Help on setting up VPN to limit access to certain http dirs

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
farrusete
OpenVpn Newbie
Posts: 1
Joined: Wed Aug 31, 2016 11:00 am

Help on setting up VPN to limit access to certain http dirs

Post by farrusete » Wed Aug 31, 2016 11:23 am

Hi all,

Im trying to configure everything in order to allow only VPN users to accesss to certain folders (wp-admin etc) and the thing is that by following some tutorials like https://www.digitalocean.com/community/ ... untu-14-04 i can connect to my openvpn (it gives me a 10.8.0.X ip and the external IP is my server's one when checking at but when i enter my own server domain in my browser it sees my real IP (getenv('REMOTE_ADDR') shows my real IP) and not the one from the VPN so i cant set up a .htaccess file to restrict to my own server IP.

As a summary of above tutorial config, i have:

/etc/openvpn/server.conf
-------------------------------
Server Config
dh dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup
/proc/sys/net/ipv4/ip_forward
---------------------------------------
file content is 1

/etc/sysctl.conf
--------------------------------
net.ipv4.ip_forward=1

/etc/default/ufw
---------------------------------------
DEFAULT_FORWARD_POLICY="ACCEPT"

/etc/ufw/before.rules
--------------------------------------
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES

ufw status verbose:
------------------------------------------------
root@XXX:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
53 (Bind9) ALLOW IN Anywhere
80/tcp (Apache) ALLOW IN Anywhere
443/tcp (Apache Secure) ALLOW IN Anywhere
1194/udp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
53 (Bind9 (v6)) ALLOW IN Anywhere (v6)
80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
443/tcp (Apache Secure (v6)) ALLOW IN Anywhere (v6)

Is there something im missing?

Thank you in advance,
Top
nehakakar
OpenVpn Newbie
Posts: 11
Joined: Tue Jul 11, 2023 1:29 pm

Re: Help on setting up VPN to limit access to certain http dirs

Post by nehakakar » Tue Jul 11, 2023 8:11 pm

Your server isn't recognizing the client's VPN-assigned IP address. The server must see the client's VPN IP, not their true IP, to restrict folder access with a.htaccess file.
Try adding this line to your Apache virtual host configuration:

Code: Select all

RemoteIPInternalProxy 10.8.0.0/24
This line informs Apache to treat the VPN-assigned IP range as internal, allowing it to accurately identify the client's VPN IP address.
Top
Post Reply

Return to “Server Administration”