OpenVPN on router : how to get source IP? - routing

I have an OpenVPN server and a router with clients connected to this router.
I installed a tun OpenVPN client on the router, so that the server is 10.8.0.1 and the router is 10.8.0.2
Now the clients of the router have 192.168.0.0/24 ips, and all packets coming from them appears to the OpenVPN server as 10.8.0.2
For instance, if 192.168.0.10 wants to contact google, the path is :
192.168.0.10 --> 192.168.0.1 (router) --> 10.8.0.2 --> 10.8.0.1 --> google.com
How can I get the private ip (192.168.0.10) from the OpenVPN server (10.8.0.1) ? Is there an option for it in the OpenVPN client config ?

Related

Only Allowing IPv4 and HTTPS in Firewall

I've got a Ubuntu Machine in the cloud, running a Web Server with Nginx and Node.js.
In the firewall settings (ufw), I've only allowed ipv4 through port 443 (ssl) for inbound connections (And ssh of course).
Is preventing regular HTTP and/or ipv6 connection a problem? And why ?
Thanks !
Is preventing regular HTTP and/or ipv6 connection a problem?
If all URL's pointing to your server are only https:// and all IP addresses setup in DNS for your system are only IPv4 and you don't need to have any other services on this machine accessible from outside (i.e. SSH, mail, ...) then you expect only IPv4 TCP traffic on port 443 and your restriction makes sense. But, if any of these limitations regarding URL, DNS and services are not true then you probably deny valid traffic which will be a problem.

IIS's website and RDP listening on the same port with two NIC configuration

I am working on a project that would allow customer to connect to an instance on port 443 and browse and use RemoteApps (site) hosted on the same server also on port 443 in a workgroup environment. Domain is not an option. The goal is to have only port 80 and 443 open on the same machine and have two services sharing the same port.
This is what I did so far:
1.Configured all the necessary components for RemoteApps
2.Attached two network interfaces to the same instance. The idea behind it that the RemoteApp website will listen on one of interfaces (for example, eth0) port 443 and RDP connection will listen on the other interface (eth1) port 443.
3.In registry, I configured RDP to listen on port 443 instead of 3389 (Listen on both interfaces for now). I was able to connect to the machine using port 443.
4. When I tried to set up RemoteApp website to listen on IP address of the other interface, I get an error that other application is using the service.
5. Next I configured RDP registry to listen to only eth1 interface, rebooted the server and can't log in anymore.
What am I doing wrong ?

Amazon EC2 TCP on port 80?

I am trying to connect to my EC2 instance with TCP in port 80 , but I couldn't.
Do I have to enable it somehow?
Under the Inbound Rules on my Security Group I have http on port 80 and SSH on port 22.
I am connecting from a hardware device. Is there a way to check the TCP connection from the terminal on the mac ?
Is there something else I have to do?
The host that I type to connect is:
http://ec2-xx-xx-xxx-xx.compute-1.amazonaws.com
Check to ensure you have opened the firewall rules for your instance security group on TCP 80, 22 and that your IP address is listed.
Example would be :
0.0.0.0/0 TCP 80
Allow inbound HTTP access to the web servers from anywhere or restrict by opening to your IP address only. Use your public IP which can be obtained from https://www.whatismyip.com/

Port forwarding from IP to localhost?

How can I make all traffic sent to an IP address (192.168.91.164) be forwarded to localhost, or another host within my local network? Note my machine is on a 10.0.1.x network.
I am trying to do this on a Mac OS Yosemite, which uses pf as a firewall and has no ipfw or iptables.
More specifically, I have a process that connects to an ActiveMQ server on 192.168.91.164 port 8161 (I can't change this address or port), but I would like it to connect an ActiveMQ server on my local machine on the same port, or another host on my local network.
You may try to edit your /etc/hosts and then redirect the IP to 127.0.0.1
Edit this file with any text editor and add this line to the end:
127.0.0.1 192.168.91.164

Freeradius and and Client Configuration?

I am using hostapd to create a hotspot in my laptop. I am using freeradius as my backend authentication server.
I configured clients in freeradius as
client 11.0.0.1 {
secret=Somethingelse
ipaddr=11.0.0.1
require_message_authenticator = yes
}
This is my hostapd connection:-
interface=wlan0
driver=nl80211
ssid=Something
hw_mode=g
channel=6
auth_algs=1
wpa=3
ieee8021x=1
auth_server_addr=11.0.0.1
auth_server_port=1812
auth_server_shared_secret=Somethingelse
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
Initial wifi interface configuration
ifconfig wlan0 up 10.0.0.1 netmask 255.255.255.0
I am sharing my eth0 over wlan0 and this works.
My question is thus structured. Since I am using wlan0 as my hotspot interface. Shouldn't 10.0.0.1 be my client? But I have to configure my client as 11.0.0.1 which is my 'eth0's inet address which is explicitly given since my 'eth0' is disconnected as thus
ifconfig eth0 11.0.0.1 up netmask 255.255.255.0
Update: My Freeradius and Client is on the same machine
If they're on the same host hostapd and FreeRADIUS, then the auth_server_addr should be the loopback address 127.0.0.1 and the client should also be the loopback address 127.0.0.1.
Client entries just associate an ip address with a shared secret.

Resources