Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to access server resources with OpenVPN connection.
New on LowEndTalk? Please Register and read our Community Rules.

How to access server resources with OpenVPN connection.

First post - I apologize if I'm missing something obvious.

I have an OpenVZ container running Ubuntu 12.04, CSF and OpenVPN-AS. I also have some apps running on various ports (8081, 9090, etc). As of right now I have configured CSF to open those ports publicly so I can access them, however my hope was to shut off access to those with the firewall and require an OpenVPN connection to access them. That's where I'm stuck. I can connect via OpenVPN, my traffic is tunneled (I can see that my WAN IP has changed) but I can't figure out how to access those apps while connected.

I know my VPS's WAN IP address, I know the IP address OpenVPN assigns to me, but what am I suppose to use to access resources running on the VPS while connected?

Any pointers would be appreciated, and again sorry if it's something simple.

Comments

  • SilvengaSilvenga Member
    edited March 2014

    Everyone has questions. I am assuming that WAN in this context means the Internet. Try connecting with the IP address of the OpenVPN server interface (default'ish 10.8.0.1). Or try ipconfig to find the address.

    Here's an example of my output.

    eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX
              inet addr:X.X.X.X  Bcast:X.X.X.X  Mask:255.255.252.0
              inet6 addr: X.X.X.X/64 Scope:Link
              inet6 addr: X.X.X.X/64 Scope:Global
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:1080710 errors:0 dropped:0 overruns:0 frame:0
              TX packets:646124 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:  TX bytes:
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:65536  Metric:1
              RX packets:418183 errors:0 dropped:0 overruns:0 frame:0
              TX packets:418183 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:  TX bytes:
    
    tap0      Link encap:Ethernet  HWaddr XX:XX:XX:XX
              inet addr:10.8.0.1  Bcast:10.8.0.255  Mask:255.255.255.0
              inet6 addr: X.X.X.X/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:202280 errors:0 dropped:0 overruns:0 frame:0
              TX packets:192056 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              RX bytes:  TX bytes:
    

    Your interface will be called tap0 or tun0. Then take a look at inet addr:. Mine is 10.8.0.1.

  • Thanks for your reply Silvenga. So I ran ifconfig:

    as0t0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.0.1  P-t-P:5.5.0.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:744 errors:0 dropped:0 overruns:0 frame:0
              TX packets:727 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:92385 (92.3 KB)  TX bytes:187186 (187.1 KB)
    
    as0t1     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.2.1  P-t-P:5.5.2.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    as0t2     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.4.1  P-t-P:5.5.4.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    as0t3     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.6.1  P-t-P:5.5.6.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    as0t4     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.8.1  P-t-P:5.5.8.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:3992 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4393 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:474978 (474.9 KB)  TX bytes:3905408 (3.9 MB)
    
    as0t5     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.10.1  P-t-P:5.5.10.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    as0t6     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.12.1  P-t-P:5.5.12.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    as0t7     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:5.5.14.1  P-t-P:5.5.14.1  Mask:255.255.254.0
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:200
              RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:4723 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4723 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:632469 (632.4 KB)  TX bytes:632469 (632.4 KB)
    
    venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.                             255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
              RX packets:10854 errors:0 dropped:0 overruns:0 frame:0
              TX packets:10595 errors:0 dropped:209 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:2716184 (2.7 MB)  TX bytes:4564181 (4.5 MB)
    
    venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                             -00
              inet addr:xxx.xxx.xxx.xxx  P-t-P:xxx.xxx.xxx.xxx  Bcast:0.0.0.0  Mask:255.                             255.255.255
              UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
    

    I assume mine is a bit different than yours because I'm running OpenVPN-AS - but I started testing out some of the IPs found in the results and landed on 5.5.0.1 - with that address I can connect to all of the ports I want while connected via OpenVPN. Does that make sense? It's a fresh VPS and I just followed the very simple steps at: https://www.digitalocean.com/community/articles/how-to-install-openvpn-access-server-on-ubuntu-12-04 to set up OpenVPN-AS. Just want to get a second opinion on whether this is typical or if something went haywire with my setup.

    Thanks again for the help.

  • Wouldn't it be easier to SSH tunnel? Or are you using a VPN for data encryption?

  • Yeah SSH tunnel works fine, that's what I was using. I setup OpenVPN primarily to be used for encryption/privacy but I like the convenience of also being able to connect to the services on the VPS server while connected.

  • @hursey013 said:
    Yeah SSH tunnel works fine, that's what I was using. I setup OpenVPN primarily to be used for encryption/privacy but I like the convenience of also being able to connect to the services on the VPS server while connected.

    That's what I assumed, encryption purposes.

  • Unrelated: It's bad to use public IP space for private networking.

  • Rallias said: Unrelated: It's bad to use public IP space for private networking.

    Yeah I installed an older version of OpenVPN-AS that used 5.5.16.0/20 for clients - I guess later versions use 172.27.240.0/20. Just updated it, thanks for pointing that out.

  • Rallias said: Unrelated: It's bad to use public IP space for private networking.

    Yeah, my anti-spam is still blocking the 5.0.0.0 block (was a private'ish subset). Still need to fix that - although all I get is spam from those address.

    Everything should look a bit different. I ran ifconfig on my personal box, and you ran it on a OpenVZ container.

    The interface as0t0 appears to be the root of the private network. The other 6 shouldn't be needed (just allocated by AS for scalability). The 5.5.0.1 address appears to be correct (hopefully now it's in one of the private subsets). Make sure you set up the Firewall correctly (not all firewalls run correctly on OpenVZ).

    Everything looks good and welcome to LowEndTalk!

  • hursey013hursey013 Member
    edited March 2014

    Thank you all for the help.

    So, just in case anyone needs to know this in the future...

    While running OpenVPN-AS version 2.0 or greater, the default IP address of the access server is 172.27.224.1. For earlier version of OpenVPN-AS, the address is 5.5.0.1.

Sign In or Register to comment.