New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IP leaks with OpenVPN
I have setup openvpn on my ramnode kvm vps and it works fine in the sense that whatismyaddress shows the VPN IP.I then install nginx and php-fpm on the same server as openvpn but when i do echo $_SERVER['REMOTE_ADDR'];
i get my real ip address not the vpn one
I suspect it has to be do with iptables
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -s 10.8.0.0/24 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
Any help will be appreciated
Comments
this is normal. The vpn server can of course see your public IP because that's how the VPN connection is established. Look at your local routing table and (if you've redirected your gateway) you'll see a routing exception for the vpn servers IP.
(edit: damn autocorrect!)
@tehdan is there a way so that i can get the user "visible" IP.I need to make sure that the user is on VPN while using my site
Dont mind me.
Just talking shit due to lack of sleep.
ipleak.net might help.
@tehdan is right.
@Wolf has no idea about what he's talking about.
@ATHK OP's problem isn't a DNS leak.
@khav your setup is working correctly, don't worry.
@khav do you want your web server only available to vpn users, or is it a public site too?
>
It's not all about DNS... Did click the link at all?
Yes, I know the website. This discussion isn't related to a leak at all.
You'd either have to use a different internal IP address for the VPN users or a 2nd public address.
They need to have a route pointing at the VPN server IP for the VPN to work so naturally any other traffic towards that same IP would bypass the VPN.
"Might" You're a picky bastard aren't you.
Have nginx only listen to the tunnel IP address. Say 10.8.0.1 for example. The first address in the subnet is the one you want. Then you have to run a recursive dns server or forwarder and push that to your users. Say dnsmasq. In dnsmasq config file set your domain name to 10.8.0.1.
nginx:
listen 10.8.0.1:80;
openvpn push dns config:
push "dhcp-option DNS 10.8.0.1" push "dhcp-option DNS 10.8.0.1"
Then install dnsmasq and use this example http://unix.stackexchange.com/a/52942 to map your domain to 10.8.0.1
You may need to add iptables rules to allow traffic to port 53:
iptables -I INPUT -i tun0 -p udp --dport=53 -j ACCEPT iptables -I INPUT -i tun0 -p tcp --dport=53 -j ACCEPT
Or use a second IP dedicated for vpn.