Webserver over VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
andrewfer000
Posts: 8
Joined: Wed May 27, 2020 4:07 am

Webserver over VPN

Post by andrewfer000 » Wed May 27, 2020 4:14 am

I run a webserver on my laptop that I use for developing and I have a VPS running SoftEther. What I have set up is my laptop connects to the VPS running SoftEther and allows my laptop to have its own dedicated IP. essentially a port-forwarding setup. Everything works great except for one issue. That is when users connect to my website it shows the IP as being 192.168.30.1. The problem is that I cannot IP-Ban, tell who is who, or blacklist potential hackers from my website and other port forwarded services unless I can somehow get the user's incoming IP to send to Apache. Has anyone tried this and does anyone know what to do?

-Thank you!

cedar
Site Admin
Posts: 1397
Joined: Sat Mar 09, 2013 5:37 am

Re: Webserver over VPN

Post by cedar » Wed May 27, 2020 8:04 pm

Please configure IP Masquerade on VPS and use NAPT's port forwarding function.

andrewfer000
Posts: 8
Joined: Wed May 27, 2020 4:07 am

Re: Webserver over VPN

Post by andrewfer000 » Fri Jun 12, 2020 6:13 am

Yea I got it working same day. sorry I never posted an update

pradnyesh
Posts: 3
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Wed Jun 17, 2020 9:18 am

andrewfer000 wrote:
Wed May 27, 2020 4:14 am
I run a webserver on my laptop that I use for developing and I have a VPS running SoftEther. What I have set up is my laptop connects to the VPS running SoftEther and allows my laptop to have its own dedicated IP. essentially a port-forwarding setup. Everything works great except for one issue. That is when users connect to my website it shows the IP as being 192.168.30.1. The problem is that I cannot IP-Ban, tell who is who, or blacklist potential hackers from my website and other port forwarded services unless I can somehow get the user's incoming IP to send to Apache. Has anyone tried this and does anyone know what to do?

-Thank you!
Hi dude, i need same configuration on my homelab. can u just explain me how to achieve this.
i am hosting SE on vps having public ip & i a connected to SE on my desktop act as web server through VPN. but i cant connect to my webserver running on my desktop via Server public ip.

can u please help me in this.

andrewfer000
Posts: 8
Joined: Wed May 27, 2020 4:07 am

Re: Webserver over VPN

Post by andrewfer000 » Thu Jun 18, 2020 11:31 am

Sure. What I did was set up a TAP adapter on the server so the VPN server can ping the VPN cleint. After that I used software like HAProxy and iptables port-fowarding to make the web-server available to the public


Setup the VPN server (after creating the TAP adapter in the server control panel)
sysctl -w net.ipv4.ip_forward=1
service vpnserver start #if not started allready
dhclient tap_tap #get an IP for this TAP adapter

For a web server tho I suggest HAProxy so you can use HTTP headers to get client IP address. This part is a little complicated and if you are using multiple subdomains you might need a Wildcard SSL to use in HAProxy (which you can usually get for free from Let's Encrypt)

If you are running a Minecraft Server you can use HAProxy and a SpigotProxy plugin to get player's real IPs and it works well for a testing env.

Heres what I use on the VPN server for generic port forwarding. x.x.x.x represents the server's public IPv4 and 192.168.30.13 is my VPN Client's IP (this will prob. work for IPv6)

iptables -t nat -I PREROUTING 1 -d x.x.x.x -p tcp --dport 8081 -j DNAT --to-dest 192.168.30.13:8081
iptables -t nat -I POSTROUTING 1 -d 192.168.30.13 -p tcp --dport 8081 -j SNAT --to-source 192.168.30.1
iptables -I FORWARD 1 -d 192.168.30.13 -p tcp --dport 8081 -j ACCEPT


If you do get a Wildcard SSL thru Let's Encrypt. Use this command to combine the certs than use this command block to turn it into a single pem file to use with HAProxy

sudo cat /etc/letsencrypt/live/mydomain.tld/fullchain.pem \
/etc/letsencrypt/live/mydomain.tld/privkey.pem \
| sudo tee mydomain.tld.pem

pradnyesh
Posts: 3
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Thu Jun 18, 2020 9:09 pm

very much thanks bro. i will give it a shot to make my sever alive.

Post Reply