0

I've been setting up a web server on my router / home network, which I've been able to get up and running, with SSL, DNS, Cloudflare server, etc.

On the Router, I have an OpenVPN network setup to run the webserver on, I've been able to test that it works when forwarding from the VPN or the LAN.

The issue I'm having is that I'm trying to use this setup connecting to another external VPN connection, via Surfshark, for the purposes of masking the connection. This causes a 522 timeout error when trying to connect over the internet. It appears down to the VPN being enabled, as when I switch it off, the system works fine!

I've tried to get this setup with the VPN on the router and running on the webserver and had the same issue.

So what I'm wondering if it's possible to route the traffic - preferably just on ports 80 & 443 - from the external VPN to the internal VPN / local network?

I assume I'd have to use iptables and ip routing. here's the ip route for the PC.

0.0.0.0/1 via 10.8.8.1 dev tun1 #External VPN
default via 192.168.1.1 dev enp5s0 onlink
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.20 #Router VPN
128.0.0.0/1 via 10.8.8.1 dev tun1
192.168.1.0/24 dev enp5s0 proto kernel scope link src 192.168.1.3
192.168.1.0/24 via 10.8.0.1 dev tun0 metric 500

I'm guessing the issue is due to 0.0.0.0/1 via 10.8.8.1, rerouting all traffic through the External VPN's address, which means access to the ip is blocked when connecting through the internet.

To solve this would an exception be needed on the 0.0.0.0/1 via 10.8.8.1 rule to force all the traffic from port 80 or 443 through the internal VPN 10.8.0.0.

Apologies I'm still trying to learn more about all this, I've been following the guidance here.

route traffic on certain port through certain interface? http://aftermanict.blogspot.com/2015/11/bash-iptables-iproute2-and-multiple.html https://serverfault.com/questions/388695/how-to-pass-traffic-for-port-80-not-through-openvpn https://serverfault.com/questions/820477/how-to-route-all-traffic-from-a-specific-port-to-a-specific-network-interface

NotQuiteAKing
  • 1
  • 1

0 Answers0