Jump to content

Recommended Posts

Posted (edited)
So I really need help, I though I had everything squared up and ready but I tried to connected externally this afternoon and found a large hole in my plan (a little cranky) . I have everything working great but external access to my OpenVPN server. For more information please read the below link 

https://forums.hak5.org/index.php?/topi ... vpn-build/

Long story short I need to access my server from outside the network. The setup is my open VPN server on a raspberry pi running raspbian which is on local ip 10.1.1.101 and I run all of its traffic through another raspberry pi configured as a gateway with the ip of 10.1.1.102 then out to the Internet. Everything is working great internally I just need to know what I have to do to access it external. The default gateway for the gateway pi is 10.1.1.1
 
Edited by BrainEater
Posted

I have done that, that's how I had it working external before I changed the gateway to run it through the second vpn. But I believe there is an issue with port forward the server because the gateway is on another server again so the traffic passes through another server, another gateway (the one I changed it to) , a different port and then finally to the PiVPN server. So the port can't be forwarded to the PiVPN server as that's no technical where the traffic is. I need a way to have the client respond back through the current gateway then to the PiVPN server.  Or for some bright spark to come up with an idea I haven't though of. Loads of smart minds on this forum. 

Posted

I have a feeling I need to do something like this. 

# Create an alternate routing table
echo "1 NOVPN" >> /etc/iproute2/rt_tables

# Create the routes for this table
# Actually, you just want to set the default gateway
ip route add default via 192.168.1.1 dev eth0 table NOVPN

# Check results with
ip route show table NOVPN

# Now tell the kernel that this routing table should be used when 
# a packet waiting to be routed has a specific "mark"
ip rule add from all fwmark 0x1 lookup NOVPN

# Then mark all the required packets with the same mark use above
iptables -t mangle -I OUTPUT -p tcp --sport 22 -j MARK --set-mark 1 
iptables -t mangle -I OUTPUT -p tcp --sport 80 -j MARK --set-mark 1 

Does this look like something I need to try? Don't what to start Messing with ip tables if it is unnecessary.

Posted

Yeah mate that's it, the only other thing is there is another computer on my LAN between the openvpn server and the Nord server as a Nord client. Sorry if I didn't explain myself to well. 

Posted

Ok. So this is great I'm currently at work but when I get home I will try out those commands and see if the ip tables can fix my issue thanks so much mate. This has been bugging be for 3 days now and I'm scratching my head. 

 

Posted (edited)

Hate to say ip tables didn't help :( I tried the above. 

 

Edited by BrainEater

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...