0

I have setup an algo server on Digital Ocean (running Ubuntu), have sshed into it, and wrote a small http server that accepts requests and returns "hello world".

I have successfully connected my laptop (macos) to the VPN.

However when I call the endpoint (using the ip of the vpn server (on Digital Ocean, localhost, or even it's local network ip (I think)) it doesn't go through.

To find the local ip of the machine that hosts the server, I am using the command: ifconfig eth0 | grep inet | grep -v inet6

This returned 3 ip addresses (inet, netmask, broadcast) and I have tried calling all of them from my laptop thinking one of them might be the private ip of the server. Sending any kind of requests to them doesn't work.

I have also spun up another Digital Ocean droplet without the algo VPN and have placed the same http server script to see if I messed up writing the server. Fortunately, when I called it, I received "hello world".

One last thing I want to mention. When I used curl localhost:8080/ when I was sshed on the machine, I would receive "hello world".

I'm really new to networking in general and from my knowledge, after connecting to the VPN, you would have to call the ip of the private server hosting the vpn to send data to the server. You would NOT use the public ip of the server (the one I used to ssh into it).

If anyone knows how to send data from my client to my server over my vpn that would be amazing!

Curtis Chong
  • 101
  • 3
  • inet would be the local IP. Your VPN, upon instantiation, would have to hand down a route for the private IP if you wanted to access it using that address. Are you not binding your http server to an interface/port? Just bind it to the public IP and hit it externally? Not an expert here... – patterned Dec 21 '18 at 05:20

1 Answers1

0

I know this is old but since I'm new I thought I would get my feet wet with some older unanswered questions. Hope it helps someone and if the answer could be better would not mind some constructive criticism.

That being said...

If you are using a VPN you should be able to set up and know the private ips of the server in question. Use the private IP to connect. For example on EC2, the private IP would be available through AWS Console wherever your server is hosted. It can even be changed. When you have the private ip, if you try to connect but cannot then you most likely are not listining on that ip address. try to serve at 0.0.0.0 which would listen on all interfaces.

in other words 10.0.0.1 != 127.0.0.1 but 0.0.0.0 == 10.0.0.1 || 127.0.0.1 || somewebsite.com || localhost

listen on all interfaces:

simplehttpserver --host 0.0.0.0

listen only on localhost (which might be your case), if so use 0.0.0.0 or use a reverse proxy like nginx and proxy_pass the private ip at desired port to the correct address. 

server {
    listen       80;
    server_name  someurl.com  10.0.0.1;

    location / {
             proxy_pass http://127.0.0.1/
    }
}

simplified...

lets say your using simplehttpserver node module... change this:

simplehttpserver --host 127.0.0.1

to this:

simplehttpserver --host 0.0.0.0

the latter will listen on all interfaces...

You may also have a firewall like ufw or may need to adjust netables.

There are many ways to get the private ip of the server in question. Behind a Network Address Translator, usually they are a few numbers apart. To get this address you can use ifconfig and find the network interface you are using on that network. Or as I stated above go through the VPN host. If you are the host go to your configuration and find and/or setup the private ip/range. If confused just check to make sure your not using the public ip.

private IPv4 addresses = 10.0.0.0 to 10.255.255.255. 172.16.0.0 to 172.31.255.255

ifconfig

ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
        inet 172.31.32.98  netmask 255.255.240.0  broadcast 172.31.47.255
        inet6 fe80::4c2:8eff:fe3c:7b1c  prefixlen 64  scopeid 0x20<link>
        ether 06:c2:8e:3c:7b:1c  txqueuelen 1000  (Ethernet)
        RX packets 1176424  bytes 733671273 (733.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2570640  bytes 1796660017 (1.7 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

172.31.32.98 would be the address in the internal network that the interface ens5 is running on and others on the local network should be able to connect to it. If for example you are running a development application on port 4000, a user on the same network at 172.31.32.64 would be able to connect to that port (if you are listening on it) and check out your development application. The network address translator is creating these addresses and assigning it to each member within the subnet, not very different than what your router does with a public ip on the internet.

I hope this helps. New on serverfault.

Cheers.

Aslan Varoqua
  • 21
  • 4