Webserver over VPN

[andrewfer000]

I run a webserver on my laptop that I use for developing and I have a VPS running SoftEther. What I have set up is my laptop connects to the VPS running SoftEther and allows my laptop to have its own dedicated IP. essentially a port-forwarding setup. Everything works great except for one issue. That is when users connect to my website it shows the IP as being 192.168.30.1. The problem is that I cannot IP-Ban, tell who is who, or blacklist potential hackers from my website and other port forwarded services unless I can somehow get the user's incoming IP to send to Apache. Has anyone tried this and does anyone know what to do?

-Thank you!

[cedar]

Please configure IP Masquerade on VPS and use NAPT's port forwarding function.

[andrewfer000]

Yea I got it working same day. sorry I never posted an update

[pradnyesh]

I run a webserver on my laptop that I use for developing and I have a VPS running SoftEther. What I have set up is my laptop connects to the VPS running SoftEther and allows my laptop to have its own dedicated IP. essentially a port-forwarding setup. Everything works great except for one issue. That is when users connect to my website it shows the IP as being 192.168.30.1. The problem is that I cannot IP-Ban, tell who is who, or blacklist potential hackers from my website and other port forwarded services unless I can somehow get the user's incoming IP to send to Apache. Has anyone tried this and does anyone know what to do?

-Thank you!

Hi dude, i need same configuration on my homelab. can u just explain me how to achieve this.
i am hosting SE on vps having public ip & i a connected to SE on my desktop act as web server through VPN. but i cant connect to my webserver running on my desktop via Server public ip.

can u please help me in this.

[andrewfer000]

Sure. What I did was set up a TAP adapter on the server so the VPN server can ping the VPN cleint. After that I used software like HAProxy and iptables port-fowarding to make the web-server available to the public


Setup the VPN server (after creating the TAP adapter in the server control panel)
sysctl -w net.ipv4.ip_forward=1
service vpnserver start #if not started allready
dhclient tap_tap #get an IP for this TAP adapter

For a web server tho I suggest HAProxy so you can use HTTP headers to get client IP address. This part is a little complicated and if you are using multiple subdomains you might need a Wildcard SSL to use in HAProxy (which you can usually get for free from Let's Encrypt)

If you are running a Minecraft Server you can use HAProxy and a SpigotProxy plugin to get player's real IPs and it works well for a testing env.

Heres what I use on the VPN server for generic port forwarding. x.x.x.x represents the server's public IPv4 and 192.168.30.13 is my VPN Client's IP (this will prob. work for IPv6)

iptables -t nat -I PREROUTING 1 -d x.x.x.x -p tcp --dport 8081 -j DNAT --to-dest 192.168.30.13:8081
iptables -t nat -I POSTROUTING 1 -d 192.168.30.13 -p tcp --dport 8081 -j SNAT --to-source 192.168.30.1
iptables -I FORWARD 1 -d 192.168.30.13 -p tcp --dport 8081 -j ACCEPT


If you do get a Wildcard SSL thru Let's Encrypt. Use this command to combine the certs than use this command block to turn it into a single pem file to use with HAProxy

sudo cat /etc/letsencrypt/live/mydomain.tld/fullchain.pem \
/etc/letsencrypt/live/mydomain.tld/privkey.pem \
| sudo tee mydomain.tld.pem

[pradnyesh]

very much thanks bro. i will give it a shot to make my sever alive.

[pradnyesh]

Hey Dude,

i was using this trick for past 1 Year, but recently i rebooted my VPS instance and suddenly its stopped working.
i cant browse my home web server using VPS public ip.
i checked iptable rules which looks fine and did some other troubleshooting but cant get it.

do you have any idea what could be the reason?

[sky59]

Everytime you change ip route tables clear cash.
Otherwise you do not see the real result at the time of change.
But you do see it after a time (when you reboot the system and cash is
already time outed)

So, do not stick to your original setting which "used to work"

It might have worked because of ip routr cash

[pradnyesh]

Yup !got it.

now i am trying with another instance with peristance ip table and static vps ip address to avoid such problems.

will update once i got the result.

[pradnyesh]

it working now!!!!!!!

i used iptables-persistence to store rules. and after multiple reboots its working now.

Thanks dude.

[sky59]

If it belongs to me then I am happy to help!

[blade0912]

Hello guys, I found his conversartion and I wish to ask you for some help (sorry my bad english in advance) ....
I have a situation .....
I want to play Minecraft with some friends, so I try to use Softether to create a lan to lan conection ....... but I am not sure what to do exactly....

Can you help me please !!

Thanks in advance

[sky59]

From your question - it is not easy, but I try.

You or friends do not have public IP. So you need to use Azurre provided by Softether Tsukubs.

On one computer you need to instal server. On the rest clients. All will be "connected" over Azurre
cloud service.

Note, using Azurre you have max 2Mbit speed. About.
You need to have networking knowledge to set up network.

For SE details you need to read documentaition.

Good luck!