Port Forwarding by SQL
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 07, 2012 11:35 am
Port Forwarding by SQL
Hi all,
(I'm French sorry for by bad English)
I try to open port with OpenVPN i explain (port forwarding client).
We have a intranet with user and password to connect to VPN.
We want to open some port choosen by user:
Exemple :
Client 1 want to open port 10000
Client 2 want to open port 20000
How can we do that ?
Values 10000 and 20000 is accessible on a Msql database, but how can I transfer this parameter to VPN server when the client connect, and forwarding the correct port by client ?
I see a subject here but not exactly what we want : topic7823.html
How can i proceed ?
Something like that :
iptables -t nat -A PREROUTING -p tcp --dport 1234 -j DNAT --to-destination 10.66.66.6
iptables -A FORWARD -s 10.66.66.6 -p tcp --dport 1234 -j ACCEPT
But how can i know if client 1 is 10.66.66.6 or something else ?
(I'm French sorry for by bad English)
I try to open port with OpenVPN i explain (port forwarding client).
We have a intranet with user and password to connect to VPN.
We want to open some port choosen by user:
Exemple :
Client 1 want to open port 10000
Client 2 want to open port 20000
How can we do that ?
Values 10000 and 20000 is accessible on a Msql database, but how can I transfer this parameter to VPN server when the client connect, and forwarding the correct port by client ?
I see a subject here but not exactly what we want : topic7823.html
How can i proceed ?
Something like that :
iptables -t nat -A PREROUTING -p tcp --dport 1234 -j DNAT --to-destination 10.66.66.6
iptables -A FORWARD -s 10.66.66.6 -p tcp --dport 1234 -j ACCEPT
But how can i know if client 1 is 10.66.66.6 or something else ?
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Port Forwarding by SQL
Using common certificate name and ccd files you can assign static IPs from VPN pool to any client.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 07, 2012 11:35 am
Re: Port Forwarding by SQL
Hi Mimiko,
Thanks for the response,
My config file is this one:
What do i have to add ? to redirect one port for exemple i want to have the same IP for both client but two different port open.
(I need a script because is for thousand of person)
Client 1 and Client 2 have IP adresse 10.20.30.40
But Client 1 have port 10000 open for him
and Client 2 have port 20000 open for him
Is it possible and if yes How ?
thanks a lot
Thanks for the response,
My config file is this one:
Code: Select all
local 82.x.x.x
proto tcp
port 443
dev tun
mode server
tls-server
ca ca.crt
cert server.crt
key server.key
tls-auth ta.key 0
dh dh2048.pem
mssfix 1500
cipher AES-256-CBC
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
script-security 2
chroot /empty
(I need a script because is for thousand of person)
Client 1 and Client 2 have IP adresse 10.20.30.40
But Client 1 have port 10000 open for him
and Client 2 have port 20000 open for him
Is it possible and if yes How ?
thanks a lot
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Port Forwarding by SQL
In the server's config you have
How you are differentiating which is client 1 and which is client2 ?client-cert-not-required
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 07, 2012 11:35 am
Re: Port Forwarding by SQL
With this line :
Client1 have :
username : client1
password : pass1
and Client2 have
username : client2
password : pass2
Code: Select all
username-as-common-name
username : client1
password : pass1
and Client2 have
username : client2
password : pass2
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Port Forwarding by SQL
Then read this: http://openvpn.net/index.php/open-sourc ... tml#policy
and assign via ccd to every client its IP and with iptables route the desired port to needed IP.
and assign via ccd to every client its IP and with iptables route the desired port to needed IP.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 07, 2012 11:35 am
Re: Port Forwarding by SQL
Thanks,
But i would like to know how can i know what is the IP adresse of the Client who's connecting ?
And do a script like that:
iptables -t nat -A PREROUTING -p tcp --dport 10000 -j DNAT --to-destination IP_CLIENT
iptables -A FORWARD -s IP_CLIENT -p tcp --dport 10000 -j ACCEPT
But i have to know, how to retrieved :
IP_CLIENT
But i would like to know how can i know what is the IP adresse of the Client who's connecting ?
And do a script like that:
iptables -t nat -A PREROUTING -p tcp --dport 10000 -j DNAT --to-destination IP_CLIENT
iptables -A FORWARD -s IP_CLIENT -p tcp --dport 10000 -j ACCEPT
But i have to know, how to retrieved :
IP_CLIENT
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Port Forwarding by SQL
Read the manual for this:
ifconfig_pool_remote_ip
The remote virtual IP address for the TUN/TAP tunnel taken from an --ifconfig-push directive if specified, or otherwise from the ifconfig pool (controlled by the --ifconfig-pool config file directive). This option is set on the server prior to execution of the --client-connect and --client-disconnect scripts.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 07, 2012 11:35 am
Re: Port Forwarding by SQL
So to confirm i understand english well^^
IP_CLIENT = ifconfig_pool_remote_ip ?
So i have to add into server.conf :
And i put : clientconnect.sh
but question how do I know Client 1 is port 10000 and Client2 is port 20000 ?
IP_CLIENT = ifconfig_pool_remote_ip ?
So i have to add into server.conf :
Code: Select all
client-connect /etc/openvpn/clientconnect.sh
client-disconnect /etc/openvpn/clientdisconnect.sh
Code: Select all
#!/bin/bash
PORT = 10000 ??
iptables -A FORWARD -p tcp -i eth0 -d $ifconfig_pool_remote_ip --dport $PORT -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d $ifconfig_local --dport $PORT -j DNAT --to-destination $ifconfig_pool_remote_ip:$PORT
-
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Jan 07, 2012 11:35 am
Re: Port Forwarding by SQL
No response ?
- Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Port Forwarding by SQL
You have to create a simple csv file where you will put the client-port concordance, for example:
where first column is cname of the client and second is the port. Then in the script files you read this file untill the respective client cname and use the port number in iptables command. The common_name variable in the connect and disconnect scripts holds the cname of the client.client1,10000
client2,20000