Hello,
I am in the need to create the following setup.
I have Master server which acts as Open VPN server .
I have Slave server establishing VPN tunnel to the master.
I'd like to open web pages located on the slave servers, however accessing slaves via VPN tunnel established to the master.
So with one master and only one slave it would look like that
Internet ===== [WAN_IP] MASTER [OVPN_IP] ==== OVPN Slave1
At this moment my OpenVPN setup is like default one and tunnel is working fine. master and slave can ping each other. From the master I can telnet port 80 on the slave and see the response.
Now, assuming that tunnel is established I would like to telnet WAN_IP 80 and reach slave's web server in that way (telnet 10.1.0.26 80 ).
It doesn't work
How can I achieve that?
I thought it would be simple rdr rule, but it does not work or I don;t understand something.
I was thinking that it might be related to tun0 device so I disabled the openvpn and tried to redir to the other machine in the same network and it did not work either?
I am running FreeBSD 9.2, forwarding and redirect are set properly
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
What is wrong?
Could it be that the problem occurs when I am testing my rules from LAN?
From LAN the setup looks like that:
my workstation: 10.1.0.66 (from that workstation I am trying to open browser with address http://10.1.0.26, which should open the web page server by the slave)
master: 10.1.0.26
slave: 192.168.11.129 ( 10.8.0.6 - address from VPN tunnel)
My pf.conf
Please give me advice.
Best regards
Norbert
I am in the need to create the following setup.
I have Master server which acts as Open VPN server .
I have Slave server establishing VPN tunnel to the master.
I'd like to open web pages located on the slave servers, however accessing slaves via VPN tunnel established to the master.
So with one master and only one slave it would look like that
Internet ===== [WAN_IP] MASTER [OVPN_IP] ==== OVPN Slave1
At this moment my OpenVPN setup is like default one and tunnel is working fine. master and slave can ping each other. From the master I can telnet port 80 on the slave and see the response.
Now, assuming that tunnel is established I would like to telnet WAN_IP 80 and reach slave's web server in that way (telnet 10.1.0.26 80 ).
It doesn't work
How can I achieve that?
I thought it would be simple rdr rule, but it does not work or I don;t understand something.
I was thinking that it might be related to tun0 device so I disabled the openvpn and tried to redir to the other machine in the same network and it did not work either?
I am running FreeBSD 9.2, forwarding and redirect are set properly
net.inet.ip.forwarding: 1
net.inet.ip.redirect: 1
What is wrong?
Could it be that the problem occurs when I am testing my rules from LAN?
From LAN the setup looks like that:
my workstation: 10.1.0.66 (from that workstation I am trying to open browser with address http://10.1.0.26, which should open the web page server by the slave)
master: 10.1.0.26
slave: 192.168.11.129 ( 10.8.0.6 - address from VPN tunnel)
My pf.conf
Code:
ext_if = "re0"
ext_ip = "10.1.0.26"
vpn_if = "tun0"
vpn_ip = "10.8.0.6"
vpn_net = "10.8.0.0/24"
vpn_out = "{ http, https, ssh }"
udp_services = "{ domain, ntp }"
rdr pass on $ext_if proto tcp from any to any port 80 -> $vpn_ip
pass in all
pass out allPlease give me advice.
Best regards
Norbert