openvpn is blocking external request to webserver and ssh












0















My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X



This setup is behind a modem/router which provides access to the internet.



Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.



I used the following tutorials:



https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/



https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/



Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.



Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.



I tried to look for a solution the this on the internet but the answer were vague and not very helpful.



What am I missing here?






linux openvpn iptables raspberry-pi raspbian







share|improve this question























  • What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.

    – Daniel B
    Jan 6 at 16:52











  • Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.

    – Adwen
    Jan 6 at 17:02
















0















My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X



This setup is behind a modem/router which provides access to the internet.



Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.



I used the following tutorials:



https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/



https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/



Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.



Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.



I tried to look for a solution the this on the internet but the answer were vague and not very helpful.



What am I missing here?






linux openvpn iptables raspberry-pi raspbian







share|improve this question























  • What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.

    – Daniel B
    Jan 6 at 16:52











  • Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.

    – Adwen
    Jan 6 at 17:02














0












0








0








My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X



This setup is behind a modem/router which provides access to the internet.



Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.



I used the following tutorials:



https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/



https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/



Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.



Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.



I tried to look for a solution the this on the internet but the answer were vague and not very helpful.



What am I missing here?






linux openvpn iptables raspberry-pi raspbian







share|improve this question














My setup:
Raspberry pi 3
OS: raspbian 9 (stretch)
local network (eth0): 192.168.0.X
wireless network(wlan0): 192.168.10.X



This setup is behind a modem/router which provides access to the internet.



Ok what I'm trying to do here is to make the pi function as a vpn router and a webserver. it should work in such a way that all the traffic that comes from the wlan0(192.168.10.X) should be send through VPN connection. Every other traffic should pass through eth0(192.168.0.X) as it was working in the past.



I used the following tutorials:



https://raspberrypihq.com/how-to-turn-a-raspberry-pi-into-a-wifi-router/



https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/



Now I got the part where vpn is working correctly and the wlan0(192.168.10.X) traffic is being routed through VPN and on the local network (192.168.0.X) I can ssh (22) or make requests to the webserver (80). I can reach it internally no problem.



Now the issue: When I try to connect remotely to the Pi I cannot reach my services anymore. That means I cannot SSH (22) nor http (80) from outside the network. I find it odd that in my local network I can used them but outside my network I cannot find them. The second I turn openvpn off i can reach them and everything is working as is again.



I tried to look for a solution the this on the internet but the answer were vague and not very helpful.



What am I missing here?






linux openvpn iptables raspberry-pi raspbian




linux openvpn iptables raspberry-pi raspbian






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 6 at 15:22









AdwenAdwen

11




11













  • What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.

    – Daniel B
    Jan 6 at 16:52











  • Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.

    – Adwen
    Jan 6 at 17:02



















  • What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.

    – Daniel B
    Jan 6 at 16:52











  • Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.

    – Adwen
    Jan 6 at 17:02

















What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.

– Daniel B
Jan 6 at 16:52





What you want cannot be achieved without policy routing. By default, responses to your connection attempts from the Internet are directed to the VPN connection.

– Daniel B
Jan 6 at 16:52













Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.

– Adwen
Jan 6 at 17:02





Yes, I do understand the problem. But my knowledge of openvpn, iptables and routing is minimal and I need someone to show me how to solve it by explaining to me what to do next.

– Adwen
Jan 6 at 17:02










1 Answer
1






active

oldest

votes


















0














Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:



https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/



The only difference is where in the example it says:




ip rule add from 192.168.30.200 lookup custom




I did the following:




ip rule add from 192.168.0.0/24 lookup custom




This is to get the whole IP range instead of a single IP.



And it is working for days now with no problems.






share|improve this answer























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391187%2fopenvpn-is-blocking-external-request-to-webserver-and-ssh%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:



    https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/



    The only difference is where in the example it says:




    ip rule add from 192.168.30.200 lookup custom




    I did the following:




    ip rule add from 192.168.0.0/24 lookup custom




    This is to get the whole IP range instead of a single IP.



    And it is working for days now with no problems.






    share|improve this answer




























      0














      Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:



      https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/



      The only difference is where in the example it says:




      ip rule add from 192.168.30.200 lookup custom




      I did the following:




      ip rule add from 192.168.0.0/24 lookup custom




      This is to get the whole IP range instead of a single IP.



      And it is working for days now with no problems.






      share|improve this answer


























        0












        0








        0







        Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:



        https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/



        The only difference is where in the example it says:




        ip rule add from 192.168.30.200 lookup custom




        I did the following:




        ip rule add from 192.168.0.0/24 lookup custom




        This is to get the whole IP range instead of a single IP.



        And it is working for days now with no problems.






        share|improve this answer













        Ok. Thanks to Daniel B's comment I think I solved it. I went and read about policy routing and I used the following tutorial as an example:



        https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/



        The only difference is where in the example it says:




        ip rule add from 192.168.30.200 lookup custom




        I did the following:




        ip rule add from 192.168.0.0/24 lookup custom




        This is to get the whole IP range instead of a single IP.



        And it is working for days now with no problems.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 9 at 16:21









        AdwenAdwen

        11




        11






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391187%2fopenvpn-is-blocking-external-request-to-webserver-and-ssh%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Сан-Квентин

            Image
            Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но...
            Read more

            8-я гвардейская общевойсковая армия

            Image
            8-я гвардейская общевойсковая ордена Ленина армия Награды: Войска: РККА → Советская армия → СВ России Род войск: Формирование: 1943 Расформирование (преобразование): 1992 Предшественник: 62-я армия (1942—43) → 8-я гвардейская общевойсковая армия (1943—92) → 8-й гвардейский армейский корпус (1992—98) Боевой путь Изюм-Барвенковская операция Донбасская операция Запорожская операция Битва за Днепр Днепропетровская операция Березнеговато-Снигирёвская операция Одесская операция Люблин-Брестская операция Варшавско-Познанская операция Восточно-Померанская операция Берлинская наступательная операция У этого термина существуют и другие значения, см. 8-я армия. Фотография Гвардейского Красного Знамени (лицевая сторона) 8-й гвардейской армии , образца 1943 года. Фотография Гвардейского Красного Знамени (оборотная сторона) 8-й гвардейской армии , образца 1943 года. 8-я гвардейская общевойсковая ордена Ленина армия  — гвардейское фор...
            Read more

            Алькесар

            Image
            Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове...
            Read more