Traffic not encrypted between server and client (only) - OpenVPN

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
snook9@free.fr
OpenVpn Newbie
Posts: 2
Joined: Sun Mar 14, 2021 10:06 pm

Traffic not encrypted between server and client (only) - OpenVPN

Post by snook9@free.fr » Sun Mar 14, 2021 10:08 pm

Hi All!

Network traffic between my VPN server and my clients appears clear (not encrypted). Yet the traffic is well encrypted when clients go on the internet. Tested with wireshark.

I have a VPN server: openvpn.myserver.com. I have a website on the same server: mywebsite.myserver.com I have several clients.

When my client connects to the mywebsite.myserver.com: it seems that the traffic is not going through the VPN. The traffic is visible on wireshark and nginx tells me that the internet IP is used by the client and not the VPN network IP.

Other than this, everything seems to be working fine with my VPN.

Code: Select all

sudo /sbin/iptables -t nat -L POSTROUTING -n --line-number

Code: Select all

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0           
2    MASQUERADE  all  --  172.9.0.0/24         0.0.0.0/0           
3    MASQUERADE  all  --  10.0.0.0/8           0.0.0.0/0           
4    MASQUERADE  all  --  192.168.255.0/24     0.0.0.0/0           
5    MASQUERADE  tcp  --  172.9.0.6            172.9.0.6            tcp dpt:80
7    MASQUERADE  udp  --  172.9.0.2            172.9.0.2            udp dpt:1194

Code: Select all

sudo route -n

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.255.255.1    0.0.0.0         UG    0      0        0 ens192
10.255.255.1    0.0.0.0         255.255.255.255 UH    0      0        0 ens192
172.9.0.0       0.0.0.0         255.255.255.0   U     0      0        0 br-7f61684f857e
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.255.0   172.9.0.2       255.255.255.0   UG    0      0        0 br-7f61684f857e
My OpenVPN running with Docker. OpenVPN subnet is : 192.168.255.0/24 Docker bridge is : 172.9.0.0/24 OpenVPN Ip adresse is : 192.168.255.2 and 172.9.0.2 on docker network bridge.

My host server use : 172.9.0.1.

My clients use : 192.168.255.3

Anyone have an idea?

Than you in advance.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8888
Joined: Fri Jun 03, 2016 1:17 pm

Re: Traffic not encrypted between server and client (only) - OpenVPN

Post by TinCanTech » Sun Mar 14, 2021 10:52 pm


snook9@free.fr
OpenVpn Newbie
Posts: 2
Joined: Sun Mar 14, 2021 10:06 pm

Re: Traffic not encrypted between server and client (only) - OpenVPN

Post by snook9@free.fr » Tue Mar 16, 2021 8:14 am

Solved!
https://serverfault.com/questions/85865 ... -server-ip


This is a routing problem.

In order to establish and maintain a connection to your VPN, your VPN client must have a route route to the address you are using on the server for incoming VPN connections. Assuming standard routing, this means anything destined for the same IP used VPN server will directly cross the Internet.

Options.


- The short basic answer is get and use separate IP address for your VPN server. Don't use the same IP you use for your VPN for anything else.

- Setup some a DNS server on your VPN host and and deliver records for the hosted sites map to internal IP addresses when you are connected.

- If you are running Linux as your client then you could mess around with policy routing and multiple tables, and send only 1194 traffic through the standard table, and port http/https traffic over the VPN.

Post Reply