openVPN setup on Ubuntu NAS, cannot reach Webserver

ummeumme
in Linux VPN Setup
I just started including a PIA VPN into my NAS setup. Now Iam struggeling with reaching my Webserver via DynDNS on the NAS when I am connected to PIA.

My Setup:
- Router doing the dynamic DNS Stuff, so the DNS alias is connected to my ISP IP address, only the HTTPs port is forwarded to my NAS.
- Ubuntu 16 NAS running a reverse proxy with some websites behind it.
- openVPN running on my NAS

So now, I wanna be able to reach the webserver on my NAS over my dynDNS address and need some advice on how to achieve it.

- Move the dynDNS stuff to my NAS?
- Allow my router IP as an exception?
- I have 2 network interfaces available, any benefit of that?

Thanks!
 


Comments

  • martoufmartouf
    dyndns takes care of making your external IP address visible from offsite.

    but to reach the webserver, there must be an open port at the PIA end and a chain of permissions in firewalls inward until you reach the NAS. how do you propose to make the port number PIA opens (over which you have no control other than to request it) visible offsite?

    at some point of complexity, you need to have your own internet-facing VPN server to which you connect using a VPN client. The server can connect multiple clients together and/or make an array of open ports (and thus an array of network services) available to clients.
  • Max-PMax-P
    This is really not easily doable despite what it looks like. When forwarded packets arrive from your router, they don't actually appear as coming from your router, they appear as coming from the public IP address that requested the connection. So when your computer gets to replying back to the request, it can choose to do so either via the VPN or your real IP and just picks the default one (which would be the VPN).

    In order to properly handle this situation, you would need to configure iptables to track the state of every connection coming from your ISP's side to make sure to properly redirect them to the correct interface. 

    Section 10.4.2 there should give you the information you need: http://linux-ip.net/html/adv-multi-internet.html
Sign In or Register to comment.