Help on setting up VPN to limit access to certain http dirs
Posted: Wed Aug 31, 2016 11:23 am
Hi all,
Im trying to configure everything in order to allow only VPN users to accesss to certain folders (wp-admin etc) and the thing is that by following some tutorials like https://www.digitalocean.com/community/ ... untu-14-04 i can connect to my openvpn (it gives me a 10.8.0.X ip and the external IP is my server's one when checking at but when i enter my own server domain in my browser it sees my real IP (getenv('REMOTE_ADDR') shows my real IP) and not the one from the VPN so i cant set up a .htaccess file to restrict to my own server IP.
As a summary of above tutorial config, i have:
/etc/openvpn/server.conf
-------------------------------
/proc/sys/net/ipv4/ip_forward
---------------------------------------
file content is 1
/etc/sysctl.conf
--------------------------------
net.ipv4.ip_forward=1
/etc/default/ufw
---------------------------------------
DEFAULT_FORWARD_POLICY="ACCEPT"
/etc/ufw/before.rules
--------------------------------------
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
ufw status verbose:
------------------------------------------------
root@XXX:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
53 (Bind9) ALLOW IN Anywhere
80/tcp (Apache) ALLOW IN Anywhere
443/tcp (Apache Secure) ALLOW IN Anywhere
1194/udp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
53 (Bind9 (v6)) ALLOW IN Anywhere (v6)
80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
443/tcp (Apache Secure (v6)) ALLOW IN Anywhere (v6)
Is there something im missing?
Thank you in advance,
Im trying to configure everything in order to allow only VPN users to accesss to certain folders (wp-admin etc) and the thing is that by following some tutorials like https://www.digitalocean.com/community/ ... untu-14-04 i can connect to my openvpn (it gives me a 10.8.0.X ip and the external IP is my server's one when checking at but when i enter my own server domain in my browser it sees my real IP (getenv('REMOTE_ADDR') shows my real IP) and not the one from the VPN so i cant set up a .htaccess file to restrict to my own server IP.
As a summary of above tutorial config, i have:
/etc/openvpn/server.conf
-------------------------------
Server Config
dh dh2048.pem
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
user nobody
group nogroup
---------------------------------------
file content is 1
/etc/sysctl.conf
--------------------------------
net.ipv4.ip_forward=1
/etc/default/ufw
---------------------------------------
DEFAULT_FORWARD_POLICY="ACCEPT"
/etc/ufw/before.rules
--------------------------------------
# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to eth0
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
COMMIT
# END OPENVPN RULES
ufw status verbose:
------------------------------------------------
root@XXX:/# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
1194/udp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
53 (Bind9) ALLOW IN Anywhere
80/tcp (Apache) ALLOW IN Anywhere
443/tcp (Apache Secure) ALLOW IN Anywhere
1194/udp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
53 (Bind9 (v6)) ALLOW IN Anywhere (v6)
80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
443/tcp (Apache Secure (v6)) ALLOW IN Anywhere (v6)
Is there something im missing?
Thank you in advance,