Ryfujk

PTIJ: Why does only a Shor Tam ask at the Seder, and not a Shor Mu'ad?

What do *foreign films* mean for an American?

Are there historical instances of the capital of a colonising country being temporarily or permanently shifted to one of its colonies?

For which categories of spectra is there an explicit description of the fibrant objects via lifting properties?

Which classes are needed to have access to every spell in the PHB?

Doesn't allowing a user mode program to access kernel space memory and execute the IN and OUT instructions defeat the purpose of having CPU modes?

Professor forcing me to attend a conference, I can't afford even with 50% funding

Shifting between bemols (flats) and diesis (sharps)in the key signature

In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice?

Recommendation letter by significant other if you worked with them professionally?

Having the player face themselves after the mid-game

Would an aboleth's Phantasmal Force lair action be affected by Counterspell, Dispel Magic, and/or Slow?

What is Tony Stark injecting into himself in Iron Man 3?

Confusion about Complex Continued Fraction

Does an unused member variable take up memory?

Trig Subsitution When There's No Square Root

Doubts in understanding some concepts of potential energy

What is this diamond of every day?

Does a difference of tense count as a difference of meaning in a minimal pair?

How to write a chaotic neutral protagonist and prevent my readers from thinking they are evil?

Plausibility of Mushroom Buildings

Called into a meeting and told we are being made redundant (laid off) and "not to share outside". Can I tell my partner?

What's the 'present simple' form of the word "нашла́" in 3rd person singular female?

Haman going to the second feast dirty

OpenVPN forwards client's public IP

Problems setting up a VPN: can connect but can't ping anyoneOpenVPN connection from within 2nd subnet in office?openvpn multiple instances route issue?OpenVPN: forward client's LAN to the VPNTomato to OpenVPN Server on Ubuntu ServerConfiguring OpenVPN server (Debian 8) and client (Windows 10)tls error : tls handshake failedOpenVPN and multicast routingOpenVPN Client Local LAN AccessHow to configure iptables for a dial-up VPN with OpenVPN and two interfaces?

1

My setup is like this:

192.168.1.0/24 - server lan
192.168.3.0/24 - vpn subnet

192.168.1.11 - vpn server
192.168.1.12 - apache server

openvpn server config

local 192.168.1.11

port port_number

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/vpnserver.crt

key /etc/openvpn/keys/vpnserver.key

dh /etc/openvpn/keys/dh.pem

tls-auth /etc/openvpn/keys/ta.key 0

server 192.168.3.0 255.255.255.0

push "route 192.168.1.0 255.255.255.0"

ifconfig-pool-persist ipp.txt

keepalive 10 120

cipher AES-128-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

tcp-nodelay

status openvpn-status.log

log-append /var/log/openvpn.log

verb 3

mute 20

client-to-client

username-as-common-name

client-cert-not-required

key-method 2

tls-server

max-clients 15

plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/auth-ldap.conf"

openvpn client config

client

remote [public_ip_of_192.168.1.11] port_number

nobind

resolv-retry infinite

proto tcp

dev tun

ca filename.crt

tls-auth filename.key 1

auth-user-pass

cipher AES-128-CBC

ns-cert-type server

persist-key

persist-tun

fast-io

pull

comp-lzo

route-method exe

route-delay 2

I connect to the vpn from a remote location perfectly; subnet 192.168.1.0/24 is reachable.

But, when I access apache server on 192.168.1.12, the apache log says that the request is coming from my public IP (the client's public IP).

Is it possible that apache sees the vpn IPs (192.168.3) and not each client's public one ?

Any help is appreciated !

Thanks

routing openvpn

share|improve this question

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

bumped to the homepage by Community♦ 4 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  By 'public IP of 192.168.1.11' are you saying the machine is multi-homed, or are you connecting through a firewall with a port forward?
  
  – JustinP
  Jan 17 '12 at 11:30
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Windows or Linux? If Windows, the OpenVPN client needs admin privs to be able to set the routes over the VPN interface.
  
  – cjc
  Jan 17 '12 at 11:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @cjc I already said "subnet 192.168.1.0/24 is reachable."
  
  – Stefanos Kalantzis
  Jan 17 '12 at 12:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @JustinP VPN is behind firewall and is being port forwarded.
  
  – Stefanos Kalantzis
  Jan 17 '12 at 12:28
  

  
  
  
  

add a comment | 

1

My setup is like this:

192.168.1.0/24 - server lan
192.168.3.0/24 - vpn subnet

192.168.1.11 - vpn server
192.168.1.12 - apache server

openvpn server config

local 192.168.1.11

port port_number

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/vpnserver.crt

key /etc/openvpn/keys/vpnserver.key

dh /etc/openvpn/keys/dh.pem

tls-auth /etc/openvpn/keys/ta.key 0

server 192.168.3.0 255.255.255.0

push "route 192.168.1.0 255.255.255.0"

ifconfig-pool-persist ipp.txt

keepalive 10 120

cipher AES-128-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

tcp-nodelay

status openvpn-status.log

log-append /var/log/openvpn.log

verb 3

mute 20

client-to-client

username-as-common-name

client-cert-not-required

key-method 2

tls-server

max-clients 15

plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/auth-ldap.conf"

openvpn client config

client

remote [public_ip_of_192.168.1.11] port_number

nobind

resolv-retry infinite

proto tcp

dev tun

ca filename.crt

tls-auth filename.key 1

auth-user-pass

cipher AES-128-CBC

ns-cert-type server

persist-key

persist-tun

fast-io

pull

comp-lzo

route-method exe

route-delay 2

I connect to the vpn from a remote location perfectly; subnet 192.168.1.0/24 is reachable.

But, when I access apache server on 192.168.1.12, the apache log says that the request is coming from my public IP (the client's public IP).

Is it possible that apache sees the vpn IPs (192.168.3) and not each client's public one ?

Any help is appreciated !

Thanks

routing openvpn

share|improve this question

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

bumped to the homepage by Community♦ 4 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  By 'public IP of 192.168.1.11' are you saying the machine is multi-homed, or are you connecting through a firewall with a port forward?
  
  – JustinP
  Jan 17 '12 at 11:30
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Windows or Linux? If Windows, the OpenVPN client needs admin privs to be able to set the routes over the VPN interface.
  
  – cjc
  Jan 17 '12 at 11:59
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @cjc I already said "subnet 192.168.1.0/24 is reachable."
  
  – Stefanos Kalantzis
  Jan 17 '12 at 12:27
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @JustinP VPN is behind firewall and is being port forwarded.
  
  – Stefanos Kalantzis
  Jan 17 '12 at 12:28
  

  
  
  
  

add a comment | 

My setup is like this:

192.168.1.0/24 - server lan
192.168.3.0/24 - vpn subnet

192.168.1.11 - vpn server
192.168.1.12 - apache server

openvpn server config

local 192.168.1.11

port port_number

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/vpnserver.crt

key /etc/openvpn/keys/vpnserver.key

dh /etc/openvpn/keys/dh.pem

tls-auth /etc/openvpn/keys/ta.key 0

server 192.168.3.0 255.255.255.0

push "route 192.168.1.0 255.255.255.0"

ifconfig-pool-persist ipp.txt

keepalive 10 120

cipher AES-128-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

tcp-nodelay

status openvpn-status.log

log-append /var/log/openvpn.log

verb 3

mute 20

client-to-client

username-as-common-name

client-cert-not-required

key-method 2

tls-server

max-clients 15

plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/auth-ldap.conf"

openvpn client config

client

remote [public_ip_of_192.168.1.11] port_number

nobind

resolv-retry infinite

proto tcp

dev tun

ca filename.crt

tls-auth filename.key 1

auth-user-pass

cipher AES-128-CBC

ns-cert-type server

persist-key

persist-tun

fast-io

pull

comp-lzo

route-method exe

route-delay 2

I connect to the vpn from a remote location perfectly; subnet 192.168.1.0/24 is reachable.

But, when I access apache server on 192.168.1.12, the apache log says that the request is coming from my public IP (the client's public IP).

Is it possible that apache sees the vpn IPs (192.168.3) and not each client's public one ?

Any help is appreciated !

Thanks

routing openvpn

share|improve this question

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

local 192.168.1.11

port port_number

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/vpnserver.crt

key /etc/openvpn/keys/vpnserver.key

dh /etc/openvpn/keys/dh.pem

tls-auth /etc/openvpn/keys/ta.key 0

server 192.168.3.0 255.255.255.0

push "route 192.168.1.0 255.255.255.0"

ifconfig-pool-persist ipp.txt

keepalive 10 120

cipher AES-128-CBC

comp-lzo

user nobody

group nogroup

persist-key

persist-tun

tcp-nodelay

status openvpn-status.log

log-append /var/log/openvpn.log

verb 3

mute 20

client-to-client

username-as-common-name

client-cert-not-required

key-method 2

tls-server

max-clients 15

plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/auth-ldap.conf"

client

remote [public_ip_of_192.168.1.11] port_number

nobind

resolv-retry infinite

proto tcp

dev tun

ca filename.crt

tls-auth filename.key 1

auth-user-pass

cipher AES-128-CBC

ns-cert-type server

persist-key

persist-tun

fast-io

pull

comp-lzo

route-method exe

route-delay 2

share|improve this question

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

share|improve this question

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

asked Jan 17 '12 at 9:25

Stefanos KalantzisStefanos Kalantzis

12327

1 Answer
1

active

oldest

votes

0

OK, then in my limited experience this should be working and I cannot see how you would have the external IP address appearing in the web server logs. It might be worth making absolutely sure that your TEST is working correctly. Is there any possibility that your webserver is also available via port forward through the firewall, and that you're accidentally accessing it directly - make sure you've explicitly put 192.168.1.12 IP into the browser URL for instance.

Assuming that looks OK I have found using tcpdump on the openvpn server to be a good way to watch the packets go in and out, this would confirm whether packets are leaving the openvpn server bound for the apache server with the incorrect IP address rather than somehow going there direct from the firewall.

share|improve this answer

answered Jan 17 '12 at 15:10

JustinPJustinP

63158

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f350561%2fopenvpn-forwards-clients-public-ip%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

OK, then in my limited experience this should be working and I cannot see how you would have the external IP address appearing in the web server logs. It might be worth making absolutely sure that your TEST is working correctly. Is there any possibility that your webserver is also available via port forward through the firewall, and that you're accidentally accessing it directly - make sure you've explicitly put 192.168.1.12 IP into the browser URL for instance.

Assuming that looks OK I have found using tcpdump on the openvpn server to be a good way to watch the packets go in and out, this would confirm whether packets are leaving the openvpn server bound for the apache server with the incorrect IP address rather than somehow going there direct from the firewall.

share|improve this answer

answered Jan 17 '12 at 15:10

JustinPJustinP

63158

add a comment | 

0

OK, then in my limited experience this should be working and I cannot see how you would have the external IP address appearing in the web server logs. It might be worth making absolutely sure that your TEST is working correctly. Is there any possibility that your webserver is also available via port forward through the firewall, and that you're accidentally accessing it directly - make sure you've explicitly put 192.168.1.12 IP into the browser URL for instance.

Assuming that looks OK I have found using tcpdump on the openvpn server to be a good way to watch the packets go in and out, this would confirm whether packets are leaving the openvpn server bound for the apache server with the incorrect IP address rather than somehow going there direct from the firewall.

share|improve this answer

answered Jan 17 '12 at 15:10

JustinPJustinP

63158

add a comment | 

OK, then in my limited experience this should be working and I cannot see how you would have the external IP address appearing in the web server logs. It might be worth making absolutely sure that your TEST is working correctly. Is there any possibility that your webserver is also available via port forward through the firewall, and that you're accidentally accessing it directly - make sure you've explicitly put 192.168.1.12 IP into the browser URL for instance.

Assuming that looks OK I have found using tcpdump on the openvpn server to be a good way to watch the packets go in and out, this would confirm whether packets are leaving the openvpn server bound for the apache server with the incorrect IP address rather than somehow going there direct from the firewall.

share|improve this answer

answered Jan 17 '12 at 15:10

JustinPJustinP

63158

share|improve this answer

answered Jan 17 '12 at 15:10

JustinPJustinP

63158

answered Jan 17 '12 at 15:10

JustinPJustinP

63158

answered Jan 17 '12 at 15:10

JustinPJustinP

63158