How to route from vps to server on local network?

N

n1ck2020-05-09 03:35:36

linux

n1ck, 2020-05-09 03:35:36

There are two servers: one is on the local network with a gray ip and vps with a white ip. Due to the high tariffs of the provider for a white ip address, a method was chosen to reach the home server using vps.
The vps runs an openvpn server to which the openwrt router connects.

Scheme:
/internet/---> XXX.XXX.XXX.XXX | VPS Ubuntu 16.04 | 10.9.8.1<--- OpenVPN ---> 10.9.8.2 | router OpenWRT | 192.168.0.1<---LAN---> 192.168.0.7 | Server

How to forward port from vps to server in LAN? For example, when connecting from the Internet to the VPS on port 2222, I get to the home server on port 22.

PS When I try to connect via the Internet from the local network to the server at XXX.XXX.XXX.XXX:2222, I can get to the server 192.168.0.7: 22. But from another network vps sends me.

openvpn server config

dev tun0
ifconfig 10.9.8.1 10.9.8.2
secret /etc/openvpn/static.key
route 192.168.0.0 255.255.255.0

openvpn client config

remote XXX.XXX.XXX.XXX
dev tun0
ifconfig 10.9.8.2 10.9.8.1
secret /etc/openvpn/static.key
keepalive 60 120

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

H

hint000, 2020-05-09
@Proxytroid

You need to do two passes.
The first one is from VPS to OpenWRT (eg XXX.XXX.XXX.XXX:2222 -> 10.9.8.2:2222).
The second one is from OpenWRT to the local server (10.9.8.2:2222 -> 192.168.0.7:22).
Judging by PS, you already did it.
I'm guessing it's a routing issue. OpenWRT must have a default gateway of 10.9.8.1. Check if all Internet traffic must go through the VPN when connecting to the VPN.

A

Alexey Dmitriev, 2020-05-10
@SignFinder

1. Do SNAT on VPS

iptables -t nat -A POSTROUTING -d внешний_ip_сервера/32 -p tcp --dport 2222 -j SNAT --to-source 10.9.8.2

2. On the router, do something similar or port forwarding \ port forwarding inside. But already from port 2222 to ip 192.168.0.7 and port 22