Route public IP from openVPN Server through VPN

[nudeltabak]

Hi there,

I have a server which has an apache webserver and openVPN Server installed. So my openVPN connection works fine. All Traffic is tunneld through it. But if I want to access my Webserver via https and via the puplic IP form the server, my traffic will not go through the VPN connection. So i guess the problem occurs, because of the routing for the puplic IP from the server.

How to solve that?

My config files for a client and the server:

server.conf

Code: Select all

port 10434
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.5.1"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem

user nobody
group nogroup

log-append /var/log/openvpn.log

tun-mtu 1460
mssfix 1420

client.ovpn

Code: Select all

client
dev tun
proto udp
pull
sndbuf 0
rcvbuf 0
remote dns.example.com 10434
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
<ca>
...

[Traffic]

But if I want to access my Webserver via https and via the puplic IP form the server, my traffic will not go through the VPN connection

Do you mean from the client ?

[nudeltabak]

Do you mean from the client ?

No I don't. I mean I want to connect as a Client to the Servers puplic Ip / DNS. If I do that it will not go through the VPN tunnel.

[Traffic]

No it will not ..

[nudeltabak]

No it will not ..

So is there no way to route this through the vpn?

[Traffic]

From your VPN server ~ To your VPN server ~ To your HTTP(s) server ... all on the same IP ?

Am I missing something ?

[nudeltabak]

From your VPN server ~ To your VPN server ~ To your HTTP(s) server ... all on the same IP ?

Am I missing something ?

From my Client, which is connected to the VPN server. The HTTP server is on the same IP.

[Traffic]

But if I want to access my Webserver via https and via the puplic IP form the server, my traffic will not go through the VPN connection

Do you mean from the client ?

From my Client, which is connected to the VPN server

because of --redirect-gateway def1 you cannot make HTTP/s go over the tunnel to the same IP as the VPN server unless you use policy based routing .. which is beyond the scope of this Forum.

[nudeltabak]

But if I want to access my Webserver via https and via the puplic IP form the server, my traffic will not go through the VPN connection.

I meant "puplic IP" <-- from the server

Even a traceroute to my servers puplic IP does not go through the VPN.

[Traffic]

because of --redirect-gateway def1 you cannot make HTTP/s go over the tunnel to the same IP as the VPN server unless you use policy based routing .. which is beyond the scope of this Forum

If HTTP/s packets were sent to the server public IP over the VPN then the VPN data packets would also go over the VPN .. which breaks the VPN.

[nudeltabak]

If HTTP/s packets were sent to the server public IP over the VPN then the VPN data packets would also go over the VPN .. which breaks the VPN.

Could you explain this point a bit more?

[Traffic]

See --redirect-gateway step(1) in The Manual v23x

You cannot connect to the public IP of your VPN server with HTTP/s unless you use policy based routing .. which is probably not available to your windows client.

So just use the private IP 10.8.0.1