I am trying to get external access to update my self-hosted websites through my self-hosted vpn. The sites are locked to accept certain ip ranges, which is fine for updating when I'm on my home network. However, I wanted to be able to VPN into the network to update them.
For some reason, whenever I use my VPN the server sees my ip as my original public one rather than either an internal address assigned by the VPN or as the web-facing address of the server.
Ideally I want to be able to whitelist the VPN assigned internal addresses, but the server (in this case Apache) only sees the original ip of the connecting machine, which is a bit useless as it's dynamic.
Clients show the correct ip when accessing the web and all client traffic is set to direct through the VPN.
Any advice greatly appreciated!
VPN access to ip-secured .htaccess file
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 1
- Joined: Sun Mar 19, 2017 9:40 am
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: VPN access to ip-secured .htaccess file
Jera wrote:Clients show the correct ip when accessing the web and all client traffic is set to direct through the VPN
That is how --redirect-gateway works .. it is explained in the manual.Jera wrote:For some reason, whenever I use my VPN the server sees my ip as my original public one rather than either an internal address assigned by the VPN or as the web-facing address of the server.
Try using the VPN address of the server.
-
- OpenVpn Newbie
- Posts: 11
- Joined: Tue Jul 11, 2023 1:29 pm
Re: VPN access to ip-secured .htaccess file
Try whitelist VPN-assigned internal IP addresses in your .htaccess
Note: If you're not using a reverse proxy or the X-Forwarded-For header is not being set correctly, you may need to adjust the code accordingly or investigate other options for passing the client's internal IP address to Apache.
Code: Select all
SetEnvIf X-Forwarded-For "^10\.8\." VPN
SetEnvIf X-Forwarded-For "^192\.168\." VPN
<RequireAll>
Require all granted
Require env VPN
</RequireAll>