0

Installed Apache2 server on my Linux Mint 20.3 Cinnamon and I could easily reach my http pages from web pointing to the static ip address of my router where I have configured the right http port.

I decided to install on the same machine an openvpn server to reach my http server through vpn. The installation was good and now I can reach the openvpn server from the web with an openvpn client. I can ping the server or ping another ip address (i.e. 8.8.8.8) from the client but I can't reach my http server anymore.

Here my server and client openvpn config

# OpenVPN Port, Protocol, and the Tun
port 1194
proto udp
dev tun

# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/home-server.crt
key /etc/openvpn/server/home-server.key

#DH and CRL key
dh /etc/openvpn/server/dh.pem
crl-verify /etc/openvpn/server/crl.pem

# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 10.5.0.0 255.255.255.0
push "redirect-gateway local def1"

# Using the DNS from https://dns.watch
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

#Enable multiple clients to connect with the same certificate key
duplicate-cn

# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache

# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nogroup

# OpenVPN Log
log-append /var/log/openvpn.log
verb 3

Client:

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3

Further information edited in from comments:

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600
10.5.0.0/24 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000

root@ettore-home:/etc/openvpn/server# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

result of ss -latpn | grep 80

root@ettore-home:/etc/openvpn/server# ss -latpn | grep 80
LISTEN      0        128            127.0.0.1:5939               0.0.0.0:*       users:(("teamviewerd",pid=1680,fd=12))                                         
ESTAB       0        0           10.69.178.79:60060      142.250.180.133:443     users:(("firefox-bin",pid=2899,fd=114))                                        
TIME-WAIT   0        0           10.69.178.79:43834        34.107.221.82:80                                                                                     
ESTAB       0        0           10.69.178.79:37346       37.252.253.103:443     users:(("teamviewerd",pid=1680,fd=14))                                         
TIME-WAIT   0        0           10.69.178.79:43848        34.107.221.82:80                                                                                     
LISTEN      0        511                    *:80                       *:*       users:(("apache2",pid=1729,fd=4),("apache2",pid=1728,fd=4),("apache2",pid=1727,fd=4),("apache2",pid=1726,fd=4),("apache2",pid=1725,fd=4),("apache2",pid=1708,fd=4))

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600 
10.5.0.0/24 via 10.5.0.2 dev tun0 
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1 
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 

root@ettore-home:/etc/openvpn/server# ip rule
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default
sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
papaya
  • 1
  • 1
  • Can you show the result of `ip route` and `ip rule` on the server please? – setenforce 1 Feb 05 '23 at 23:59
  • root@ettore-home:/etc/openvpn/server# ip route default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600 10.5.0.0/24 via 10.5.0.2 dev tun0 10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1 10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600 169.254.0.0/16 dev wlp3s0 scope link metric 1000 root@ettore-home:/etc/openvpn/server# ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default – papaya Feb 06 '23 at 19:46
  • Apache might not be listening on 10.5.0.1, can you please add the result of `ss -latpn | grep 80` as an edit to you question? – setenforce 1 Feb 08 '23 at 09:54
  • Added, I hope in the right place – papaya Feb 08 '23 at 18:40
  • Any idea? I always have the same problem. – papaya Feb 27 '23 at 06:28

0 Answers0