Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

IP leaks with OpenVPN
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IP leaks with OpenVPN

khavkhav Member
in Help

I have setup openvpn on my ramnode kvm vps and it works fine in the sense that whatismyaddress shows the VPN IP.I then install nginx and php-fpm on the same server as openvpn but when i do echo $_SERVER['REMOTE_ADDR']; i get my real ip address not the vpn one

I suspect it has to be do with iptables

-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Any help will be appreciated

Comments

  • tehdantehdan Member
    edited January 2016

    this is normal. The vpn server can of course see your public IP because that's how the VPN connection is established. Look at your local routing table and (if you've redirected your gateway) you'll see a routing exception for the vpn servers IP.

    (edit: damn autocorrect!)

    Thanked by 1khav
  • khavkhav Member

    @tehdan is there a way so that i can get the user "visible" IP.I need to make sure that the user is on VPN while using my site

  • WolfWolf Member
    edited January 2016

    Dont mind me.

    Just talking shit due to lack of sleep.

  • ATHKATHK Member

    ipleak.net might help.

  • NyrNyr Community Contributor, Veteran
    edited January 2016

    @tehdan is right.

    @Wolf has no idea about what he's talking about.

    @ATHK OP's problem isn't a DNS leak.

    @khav your setup is working correctly, don't worry.

    Thanked by 2tehdan TheKiller
  • tehdantehdan Member

    @khav do you want your web server only available to vpn users, or is it a public site too?

  • ATHKATHK Member

    @Nyr said:

    >

    ATHK OP's problem isn't a DNS leak.

    It's not all about DNS... Did click the link at all?

  • NyrNyr Community Contributor, Veteran

    @ATHK said:
    It's not all about DNS... Did click the link at all?

    Yes, I know the website. This discussion isn't related to a leak at all.

  • dragon2611dragon2611 Member

    You'd either have to use a different internal IP address for the VPN users or a 2nd public address.

    They need to have a route pointing at the VPN server IP for the VPN to work so naturally any other traffic towards that same IP would bypass the VPN.

  • ATHKATHK Member

    @Nyr said:
    Yes, I know the website. This discussion isn't related to a leak at all.

    "Might" You're a picky bastard aren't you.

  • AbdussamadAbdussamad Member
    edited January 2016

    khav said: is there a way so that i can get the user "visible" IP.I need to make sure that the user is on VPN while using my site

    Have nginx only listen to the tunnel IP address. Say 10.8.0.1 for example. The first address in the subnet is the one you want. Then you have to run a recursive dns server or forwarder and push that to your users. Say dnsmasq. In dnsmasq config file set your domain name to 10.8.0.1.

    nginx:

    listen 10.8.0.1:80;

    openvpn push dns config:

    push "dhcp-option DNS 10.8.0.1" push "dhcp-option DNS 10.8.0.1"

    Then install dnsmasq and use this example http://unix.stackexchange.com/a/52942 to map your domain to 10.8.0.1

    You may need to add iptables rules to allow traffic to port 53:

    iptables -I INPUT -i tun0 -p udp --dport=53 -j ACCEPT iptables -I INPUT -i tun0 -p tcp --dport=53 -j ACCEPT

  • patrick7patrick7 Member, LIR

    Or use a second IP dedicated for vpn.

Sign In or Register to comment.