Webserver over VPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
andrewfer000
Posts: 15
Joined: Wed May 27, 2020 4:07 am

Webserver over VPN

Post by andrewfer000 » Wed May 27, 2020 4:14 am

I run a webserver on my laptop that I use for developing and I have a VPS running SoftEther. What I have set up is my laptop connects to the VPS running SoftEther and allows my laptop to have its own dedicated IP. essentially a port-forwarding setup. Everything works great except for one issue. That is when users connect to my website it shows the IP as being 192.168.30.1. The problem is that I cannot IP-Ban, tell who is who, or blacklist potential hackers from my website and other port forwarded services unless I can somehow get the user's incoming IP to send to Apache. Has anyone tried this and does anyone know what to do?

-Thank you!

cedar
Site Admin
Posts: 1467
Joined: Sat Mar 09, 2013 5:37 am

Re: Webserver over VPN

Post by cedar » Wed May 27, 2020 8:04 pm

Please configure IP Masquerade on VPS and use NAPT's port forwarding function.

andrewfer000
Posts: 15
Joined: Wed May 27, 2020 4:07 am

Re: Webserver over VPN

Post by andrewfer000 » Fri Jun 12, 2020 6:13 am

Yea I got it working same day. sorry I never posted an update

pradnyesh
Posts: 6
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Wed Jun 17, 2020 9:18 am

andrewfer000 wrote:
Wed May 27, 2020 4:14 am
I run a webserver on my laptop that I use for developing and I have a VPS running SoftEther. What I have set up is my laptop connects to the VPS running SoftEther and allows my laptop to have its own dedicated IP. essentially a port-forwarding setup. Everything works great except for one issue. That is when users connect to my website it shows the IP as being 192.168.30.1. The problem is that I cannot IP-Ban, tell who is who, or blacklist potential hackers from my website and other port forwarded services unless I can somehow get the user's incoming IP to send to Apache. Has anyone tried this and does anyone know what to do?

-Thank you!
Hi dude, i need same configuration on my homelab. can u just explain me how to achieve this.
i am hosting SE on vps having public ip & i a connected to SE on my desktop act as web server through VPN. but i cant connect to my webserver running on my desktop via Server public ip.

can u please help me in this.

andrewfer000
Posts: 15
Joined: Wed May 27, 2020 4:07 am

Re: Webserver over VPN

Post by andrewfer000 » Thu Jun 18, 2020 11:31 am

Sure. What I did was set up a TAP adapter on the server so the VPN server can ping the VPN cleint. After that I used software like HAProxy and iptables port-fowarding to make the web-server available to the public


Setup the VPN server (after creating the TAP adapter in the server control panel)
sysctl -w net.ipv4.ip_forward=1
service vpnserver start #if not started allready
dhclient tap_tap #get an IP for this TAP adapter

For a web server tho I suggest HAProxy so you can use HTTP headers to get client IP address. This part is a little complicated and if you are using multiple subdomains you might need a Wildcard SSL to use in HAProxy (which you can usually get for free from Let's Encrypt)

If you are running a Minecraft Server you can use HAProxy and a SpigotProxy plugin to get player's real IPs and it works well for a testing env.

Heres what I use on the VPN server for generic port forwarding. x.x.x.x represents the server's public IPv4 and 192.168.30.13 is my VPN Client's IP (this will prob. work for IPv6)

iptables -t nat -I PREROUTING 1 -d x.x.x.x -p tcp --dport 8081 -j DNAT --to-dest 192.168.30.13:8081
iptables -t nat -I POSTROUTING 1 -d 192.168.30.13 -p tcp --dport 8081 -j SNAT --to-source 192.168.30.1
iptables -I FORWARD 1 -d 192.168.30.13 -p tcp --dport 8081 -j ACCEPT


If you do get a Wildcard SSL thru Let's Encrypt. Use this command to combine the certs than use this command block to turn it into a single pem file to use with HAProxy

sudo cat /etc/letsencrypt/live/mydomain.tld/fullchain.pem \
/etc/letsencrypt/live/mydomain.tld/privkey.pem \
| sudo tee mydomain.tld.pem

pradnyesh
Posts: 6
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Thu Jun 18, 2020 9:09 pm

very much thanks bro. i will give it a shot to make my sever alive.

pradnyesh
Posts: 6
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Sat Dec 05, 2020 10:47 am

Hey Dude,

i was using this trick for past 1 Year, but recently i rebooted my VPS instance and suddenly its stopped working.
i cant browse my home web server using VPS public ip.
i checked iptable rules which looks fine and did some other troubleshooting but cant get it.

do you have any idea what could be the reason?

sky59
Posts: 395
Joined: Tue Sep 11, 2018 5:58 pm

Re: Webserver over VPN

Post by sky59 » Sat Dec 05, 2020 11:43 am

Everytime you change ip route tables clear cash.
Otherwise you do not see the real result at the time of change.
But you do see it after a time (when you reboot the system and cash is
already time outed)

So, do not stick to your original setting which "used to work"

It might have worked because of ip routr cash

pradnyesh
Posts: 6
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Sun Dec 06, 2020 3:29 am

Yup !got it.

now i am trying with another instance with peristance ip table and static vps ip address to avoid such problems.

will update once i got the result.

pradnyesh
Posts: 6
Joined: Wed Jun 17, 2020 9:11 am

Re: Webserver over VPN

Post by pradnyesh » Sun Dec 06, 2020 12:13 pm

it working now!!!!!!!

i used iptables-persistence to store rules. and after multiple reboots its working now.

Thanks dude.

sky59
Posts: 395
Joined: Tue Sep 11, 2018 5:58 pm

Re: Webserver over VPN

Post by sky59 » Sun Dec 06, 2020 1:06 pm

If it belongs to me then I am happy to help!

blade0912
Posts: 1
Joined: Mon Dec 07, 2020 8:53 pm

Re: Webserver over VPN

Post by blade0912 » Mon Dec 07, 2020 9:40 pm

Hello guys, I found his conversartion and I wish to ask you for some help (sorry my bad english in advance) ....
I have a situation .....
I want to play Minecraft with some friends, so I try to use Softether to create a lan to lan conection ....... but I am not sure what to do exactly....

Can you help me please !!

Thanks in advance

sky59
Posts: 395
Joined: Tue Sep 11, 2018 5:58 pm

Re: Webserver over VPN

Post by sky59 » Tue Dec 08, 2020 10:49 am

From your question - it is not easy, but I try.

You or friends do not have public IP. So you need to use Azurre provided by Softether Tsukubs.

On one computer you need to instal server. On the rest clients. All will be "connected" over Azurre
cloud service.

Note, using Azurre you have max 2Mbit speed. About.
You need to have networking knowledge to set up network.

For SE details you need to read documentaition.

Good luck!

Post Reply