I don't have a public ip address so I'm looking to host a server while connected to a VPN, the VPN server is running on a VPS that I own and its running SoftEther VPN server.
In my machine I connect to the VPN and then run the server app, however I check in http://www.canyouseeme.org/ to see if its successfully hosted and can be accessed from internet but its not and it shows "connection refused", if I host the server on the VPS machine it works, but I don't want that, it should be hosted on my machine and should be accessible using the ip address of the VPS/VPN.
You probably want to set up port forwarding on your VPN server.
When you connect to the VPN, your traffic goes through it, but you don't "become" it - the traffic directed to the VPN server (like an attempt to connect to your app) will not be forwarded to your VPN client machine - this is not the purpose of VPNs.
There is a page with port forwarding setup here. This is to be done on the VPN server.
The alternative I use is to setup port forwarding via SSH on the application server and ditch the need for VPN. Check Remote Port Forwarding here. It works fine, encrypts your data between the application server and the gateway, but there might be bigger overhead and it may be more prone to die when the network connection is temporarily lost.
Related
I have created a local websocket server using the ktor framework, which is available locally in the below IP.
[main] INFO Application - Responding at http://192.168.1.10:8080
And I'm able to access it locally from postman by hitting
ws://192.168.1.10:8080/chat
I would like to connect to this socket from the internet, But when I setup port forwarding (using NAT virtual server configuration), this doesn't seem to work. I get timed out error.
I tried this because, it is working fine for the http server (express app) I created in another port. From the below NAT virtual server configuration, I was able to do port forwarding and access the webservice from the internet.
I'm quite new to socket programming and networking. Kindly advice.
You can't have a single External Port mapped to two different Server ports. Each Server needs a distinct External Port mapped to it. Right now, you have External Port 80 mapped to both 192.168.1.10:3000 and 192.168.1.10:8080.
Once you fix that issue to use a separate External Port for each Server, then http://<externalIP>:<externalPort1> and ws://<externalIP>:<externalPort2> should work properly to reach the HTTP and WebSocket servers, respectively, from the outside world.
What I'm trying to achieve is:
Connect to a VPN as client and route all my internal network's traffic over the VPN.
Run a VPN server, so that people from outside can connect to my internal network and get routed over the a.m. VPN client.
I'm trying to achieve that with a router running dd-wrt (netgear D6200), and / or a raspberry pi.
Can someone tell me if this can be achieved, and if, direct me to what would be a possible solution?
(I'm not looking for a tutorial, just a direction)
Thanks!
This thread probably does not belong here.
Consider using OpenWRT instead of dd-wrt. OpenWRT gives you a usable build system and easier to customize and build. I am not advocating OpenWRT. This can be a stop gap measure.
You can setup a OpenVPN server and OpenVPN client using the standard
documentation available on OpenWRT Wiki and also OpenVPN site.
Add to OpenVPN server.conf the following directive redirect-gateway def1. This will push the default gateway to clients connecting to OpenVPN server. Further, make sure you are using a unique network IP pool for VPN clients and does not clash with the remove VPN server.
Make sure you are masquerading the VPN traffic (Clients of local VPN server) before forwarding to remove VPN server. This can be tricky as this interface does not exist at boot time. It needs to be configured using up and down scripts
Make sure you are allowing traffic (clients of local VPN Server) on VPN interface to be forwarded in your firewall rules
Before setting up the OpenVPN server, make sure
The remove VPN server is pushing the default gateway to your VPN
client
You have setup the firewall correctly
You are able to reach the cloud through the Remote VPN Server. Checking with some site like www.whatismyip.com will help
Yes this is possible with dd-wrt on Netgear.
There is no need of Raspberry (unless you meant to run the remote VPN server on it).
Configure and run VPN server on dd-wrt - and try connectivity by connecting clients. Both tun/tap should work in general (with VPN client running). I tested with tun.
Configure and run VPN client on dd-wrt and try connecting to your VPN server. By default, the router should start directing all traffic (for its own LAN clients) via the VPN server.
So far so good.
The problem comes when you want dd-wrt's VPN clients (and not just LAN clients) to take the same route. With a VPN client running on dd-wrt, dd-wrt's own VPN clients will not be able to connect to the VPN server running on dd-wrt as such. To make it work, see below.
This is only possible via PBR - i.e. you run VPN client on dd-wrt, but take the router itself off this client, and route only specific clients through this VPN client running on dd-wrt.
With some tweaks using subnet masks, it is possible to include all your LAN and VPN IPs in the PBR policy so that everything (except the router itself) routes through the remote VPN server.
The key is to include dd-wrt's VPN clients' virtual IPs in the PBR. While configuring VPN server on dd-wrt, there is a field for specifying the clients' network and netmask.
If you use this network IP and netmask in client process's PBR policy, your (dd-wrt's) VPN clients will be able to connect to the VPN server running on dd-wrt, and will in turn be routed through the remote VPN server to which dd-wrt is connected as a client.
I have configured my guest VM as described here: https://askubuntu.com/a/293817/503589
Unfortunately I cannot connect to the guest via IP or "localhost", if the Cisco AnyConnect VPN Client is connected on the host (Windows 7).
It works as long as I am not connected with the Cisco VPN AnyConnect Client on the host.
My requirements are the following:
the host should be able to access the guest with it's static IP, whether I am connected to host VPN or not.
I am working remote (WLAN) or in the office (LAN). In the office it's working, because I have no Cisco VPN Client connected.
guest can access the internet
I can move my laptop from network to network (e.g. from home to office to coffeeshop) without worrying about securing or reconfiguring the vm
What I also already tried and what didn't work:
NAT
Bridged
The Cisco VPN client is likely configured for full tunneling. Meaning all traffic is routed through the VPN interface. This is why you are unable to reach other hosts on your LAN.
You might be able to request a split-tunneled profile from your Network team, but it may go against company policy.
I have got chef-server installed on a centos machine.
Everything is working as expected except that I cannot access the chef-server web interface from another machine on my local network.
I can access the web interface from the centos machine itself:
telnet mychefserver.local 4000
Connected
If I do the same from my machine I have got:
telnet: Unable to connect to remote host: No route to host
I can successfully ping mychefserver.local from my machine
Any idea how to configure nginx with chef-server to access the chef-server from the network?
Since Chef Server 10, the web interface uses normal HTTPS (TCP 443), it only listens on the high ports locally, and nginx proxies as needed to the different backend services. I would try with a normal web browser as telnet isn't exactly great at error messages. Normally I would expect that to mean telnet is getting TCP transmission errors, but maybe it is just confused? If it is really a TCP transmit error then more likely the internal DNS is having issues. .local often means mDNS which has uneven support in some places, I would try an actual IP address to be sure.
My issue was iptables.
I stopped iptables and I can access the chef-server from my local network again.
I got access via SSH (root access) to a Machine that's inside a network at my client's office.
I'm programming in my computer a PHP application that needs to integrate to LDAP. The LDAP server is in another server at my client's network and not accesible from outside, however I can perfectly access it via the server I can connect to via SSH.
My question is: IS there anyway I can make a tunnel and setup a port in my computer to get the traffic forwarded to the LDAP server using my SSH connection to one of the computers on the network?
Thanks!!!!
Yes, ssh has a "-L" option to create a tunnel. That option takes 3 parameters, separated by colons (:). Local listen port, remote host, remote port.
ssh -L 9999:ldapserver:389 user#otherhost
Where 9999 is the local port that the tunnel will be created on. The ldapserver:389 bit tells it where to connect to on the other side.
Then, tell your application to connect to localhost:9999 (or whatever port you choose) and it will be tunneled across.