BrainEater Posted April 21, 2017 Posted April 21, 2017 (edited) So I really need help, I though I had everything squared up and ready but I tried to connected externally this afternoon and found a large hole in my plan (a little cranky) . I have everything working great but external access to my OpenVPN server. For more information please read the below link https://forums.hak5.org/index.php?/topi ... vpn-build/ Long story short I need to access my server from outside the network. The setup is my open VPN server on a raspberry pi running raspbian which is on local ip 10.1.1.101 and I run all of its traffic through another raspberry pi configured as a gateway with the ip of 10.1.1.102 then out to the Internet. Everything is working great internally I just need to know what I have to do to access it external. The default gateway for the gateway pi is 10.1.1.1 Edited April 21, 2017 by BrainEater Quote
BrainEater Posted April 21, 2017 Author Posted April 21, 2017 I have done that, that's how I had it working external before I changed the gateway to run it through the second vpn. But I believe there is an issue with port forward the server because the gateway is on another server again so the traffic passes through another server, another gateway (the one I changed it to) , a different port and then finally to the PiVPN server. So the port can't be forwarded to the PiVPN server as that's no technical where the traffic is. I need a way to have the client respond back through the current gateway then to the PiVPN server. Or for some bright spark to come up with an idea I haven't though of. Loads of smart minds on this forum. Quote
BrainEater Posted April 21, 2017 Author Posted April 21, 2017 I have a feeling I need to do something like this. # Create an alternate routing table echo "1 NOVPN" >> /etc/iproute2/rt_tables # Create the routes for this table # Actually, you just want to set the default gateway ip route add default via 192.168.1.1 dev eth0 table NOVPN # Check results with ip route show table NOVPN # Now tell the kernel that this routing table should be used when # a packet waiting to be routed has a specific "mark" ip rule add from all fwmark 0x1 lookup NOVPN # Then mark all the required packets with the same mark use above iptables -t mangle -I OUTPUT -p tcp --sport 22 -j MARK --set-mark 1 iptables -t mangle -I OUTPUT -p tcp --sport 80 -j MARK --set-mark 1 Does this look like something I need to try? Don't what to start Messing with ip tables if it is unnecessary. Quote
BrainEater Posted April 22, 2017 Author Posted April 22, 2017 Yeah mate that's it, the only other thing is there is another computer on my LAN between the openvpn server and the Nord server as a Nord client. Sorry if I didn't explain myself to well. Quote
BrainEater Posted April 22, 2017 Author Posted April 22, 2017 Ok. So this is great I'm currently at work but when I get home I will try out those commands and see if the ip tables can fix my issue thanks so much mate. This has been bugging be for 3 days now and I'm scratching my head. Quote
BrainEater Posted April 23, 2017 Author Posted April 23, 2017 (edited) Hate to say ip tables didn't help :( I tried the above. Edited April 23, 2017 by BrainEater Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.