OpenVPN AS (Access Server)...does it also have a server.conf somewhere?

    Sorry.. must have missed that. I'm out.

Sign In or Register to comment.