I feel like I am overcomplicating this extremely by wanting to do it securely, so a fresh look at this would help a lot.
I have a webcam that I want to publish / embed on a website. My current setup is like this:
[Local Cam] <===> [Rpi with OpenVPN + RTSP server] <==== VPN CONNECTION ====> [VPS]
What I want to achieve is that I can access the cam published/processed by the Rpi on http://[vpsip]:80 for example. My VPS can contact my Rpi host with the RTSP server via a ping when connected to the VPN, but as soon as it needs to contact one of the services exposed on a port I just get nothing back. E.G:
ping to [RPI-IP] > Works fine!
ping to [RPI-IP]:80 > No dice!
In my internal network everything works fine. I can access all the ports that my RPi is listening on and it shows the webcam. I tought maybe my strict firewall rules were the issue here, but disabling them on both my Rpi and VPS (for testing only!) does not make any difference.
The reasoning behind this (maybe?) complicated setup is that I want to be able to publish the stream, without people being able to find where it is being broadcast from (E.G. my own WAN-IP). I UFW'd my RPi down to the point where if the VPS were to get compromised and they would be inside, they can't get beyond the RPi. The RPi only can contact the camera (and currently some hardcoded local IP's to troubleshoot). The UFW is set that traffic coming from tun0 (the OpenVPN tunnel) can only contact my RPi.
I feel like I am missing something shockingly simple. Something about routing/forwarding? It's been frustating me to no end and I would really like to get this hobby project up and running at this point.
Thanks in advance for any help!
