How to keep some port out of the scope of a VPN connection ?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to keep some port out of the scope of a VPN connection ?
Hello,
I have a server (192.168.1.9) in my network that is running a http server on port 5000.
This server port have been opened (on my router 192.168.1.1) to be available from my public IP (on port 80).
I have recently installed openvpn to connect to a vpn, but I'd like to keep my http server available from my public IP (no need to have it available to the VPN network).
I'm completely lost and I don't know where to start ... Could someone point me a direction to dig into ?
Here are some details about the route configuration :
Maybe I am getting this wrong but you dont seem to have problem here.
Even if you use a vpn over your wan-connection, portforwarding on the wan-address will still work as before. So the http-server will still be available via the Wan IP and to the lan(or vpn)-network via the local address.
Could you describe a little what actually is not working for you at the moment?
Maybe I am getting this wrong but you dont seem to have problem here.
Even if you use a vpn over your wan-connection, portforwarding on the wan-address will still work as before. So the http-server will still be available via the Wan IP and to the lan(or vpn)-network via the local address.
Could you describe a little what actually is not working for you at the moment?
Hello,
If I use an online port scanner, my port 80 is shown as closed, and if I try to connect to this port from an external network, I have no answer from the server.
If I try to connect to my public ip and port 80 from my LAN, the server responds ...
This is a strange behavior, but if I shut down openvpn, the server become responsive again on my public IP (from external network) immediatly ...
Now I see, you start the tunnel from your server not your router.
Lets see, this could possible solved with another nic dedicated to the http-server or a nic-alias. Can you post ifconfig?
Hello,
If I use an online port scanner, my port 80 is shown as closed
I think we are getting there...
If you use an online scanner, it will scan the ip of your gateway to the internet. I suppose, while you are connected to the vpn , your gateway changes to the one of your vpn-server.
You can easily verify this by comparing http://canyouseeme.org before and after the vpn-connection. It should give two different ips.
Can you confirm that?
I think we are getting there...
If you use an online scanner, it will scan the ip of your gateway to the internet. I suppose, while you are connected to the vpn , your gateway changes to the one of your vpn-server.
You can easily verify this by comparing http://canyouseeme.org before and after the vpn-connection. It should give two different ips.
Can you confirm that?
I confirm that when connected to the VPN, my public ip is the one of the VPN Internet gateway ! The problem is that I'm not allowed to configure anything on this VPN (no port forwarding) so I have to find a way to keep port 80 available from my ISP public ip !
So you ran the online-portscan while you where connected to the vpn in your browser?
That means you are scanning your vpn gateway, not the public IP of your ISP.
Ring a friend to check your http-service next time you use the vpn. I'm pretty sure he'll find it working.
If I'm wrong (which could well be possible) I am definately out of ideas here .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.