Accessing machine when connected over VPN.

[majkelos]

Hi everybody,

i have a bit of situation with my vpn connection and i'm wondering if there is any solution for me.

Currently i have the router conected to the internet. It is running on 192.168.100, to the router there are connected some machines - eg. 192.168.100.101/102/103. One of the machines at this time i configure so it can be accessed from the internet (i set up port forwarding on my router), so eg. if i go MYADDRESS.dyndns.org:8000 i can access to whatever is at this machine under this port. From the local network i can obviously access like: 192.168.100.101:8000 or machine_name:8000.

Now when i configure vpn connection on this machine (for privacy reasons - i'm using hidemyass), the machine changes it's IP and it's working ok. I can access the machine from the local network eg: 192.168.100.101:8000 or machine_name:8000, but i cannot acces the machine from the internet like: MYADDRESS.dyndns.org:8000. When i try to do this there is no connection. Any ideas how to deal with this one, or even whether it is even possible?\

Just for a record machine i'm talking about is NAS drive running linux on it.

Thanbk you all

[maikcat]

hi there,

Now when i configure vpn connection on this machine (for privacy reasons - i'm using hidemyass), the machine changes it's IP and it's working ok. I can access the machine from the local network eg: 192.168.100.101:8000 or machine_name:8000, but i cannot acces the machine from the internet like: MYADDRESS.dyndns.org:8000. When i try to do this there is no connection. Any ideas how to deal with this one, or even whether it is even possible?\

if the vpn changes the default gateway of your NAS then you will have the above problem...

Michael.

[majkelos]

Ok so let me re cap again - i have made some action in this regards:

I have my goflex with archlinux installed on it. The NAS is connected to the router (router IP is 192.168.100.1)- the NAS IP is 192.168.100.107.

I have the dyndns established so i can connect remotely to my NAS via dlinkddns address. On my router there is the port forwarding set up so all the packets are reaching the NAS and i can use PyLoad and other similar services.

Now i want to establish the openvpn connection from my GoFlex so all the transferr from and to it is secure. Easy enough - i'm just using the

Code: Select all

 openvpn servername.ovpn 

And this is working well - i'm being connected, my address is changed and everybody's happy. But now when i'm trying to connect to my NAS via ddns - it is not giving me the connection. Basically what is happening - i'm sending request via my usuall IP and the NAS is sending the response via my openvpn.

Just for a record these are some basic infos from my machine after openvpn connection:

Code: Select all

[root@alarm ~]# ip route
0.0.0.0/1 via 10.200.4.1 dev tun0
default via 192.168.100.1 dev eth0  metric 202
10.200.4.0/22 dev tun0  proto kernel  scope link  src 10.200.5.8
77.92.92.161 via 192.168.100.1 dev eth0
128.0.0.0/1 via 10.200.4.1 dev tun0
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.107  metric 202
---------
---------
[root@alarm ~]# ip rule
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

Now i removed the 0.0.0.0/1 via 10.200.4.1 dev tun0 rule:

Code: Select all

ip route del 0.0.0.0/1 via 10.200.4.1 dev tun0

And i added 2 new tables called - moja and mvpn in the /etc/iproute2/rt_tables file.

Then i set up (i think) source based routing - based on interface - saying that all the traffic comming from eth0 is responding to eth0 and all the traffic comming from tun0 is responding through tun0. :

Code: Select all

ip rule add dev tun0 table mvpn
ip route add default dev tun0 table mvpn
ip rule add dev eth0 table moja
ip route add default dev eth0 table moja
ip route flush cache

This seems to work, i mean now when i'm ssh from my NAS and check ipecho.net it gives me different ip (vpn ip) than when i'm checking it via my laptop. So this would be my downloading IP.
My only concern is how to check what is my uploading IP?
And assuming it's ok how to make this whole procedure more automacic - preferably together with openvpn connection ? Any tips or ideas?

Ok maybe i'll post the final configs:

Code: Select all

[root@alarm ~]# ip route
default via 192.168.100.1 dev eth0  metric 202
10.200.4.0/22 dev tun0  proto kernel  scope link  src 10.200.5.8
77.92.92.161 via 192.168.100.1 dev eth0
128.0.0.0/1 via 10.200.4.1 dev tun0
192.168.100.0/24 dev eth0  proto kernel  scope link  src 192.168.100.107  metric 202
------------
-----------
[root@alarm ~]# ip rule
0:      from all lookup local
32764:  from all iif eth0 lookup moja
32765:  from all iif tun0 lookup mvpn
32766:  from all lookup main
32767:  from all lookup default

Cheers,

Post scriptum:
Ok, what i did is i putty to my NAS and then i ssd to my dyn-dns addres - after that i have checked the ssh log file (var/logs/auth.log) and the ip was as my originall ip (not the vpn one) so it might be i set it up wrongly.
Any ideas, solutions, tips?

[mwandelaar]

Post scriptum:
Ok, what i did is i putty to my NAS and then i ssd to my dyn-dns addres - after that i have checked the ssh log file (var/logs/auth.log) and the ip was as my originall ip (not the vpn one) so it might be i set it up wrongly.
Any ideas, solutions, tips?

This looks quite easy to me: It appears (looking at your routing-tables) you are using redirect-gateway. Which is a good thing and indeed makes your external ip-adres appear as it's from your home-network.

this means that if you, from the remote vpn-client, connect to your external home-address, the packets are sent throuhg the tunnel and the vpn-server sends them out to the internet (as your myaddress.dyndns.org is the external address and thus not in the local lan). But still the source-address is the remote vpn-client. I guess your vpn-server does some kind of NAT to outgoing packets as if it where it's own.

What happens here is your router getting an packet for the external address and therefore sends it back through the portforward.

And then comes the question why do you want to connect to your external ip-address when you are allready connected to the internal side of your lan?
I suggest you just connect to the vpn-address of the NAS and see if that works.

See if that helps.