Can't access my web server through OpenVpn

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
etsalvi
OpenVpn Newbie
Posts: 2
Joined: Sun Jan 15, 2023 10:27 pm

Can't access my web server through OpenVpn

Post by etsalvi » Sun Jan 15, 2023 10:34 pm

I have a web server in my lan that usually i can reach from web. I decided to install openvpn server on the same machine with Linux Mint 20.3 and the client on my android device. I can connect to the openvpn server and i can even ping it, but i can't open the http page of my web server.
Note that i can open the http page from local with openvpn server ip.
How can i fix it?

etsalvi
OpenVpn Newbie
Posts: 2
Joined: Sun Jan 15, 2023 10:27 pm

Re: Can't access my web server through OpenVpn

Post by etsalvi » Thu Feb 16, 2023 7:12 am

# OpenVPN Port, Protocol, and the Tun
port 1194
proto udp
dev tun

# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/home-server.crt
key /etc/openvpn/server/home-server.key

#DH and CRL key
dh /etc/openvpn/server/dh.pem
crl-verify /etc/openvpn/server/crl.pem

# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 10.5.0.0 255.255.255.0
push "redirect-gateway local def1"

# Using the DNS from https://dns.watch
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

#Enable multiple clients to connect with the same certificate key
duplicate-cn

# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache

# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nogroup

# OpenVPN Log
log-append /var/log/openvpn.log
verb 3

Client:

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3

Further information edited in from comments:

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600
10.5.0.0/24 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000

root@ettore-home:/etc/openvpn/server# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

result of ss -latpn | grep 80

root@ettore-home:/etc/openvpn/server# ss -latpn | grep 80
LISTEN 0 128 127.0.0.1:5939 0.0.0.0:* users:(("teamviewerd",pid=1680,fd=12))
ESTAB 0 0 10.69.178.79:60060 142.250.180.133:443 users:(("firefox-bin",pid=2899,fd=114))
TIME-WAIT 0 0 10.69.178.79:43834 34.107.221.82:80
ESTAB 0 0 10.69.178.79:37346 37.252.253.103:443 users:(("teamviewerd",pid=1680,fd=14))
TIME-WAIT 0 0 10.69.178.79:43848 34.107.221.82:80
LISTEN 0 511 *:80 *:* users:(("apache2",pid=1729,fd=4),("apache2",pid=1728,fd=4),("apache2",pid=1727,fd=4),("apache2",pid=1726,fd=4),("apache2",pid=1725,fd=4),("apache2",pid=1708,fd=4))

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600
10.5.0.0/24 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000

root@ettore-home:/etc/openvpn/server# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

Post Reply