Secure LAN www server with VPN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
doman
OpenVpn Newbie
Posts: 18
Joined: Mon Mar 20, 2017 2:51 pm

Secure LAN www server with VPN

Post by doman » Mon Mar 20, 2017 3:26 pm

Hello everybody!
I have setup small www server machine based on debian for testing purposes. It has main interface eth0 with IP 192.168.0.210 on which there is our project set (Apache is set on this IP). Me and my coworker have access to it from 192.168.0.x adresses. Ive also set second eth0:0 interface with 192.168.0.200 on this server without any services on it yet.
Recently we got public static IP. On our router (192.168.0.1 which is also defalut gateway and DHCP sever) I forwarded port 80 from outside to 192.168.0.210 so now outside users can access WWW server.

Now i want to secure this outside connection with VPN so all outside traffic from router to sever would be forwarded trough VPN server. The plan is:

1. Set up OpenVPN on 192.168.0.200
2. Set forwarding on router -> outside IP A.B.C.D:80 to 192.168.0.200:1194
3. Set OpenVPN redirections to 192.168.0.210 where actual server is.

This way LAN users (me and my coworker) would connect to 210 without any hassle (directly) but all incomming trafiic from 192.168.0.1 (router) to 192.168.0.210:80 would have to go trough OpenVPN (192.168.0.200).

Questions
A. Is it good approach?
B. Steps 1 and 2 are easy, building certificates seems easy as well but im confused how to make redirections. I have some basic knowedge about IPTABLES and Ive read and watch on youtube some tutorials about setup OVPN for example...

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8

which seems quite straightforward but all of them showing how to just pass ALL traffic to ALL internet trough OVPN, or make redirections for gateways not SPECIFIC IP to another SPECIFIC IP. How to do this?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Secure LAN www server with VPN

Post by TinCanTech » Mon Mar 20, 2017 10:23 pm

doman wrote:Questions
A. Is it good approach?
No.

Comments welcome:

doman
OpenVpn Newbie
Posts: 18
Joined: Mon Mar 20, 2017 2:51 pm

Re: Secure LAN www server with VPN

Post by doman » Tue Mar 21, 2017 3:05 pm

Ok thanks. Ive just followed tutorial and setup it with classic way.

Post Reply