F
F
FunMelon2019-03-31 10:37:32
openvpn
FunMelon, 2019-03-31 10:37:32

Why doesn't the package know where to go?

In general, I do NAT bypass through OpenVPN. What we have: a
VPS with a white IP, an OpenVPN server is installed on it
My computer with a gray IP, an OpenVPN client is installed on it (also, a web server is installed here) A computer
from a random point on the planet with a gray IP (acts as a client for my web server)
I set up a VPN tunnel between my computer and the VPS, I can safely ping 10.9.8.2 and 10.9.8.1 from each other.
I also set up port forwarding on the VPS, and packets arriving on port 80 are automatically sent to the tunnel (go to IP 10.9.8.2).
What's next? The packet arrives at the computer, the VPS has edited the packet, and now there is my computer's IP in the destination IP. My web server received the packet, and now it sends a response to the IP of a random computer (web client), let's say it's IP 172.225.130.43 and port 65536, and this is what happens, the packet does not go through the tunnel, but through the usual network interface, as a result, the packet is lost. How to force the response to go through the tunnel? after all, the port of the client and its ip is unknown in advance

Answer the question

In order to leave comments, you need to log in

2 answer(s)
R
res2001, 2019-03-31
@res2001

Several options:
1. In the current configuration, you need to make your VPN server the default gateway on your computer, then all packets for the Internet will go there. This can be done in the VPN settings on the server.
But in this case, you will always go to the Internet through VPN, and this is probably not quite what you want.
2. If you add NAT on the VPS to this scheme, then the incoming traffic to the web server will have the VPN address of the VPS and the responses will go to the VPS without additional gestures, then the responses will enter the NAT and go out there.
3. Transfer the web server to an external hosting.

K
Karpion, 2019-09-02
@Karpion

It seems to me that the Web server should be installed in a virtual machine and build your own separate routing there. For setting up different routing in Windows for different categories of packages (apparently, by port) - I don’t even know how, and in Linux / FreeBSD it’s quite difficult.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question