I'm running a home server with FreeBSD 12.1. I have openvpn enabled strictly on the server; the rest of my home network – including router - is non-vpn.
I don't know if it's even feasible, but I'm hoping to have the server do double duty as a VPN server and non-VPN webserver (via lighttpd). My efforts so far have been unsuccessful.
I set up the webserver for port 8080 (my ISP keeps 80 closed), and set my DD-WRT router to forward incoming port 8080 to server 8080 (192.168.1.250).
Testing by means of https://validator.w3.org, the webserver connects externally via my router's external IP (with ":8080" added) only if I stop openvpn. Local machines, however, can access the webserver through the external router address while openvpn is enabled.
The only way I can access the webserver via an outside machine is through the server's VPN IP (178.73.218.69:8080). However, that address always changes when the server or openvpn restarts, so using it regularly is not practical.
The only new ipfw rules I added for my webserver are 00099 and 00100. The other rules are very basic - essentially "kill-switches" for my torrent and NZB traffic if openvpn stops:
Here's my ifconfig:
And with openvpn enabled, “netstat -4rn” shows this:
Are there adjustments that can be made to have this work? Or am I forced to have a separate machine as webserver?
I don't know if it's even feasible, but I'm hoping to have the server do double duty as a VPN server and non-VPN webserver (via lighttpd). My efforts so far have been unsuccessful.
I set up the webserver for port 8080 (my ISP keeps 80 closed), and set my DD-WRT router to forward incoming port 8080 to server 8080 (192.168.1.250).
Testing by means of https://validator.w3.org, the webserver connects externally via my router's external IP (with ":8080" added) only if I stop openvpn. Local machines, however, can access the webserver through the external router address while openvpn is enabled.
The only way I can access the webserver via an outside machine is through the server's VPN IP (178.73.218.69:8080). However, that address always changes when the server or openvpn restarts, so using it regularly is not practical.
The only new ipfw rules I added for my webserver are 00099 and 00100. The other rules are very basic - essentially "kill-switches" for my torrent and NZB traffic if openvpn stops:
Code:
00001 allow ip from any to any via lo0
00010 allow ip from any to any via tun0
00099 allow tcp from any to me 8080 in via em0
00100 allow tcp from me 8080 to any out via em0
00101 allow ip from me to 192.168.1.0/24 uid transmission
00102 allow ip from 192.168.1.0/24 to me uid transmission
00103 deny ip from any to any uid transmission
00104 allow ip from me to 192.168.1.0/24 uid sabnzbd
00105 allow ip from 192.168.1.0/24 to me uid sabnzbd
00106 deny ip from any to any uid sabnzbd
65535 allow ip from any to any
Code:
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=81049b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,VLAN_HWFILTER>
ether 34:17:eb:d1:30:df
inet 192.168.1.250 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::3617:ebff:fed1:30df%tun0 prefixlen 64 scopeid 0x3
inet 178.73.218.69 --> 178.73.218.65 netmask 0xffffffe0
groups: tun
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 4056
Code:
Destination Gateway Flags Netif Expire
0.0.0.0/1 178.73.218.65 UGS tun0
default 192.168.1.1 UGS em0
127.0.0.1 link#2 UH lo0
128.0.0.0/1 178.73.218.65 UGS tun0
178.73.195.104/32 192.168.1.1 UGS em0
178.73.218.64/27 178.73.218.65 UGS tun0
178.73.218.65 link#3 UH tun0
178.73.218.69 link#3 UHS lo0
192.168.1.0/24 link#1 U em0
192.168.1.250 link#1 UHS lo0