Join Log in
Score:0
papaya avatar Server

Apache2 http server and Openvpn server on the same machine

jo flag
papaya

Installed Apache2 server on my Linux Mint 20.3 Cinnamon and I could easily reach my http pages from web pointing to the static ip address of my router where I have configured the right http port.

I decided to install on the same machine an openvpn server to reach my http server through vpn. The installation was good and now I can reach the openvpn server from the web with an openvpn client. I can ping the server or ping another ip address (i.e. 8.8.8.8) from the client but I can't reach my http server anymore.

Here my server and client openvpn config

# OpenVPN Port, Protocol, and the Tun
port 1194
proto udp
dev tun

# OpenVPN Server Certificate - CA, server key and certificate
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/home-server.crt
key /etc/openvpn/server/home-server.key

#DH and CRL key
dh /etc/openvpn/server/dh.pem
crl-verify /etc/openvpn/server/crl.pem

# Network Configuration - Internal network
# Redirect all Connection through OpenVPN Server
server 10.5.0.0 255.255.255.0
push "redirect-gateway local def1"

# Using the DNS from https://dns.watch
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

#Enable multiple clients to connect with the same certificate key
duplicate-cn

# TLS Security
cipher AES-256-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
auth SHA512
auth-nocache

# Other Configuration
keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
user nobody
group nogroup

# OpenVPN Log
log-append /var/log/openvpn.log
verb 3

Client:

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3

Further information edited in from comments:

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600
10.5.0.0/24 via 10.5.0.2 dev tun0
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600
169.254.0.0/16 dev wlp3s0 scope link metric 1000

root@ettore-home:/etc/openvpn/server# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

result of ss -latpn | grep 80

root@ettore-home:/etc/openvpn/server# ss -latpn | grep 80
LISTEN      0        128            127.0.0.1:5939               0.0.0.0:*       users:(("teamviewerd",pid=1680,fd=12))                                         
ESTAB       0        0           10.69.178.79:60060      142.250.180.133:443     users:(("firefox-bin",pid=2899,fd=114))                                        
TIME-WAIT   0        0           10.69.178.79:43834        34.107.221.82:80                                                                                     
ESTAB       0        0           10.69.178.79:37346       37.252.253.103:443     users:(("teamviewerd",pid=1680,fd=14))                                         
TIME-WAIT   0        0           10.69.178.79:43848        34.107.221.82:80                                                                                     
LISTEN      0        511                    *:80                       *:*       users:(("apache2",pid=1729,fd=4),("apache2",pid=1728,fd=4),("apache2",pid=1727,fd=4),("apache2",pid=1726,fd=4),("apache2",pid=1725,fd=4),("apache2",pid=1708,fd=4))

root@ettore-home:/etc/openvpn/server# ip route
default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600 
10.5.0.0/24 via 10.5.0.2 dev tun0 
10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1 
10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600 
169.254.0.0/16 dev wlp3s0 scope link metric 1000 

root@ettore-home:/etc/openvpn/server# ip rule
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default
206
0 + 5
setenforce 1 avatar
us flag
setenforce 1
Can you show the result of `ip route` and `ip rule` on the server please?
0
Reply
papaya avatar
jo flag
papaya
root@ettore-home:/etc/openvpn/server# ip route default via 10.69.178.1 dev wlp3s0 proto dhcp metric 600 10.5.0.0/24 via 10.5.0.2 dev tun0 10.5.0.2 dev tun0 proto kernel scope link src 10.5.0.1 10.69.178.0/24 dev wlp3s0 proto kernel scope link src 10.69.178.79 metric 600 169.254.0.0/16 dev wlp3s0 scope link metric 1000 root@ettore-home:/etc/openvpn/server# ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default
0
Reply
setenforce 1 avatar
us flag
setenforce 1
Apache might not be listening on 10.5.0.1, can you please add the result of `ss -latpn | grep 80` as an edit to you question?
0
Reply
papaya avatar
jo flag
papaya
Added, I hope in the right place
0
Reply
papaya avatar
jo flag
papaya
Any idea? I always have the same problem.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.