Access to a Raspberry behind a 4G router through a VPN tunnel

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
AleiZ
OpenVpn Newbie
Posts: 1
Joined: Thu Aug 23, 2018 8:54 pm

Access to a Raspberry behind a 4G router through a VPN tunnel

Post by AleiZ » Thu Aug 23, 2018 9:23 pm

Hi,

I would like to have some help with my configuration.

I tried to show it here after:
Image

I own a Raspberry with a web server (for domotics). This Raspberry is located in a house where internet access is provided using a 4G router (mobile phone 4G provider which do not provide a public IP).
Then in order to access to the Rapsberry, I installed an OpenVPN server on a remote area which has a public fixed IP. The Raspberry has an OpenVPN client configured to connect to the server.

On the picture:
Freebox (ADSL router)
- Has a fixed WAN IP WAN. Let's call it "BOX_WAN_IP"
- Has a LAN IP: 192.168.1.254
- Has an OpenVPN configured in bridge
- Has port redirection of the 80 port to the 80 port of 192.168.1.101 (tap0 IP of the Raspberry) . I represented it with the orange circle.

Raspberry:
- Behing a 4G router without public IP
- OpenVPN client connected to the Freebox VPN server
- Web server configured on port 80

VPN tunnel:
Seems to be working well.
On the server I see 1 client connected;
When I use a computer located on the LAN network of the freebox, I can access to the Raspberry web server:
- using http://192.168.1.101 which show the VPN tunnel is OK
- using http://BOX_WAN_IP which let me think port redirection is also OK

What does not work:

I would like to use a mobile (without openVPN client) anywhere (for example connected to internet with 4G) and to access to the Rapsberry web server. I though that with my configuration typing http://BOX_WAN_IP would work (link in green in my drawing) but it does not.

Do know what is wrong with my configuration ?

;)

franckgar
OpenVpn Newbie
Posts: 2
Joined: Sun Jan 08, 2023 9:51 pm

Re: Access to a Raspberry behind a 4G router through a VPN tunnel

Post by franckgar » Sun Jan 08, 2023 9:52 pm

Hello
the subject is interesting. Do you find a solution ?
tks

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Access to a Raspberry behind a 4G router through a VPN tunnel

Post by openvpn_inc » Tue Jan 10, 2023 10:03 pm

Hello franckgar,

Quite a way to resurrect a really really old and dead topic from the forums. But since apparently it didn't have an answer, and probably Google brought you here... there's a couple of ways with our products to do this.

1. OpenVPN Access Server with DMZ gateway functionality

You set up Access Server somewhere that has a public IP. In the admin web interface of the Access Server you can create user accounts for your devices. You connect your device running the web server to the Access Server. This user account will have the DMZ Gateway function enabled, with the public IP and port 80 of the Access Server set there. This will take traffic coming in from the Internet on the Access Server's public IP on port 80, and forward it to the connected device that is configured for DMZ gateway. This means anyone on the Internet can now access that webserver, even if they don't have an OpenVPN client installed, by visiting the public IP of the Access Server on port 80.

2. OpenVPN Access Server client-to-client communication.

You set up Access Server somewhere that has a public IP. In the admin web interface of the Access Server you can create user accounts for your devices. You connect your devices to it. You enabled the inter-client connectivity function in the admin web interface. This allows users connected to the Access Server to communicate with eachother on the internal virtual private network. Now anyone that has a working OpenVPN connection to this server can access the web server internally through the VPN connection.

3. OpenVPN Cloud

You connect your devices to OpenVPN Cloud. By default inter-client connectivity is enabled. Clients connected to your OpenVPN Cloud account can now access the web server internally through the VPN connction.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

franckgar
OpenVpn Newbie
Posts: 2
Joined: Sun Jan 08, 2023 9:51 pm

Re: Access to a Raspberry behind a 4G router through a VPN tunnel

Post by franckgar » Tue Jan 17, 2023 12:45 pm

Tks for answer. Sorry for resurecting the post.
I'll test your solution
regards

mrplc
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 29, 2023 2:03 pm

Re: Access to a Raspberry behind a 4G router through a VPN tunnel

Post by mrplc » Tue Aug 29, 2023 2:09 pm

openvpn_inc wrote:
Tue Jan 10, 2023 10:03 pm
Hello franckgar,

Quite a way to resurrect a really really old and dead topic from the forums. But since apparently it didn't have an answer, and probably Google brought you here... there's a couple of ways with our products to do this.

1. OpenVPN Access Server with DMZ gateway functionality

You set up Access Server somewhere that has a public IP. In the admin web interface of the Access Server you can create user accounts for your devices. You connect your device running the web server to the Access Server. This user account will have the DMZ Gateway function enabled, with the public IP and port 80 of the Access Server set there. This will take traffic coming in from the Internet on the Access Server's public IP on port 80, and forward it to the connected device that is configured for DMZ gateway. This means anyone on the Internet can now access that webserver, even if they don't have an OpenVPN client installed, by visiting the public IP of the Access Server on port 80.

2. OpenVPN Access Server client-to-client communication.

You set up Access Server somewhere that has a public IP. In the admin web interface of the Access Server you can create user accounts for your devices. You connect your devices to it. You enabled the inter-client connectivity function in the admin web interface. This allows users connected to the Access Server to communicate with eachother on the internal virtual private network. Now anyone that has a working OpenVPN connection to this server can access the web server internally through the VPN connection.

3. OpenVPN Cloud

You connect your devices to OpenVPN Cloud. By default inter-client connectivity is enabled. Clients connected to your OpenVPN Cloud account can now access the web server internally through the VPN connction.

Kind regards,
Johan

Thank you very much for the detailed description.

I have followed option1 to set up the access server on AWS, connect one of the PC, which hosts my webserver, to the OpenVPN Server.
But somehow still cannot pin the webserver externally from another PC.

Would you please detail how to setup the DMZ? I found the following link specifically mentioned about the AWS should use the private IP address, I can find the AWS private IP address, but where should I enter this IP address?
https://openvpn.net/vpn-server-resource ... ss-server/

I have been struggling to find a solution to setup a web server over 4G for a long long time. Much appreciated in Advance.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Access to a Raspberry behind a 4G router through a VPN tunnel

Post by openvpn_inc » Sun Oct 08, 2023 3:49 pm

Hello,

I am not sure where the confusion is, the guide is pretty detailed. In the Admin UI go to User Permissions and look up the user that is the client to the Access Server that runs the web server. Go to the DMZ Gateway function and enable it. Enter the private IP found for your AWS instance, and the port information there, as described in the document you linked.

So if your AWS instance has public IP 123.45.67.89 and private IP 10.0.0.3 and you want to open up port 80 TCP on the Access Server to go to this VPN client, enter: 10.0.0.3:tcp/80

Then save and apply the updated configuration.

Then when someone accesses 123.45.67.89 (or 10.0.0.3 in the AWS network itself) on port 80 TCP, then you will reach port 80 TCP on that VPN client. If a web server is running there and no firewalls are blocking it, then access will be granted. And when I say no firewalls are blocking it, also keep in mind that not only can there be a firewall on the VPN client itself, but there can also be one on AWS - you may have to go to Security Groups to open up port 80 TCP and allow it through.

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply