We have a field office behind several layers of NAT routers... which means requests can go OUT from browsers but no fixed IP is possible for INCOMING requests because of the layered NATS... which we dont control. The reason for all the NATS is because they relay wireless signals from pole to pole through rough terrain... over mountains etc.
ie
Internet-- NAT -- NAT -- NAT -- remote field office.
So the idea was that we VPN out to a SP with the VPN server their side and a fixed IP address and then the client side (the field office will see the fixed IP in the TUN) and effectively that gives the field office a fixed IP and we can run a web server in the office.
It almost worked... kinda... we found a company called StrongVPN that advertize that they provide fixed IP for VPN clients...
They use Open VPN... we setup a Debian box at the remote office and sure enough... requests come in from the internet and find the server.
BUT there is a problem somewhere that neither we nor Strong VPN know how to solve... when we connect to the server... our web server seems to see every request on the StrongVPN network... http requests, about a 1000 a second hit our Apache server, looking for all sorts of domain names from linkln to sex8 to you name it... in other words its like every request destined for other web servers on the StrongVPN (also called Reliable Hosting) is flying down the TUN pipe and hitting our server which naturally rejects them... and at a 1000 a second... there is not much speed left in that pipe for anything else.
They say they cant help... we must not run a web server... and the service seems geared at people in corporates trying to get to juicy private sites from inside firewalls... where in contrast we are tryng to get the web connected to an office... ie we reversing the role of sever and client.
Like I said... its almost working but its flooding our web server...
I think that the TUN to us is acting as a gateway on the server side and there is a routing problem as StrongVPN and Reliable Hosting... and its sending everything to the client... which our server sees and tries to answer...
Now I ask the experts... is this possible... can this be done properly?
If anyone provides this service... let me know if you can do it.
And what do you guess is the problem with the flooding? StrongVPN doesnt seem to know? Perhaps they do know but they geared for the porn site surfers that are breaking out, not in so to speak.
Unfortuantely I could only show you the client side that they gave us... I dont know what is happening on the server side.
Incidently... there is a huge market for this... almost every town in Argentina is behind layers of NAT routers which means NO businesses have fixed IP... and cannot run servers. Its a third world solution, if it works.
Hope some VPN expert out there knows the answer... and or provides the service...
Thanks Bob
Web Server Behind Client With Fixed IP on Server End
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Aug 27, 2015 5:19 am
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Web Server Behind Client With Fixed IP on Server End
First:
This forum does not provide support for StrongVPN
Second:
This forum does not provide support for international network infra-structure.
Third:
This Board "Forum and Website Support" is for The OpenVPN Forum and Website.
You could have at least put this in way off Topic ...
If you restart this thread in Off Topic I will be interested to understand more.
This forum does not provide support for StrongVPN
Second:
This forum does not provide support for international network infra-structure.
Third:
This Board "Forum and Website Support" is for The OpenVPN Forum and Website.
You could have at least put this in way off Topic ...
If you restart this thread in Off Topic I will be interested to understand more.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Web Server Behind Client With Fixed IP on Server End
* Kindly moved by Micheal *
First question .. do you use OpenVPN on your server ?
First question .. do you use OpenVPN on your server ?
-
- OpenVpn Newbie
- Posts: 3
- Joined: Thu Aug 27, 2015 5:19 am
Re: Web Server Behind Client With Fixed IP on Server End
Yes... the technology being used is OPENVPN... thats why I am here asking the question...
The problem is I am not sure OPENVPN can do it because the Server Side is currently in a Service Provider who seems to be struggling or unwilling to make it work correctly... so I am asking the OpenVPN experts if they think it can be done?
STRONG VPN is not a competing software product... its a service provider that uses OPENVPN!
ie
FIXED IP ADDRESS -- OPENVPN SERVER ---NATS--- OPENVPN CLIENT --- WEB SERVER
OPEN VPN client connects to OPEN VPN. It gets fixed IP address... server then uses it.
Now we are the office end... we use debian OPENVPN and Apache... at it works.
BUT its seeing every web request on the server side and is flooding with requests.... ie the web server at the client side seems to see every web request on the service provider network... we don know why... the service provider doesnt know why.
Now if it can be done and the SP can do it... the we will host a OPENVPN server somewhere and do this thing ourselves... and being in the OPENVPN forum... I imagine there are people here that could do that.
This is ALL about OPENVPN and whether it can do this... if you reaad the article carefully... but we have a problem now, and I'm trying to explain that its a reversal of CLIENT and SERVER roles... actually very interesting if you take the time to read it.
The problem is I am not sure OPENVPN can do it because the Server Side is currently in a Service Provider who seems to be struggling or unwilling to make it work correctly... so I am asking the OpenVPN experts if they think it can be done?
STRONG VPN is not a competing software product... its a service provider that uses OPENVPN!
ie
FIXED IP ADDRESS -- OPENVPN SERVER ---NATS--- OPENVPN CLIENT --- WEB SERVER
OPEN VPN client connects to OPEN VPN. It gets fixed IP address... server then uses it.
Now we are the office end... we use debian OPENVPN and Apache... at it works.
BUT its seeing every web request on the server side and is flooding with requests.... ie the web server at the client side seems to see every web request on the service provider network... we don know why... the service provider doesnt know why.
Now if it can be done and the SP can do it... the we will host a OPENVPN server somewhere and do this thing ourselves... and being in the OPENVPN forum... I imagine there are people here that could do that.
This is ALL about OPENVPN and whether it can do this... if you reaad the article carefully... but we have a problem now, and I'm trying to explain that its a reversal of CLIENT and SERVER roles... actually very interesting if you take the time to read it.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Web Server Behind Client With Fixed IP on Server End
My time is limited.BobSpar wrote:actually very interesting if you take the time to read it.
Put a firewall in place. (*1)BobSpar wrote:BUT its seeing every web request on the server side and is flooding with requests
(*1) I shall explain that:
- You want to run a web server
- You want to connect to the web server over a VPN
- Your web server is not for public services it is for private use
- Correct me on this if I am wrong
- Stop unsolicited connections with a firewall