openvpn is blocking external request to webserver and ssh
My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X
This setup is behind a modem/router which provides access to the internet.
Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.
I used the following tutorials:
https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/
https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/
Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.
Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.
I tried to look for a solution the this on the internet but the answer were vague and not very helpful.
What am I missing here?
linux openvpn iptables raspberry-pi raspbian
asked Jan 6 at 15:22
AdwenAdwen
11
add a comment |
My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X
This setup is behind a modem/router which provides access to the internet.
Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.
I used the following tutorials:
https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/
https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/
Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.
Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.
I tried to look for a solution the this on the internet but the answer were vague and not very helpful.
What am I missing here?
linux openvpn iptables raspberry-pi raspbian
asked Jan 6 at 15:22
AdwenAdwen
11
What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.
– Daniel B
Jan 6 at 16:52
Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.
– Adwen
Jan 6 at 17:02
add a comment |
My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X
This setup is behind a modem/router which provides access to the internet.
Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.
I used the following tutorials:
https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/
https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/
Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.
Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.
I tried to look for a solution the this on the internet but the answer were vague and not very helpful.
What am I missing here?
linux openvpn iptables raspberry-pi raspbian
asked Jan 6 at 15:22
AdwenAdwen
11
My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X
This setup is behind a modem/router which provides access to the internet.
Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.
I used the following tutorials:
https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/
https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/
Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.
Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.
I tried to look for a solution the this on the internet but the answer were vague and not very helpful.
What am I missing here?
linux openvpn iptables raspberry-pi raspbian
linux openvpn iptables raspberry-pi raspbian
asked Jan 6 at 15:22
AdwenAdwen
11
asked Jan 6 at 15:22
AdwenAdwen
11
asked Jan 6 at 15:22
AdwenAdwen
11
asked Jan 6 at 15:22
AdwenAdwen
11
asked Jan 6 at 15:22
AdwenAdwen
11
11
What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.
– Daniel B
Jan 6 at 16:52
Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.
– Adwen
Jan 6 at 17:02
add a comment |
What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.
– Daniel B
Jan 6 at 16:52
Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.
– Adwen
Jan 6 at 17:02
What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.
– Daniel B
Jan 6 at 16:52
What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.
– Daniel B
Jan 6 at 16:52
Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.
– Adwen
Jan 6 at 17:02
Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.
– Adwen
Jan 6 at 17:02
add a comment |
1 Answer
1
active
oldest
votes
Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:
https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/
The only difference is where in the example it says:
ip rule add from 192.168.30.200 lookup custom
I did the following:
ip rule add from 192.168.0.0/24 lookup custom
This is to get the whole IP range instead of a single IP.
And it is working for days now with no problems.
answered Jan 9 at 16:21
AdwenAdwen
11
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391187%2fopenvpn-is-blocking-external-request-to-webserver-and-ssh%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:
https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/
The only difference is where in the example it says:
ip rule add from 192.168.30.200 lookup custom
I did the following:
ip rule add from 192.168.0.0/24 lookup custom
This is to get the whole IP range instead of a single IP.
And it is working for days now with no problems.
answered Jan 9 at 16:21
AdwenAdwen
11
add a comment |
Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:
https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/
The only difference is where in the example it says:
ip rule add from 192.168.30.200 lookup custom
I did the following:
ip rule add from 192.168.0.0/24 lookup custom
This is to get the whole IP range instead of a single IP.
And it is working for days now with no problems.
answered Jan 9 at 16:21
AdwenAdwen
11
add a comment |
Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:
https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/
The only difference is where in the example it says:
ip rule add from 192.168.30.200 lookup custom
I did the following:
ip rule add from 192.168.0.0/24 lookup custom
This is to get the whole IP range instead of a single IP.
And it is working for days now with no problems.
answered Jan 9 at 16:21
AdwenAdwen
11
Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:
https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/
The only difference is where in the example it says:
ip rule add from 192.168.30.200 lookup custom
I did the following:
ip rule add from 192.168.0.0/24 lookup custom
This is to get the whole IP range instead of a single IP.
And it is working for days now with no problems.
answered Jan 9 at 16:21
AdwenAdwen
11
answered Jan 9 at 16:21
AdwenAdwen
11
answered Jan 9 at 16:21
AdwenAdwen
11
answered Jan 9 at 16:21
AdwenAdwen
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391187%2fopenvpn-is-blocking-external-request-to-webserver-and-ssh%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.
– Daniel B
Jan 6 at 16:52
Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.
– Adwen
Jan 6 at 17:02