iptables with 2nd VPN
|
Posts: 4
Threads: 1
Joined: Nov 2016
Reputation:
0
[Solved]
Nov 29, 2016, 02:03 AM
I followed the great guide for VPN Split Tunneling on my new VPS and got it working well. My next step in setting my VPS up was to setup another VPN to my home network so it could access my HTPC. I was able to get it to connect to the VPN just fine but had issues whenever I actually tried to get to anything on my home network.
I eventually narrowed down the problem to one line in the iptables script.
'iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1'
I can comment that line out and I can access my home network, but obviously I don't want to just get rid of that line.
I came up with 3 different possible options which you can see commented out (with 3 #) in my iptables script that I'll link below.
http://pastebin.com/cSmEfG5t
Each of those 3 options does seem to allow me to ping my HTPC on my home network, but I'm just now learning iptables and have no idea if any one of those is the correct way to do it or if they somehow make the other VPN less secure.
So my question is, are any of those options in my iptables script good to use? Or can someone tell me a better way to do it?
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Nov 29, 2016, 08:19 AM
(This post was last modified: Nov 29, 2016, 08:20 AM by drake.
Edit Reason: Add link to nginx LE guide
)
Hi Neph,
glad to hear Split Tunnel VPN is working fine for you too!
Just to clear things up a little: you have a VPS where you have configured VPN with Split Tunnel. Now you would like to access the content on your VPS from your home network (especially from your HTPC) to stream/download/upload content between your VPS and HTPC, correct? Or are there any particular reasons that you need OpenVPN connection between your VPS and home network?
If this is the case, than you should not use OpenVPN to access your VPS from your home network, but you should use WebDAV over https. It is even faster then OpenVPN, easy to configure and maintain, you can have many different shares with different credentials, etc. And you are using secure https connection, therefore the connection is encrypted between your VPS and home network, you will have your own (even more if you like) credential to log in to WebDAV. You can map the WebDAV drive, and Kodi also supports it built in.
You can create a very secure nginx server with Let's Encrypt certificates (here is the guide) and add WebDAV support to it in no time. If you follow the guide, just make sure you install nginx-extras since the additional WebDAV modules are included in the nginx-extras only.
If you decide to go this way (which I strongly recommend you) then I will help you with the WebDAV location part for nginx.
Posts: 4
Threads: 1
Joined: Nov 2016
Reputation:
0
[Solved]
Nov 29, 2016, 08:52 AM
(Nov 29, 2016, 08:19 AM)drake Wrote: Hi Neph,
glad to hear Split Tunnel VPN is working fine for you too!
Just to clear things up a little: you have a VPS where you have configured VPN with Split Tunnel. Now you would like to access the content on your VPS from your home network (especially from your HTPC) to stream/download/upload content between your VPS and HTPC, correct? Or are there any particular reasons that you need OpenVPN connection between your VPS and home network?
If this is the case, than you should not use OpenVPN to access your VPS from your home network, but you should use WebDAV over https. It is even faster then OpenVPN, easy to configure and maintain, you can have many different shares with different credentials, etc. And you are using secure https connection, therefore the connection is encrypted between your VPS and home network, you will have your own (even more if you like) credential to log in to WebDAV. You can map the WebDAV drive, and Kodi also supports it built in.
You can create a very secure nginx server with Let's Encrypt certificates (here is the guide) and add WebDAV support to it in no time. If you follow the guide, just make sure you install nginx-extras since the additional WebDAV modules are included in the nginx-extras only.
If you decide to go this way (which I strongly recommend you) then I will help you with the WebDAV location part for nginx.
Thanks for your reply.
Yes, that is what I'm trying to do.
I hadn't considered using WebDAV. I guess I didn't know enough about it. I didn't even know it could be mounted like a drive. I did consider SSHFS as my backup plan if I couldn't get VPN working right and it sounds like it's similar in function. But I'll do WebDAV instead since that's what you're recommending.
I already have nginx setup with the Let's Encrypt certificates from following the guides on this site. I would appreciate your help with getting the WebDAV part setup.
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Nov 29, 2016, 09:36 AM
(This post was last modified: Nov 29, 2016, 09:38 AM by drake.)
WebDAV is great, give it a try for sure! It has less overhead then OpenVPN, so it should be even faster. And since you have followed the nginx LE guide, you have a very secure setup, and WebDAV will use it, you will be over https.
Fist of all, install nginx-extras to have full WebDAV support:
Code:
sudo apt-get install nginx-extras
You will need the following location section in nginx
Code:
location /webdav {
# Set the root location for webdav
# root /var/www/html/webdav;
# Adjust the size to your needs
client_max_body_size 1024M;
# Set the required tmp path
client_body_temp_path /var/www/html/webdav/tmp;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
create_full_put_path on;
# Adjust the permissions to your need
dav_access user:rw group:rw all:r;
autoindex on;
# Use a separate auth u/p for webdav if you want
auth_basic "RESTRICTED WEBDAV";
auth_basic_user_file /etc/nginx/.htpasswdwebdav;
}
Create the required root locations on your server. If you followed the ngixn LE guide then you have your default root location set to root /var/www/html
Now if you add a location /webdav then you don't need to set the root again, it will be /var/www/html/webdav, this is why I have this commented out.
Make sure you create the folder webdav and inside it the tmp folder (in this case in /var/www/html/). Give them proper permissions and set user to the user nginx is running (probably www-data).
Create the /etc/nginx/.htpasswdwebdav file for auth, this will be the user:pass you will need to access your webdav location.
Check if nginx config is correct:
If yes, then restart nginx service, and you should be able to access your webdav folder from your browser:
https://your_server_address/webdav
Enter the credentials, and there you are. Good thing is: you can use symlinks with webdav! If you symlink a folder to your webdav folder, you will see it in your browser. You can start streaming from it too!
In Windows you just mount the webdav share as if you were using a local network share mapping. Use the https://your_server_address/webdav address, use different credentials, and there you go.
In Kodi, if I remember correctly, you should select source as https:// and not WebDAV, as our nginx WebDAV sever uses https and not dav.
Check this and let us know how it works!
Posts: 4
Threads: 1
Joined: Nov 2016
Reputation:
0
[Solved]
Nov 29, 2016, 11:43 PM
Got it working. Thank you for your help!
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Nov 30, 2016, 07:56 AM
(Nov 29, 2016, 11:43 PM)Neph Wrote: Got it working. Thank you for your help!
Great, and you are welcome!
You configured WebDAV on VPS? I was using a very similar setup for a while, and it was working really great for me. For larger files transfers (upload/download) I always use SFTP, but for streaming, and giving access to others, etc, I like WebDAV very much. Of course, you can use WebDAV to transfer files as well.
Posts: 4
Threads: 1
Joined: Nov 2016
Reputation:
0
[Solved]
Dec 01, 2016, 02:42 AM
(Nov 30, 2016, 07:56 AM)drake Wrote: Great, and you are welcome!
You configured WebDAV on VPS? I was using a very similar setup for a while, and it was working really great for me. For larger files transfers (upload/download) I always use SFTP, but for streaming, and giving access to others, etc, I like WebDAV very much. Of course, you can use WebDAV to transfer files as well.
Yes, I configured WebDAV on the VPS which was pretty easy.
I just finished doing the same on my HTPC because I need the VPS to access files from it too. That was much more difficult. Mostly because of my stupid ISP that blocks port 80 so I couldn't validate with Let's Encrypt. Also, I had issues because of a slow DNS update.
Got it all working now though. Thanks again
Posts: 244
Threads: 1
Joined: Jul 2016
Reputation:
12
[Solved]
Dec 02, 2016, 01:21 PM
You're welcome, glad that everything is working now.
|
|
Recent Posts
|
About Swap
jonescelinaa Apr 10, 2024, 06:58 AM
|
Tracker Status: Error Connection Time Out
jonesPhedra Apr 04, 2024, 08:17 AM
|
Split Tunnel Docker Containers
jonesPhedra Mar 27, 2024, 03:10 AM
|
Plex server not powerful enough, but only with s...
jonesPhedra Mar 27, 2024, 03:02 AM
|
game Geometry Dash Scratch
jonescelinaa Jan 31, 2024, 04:21 AM
|
Latest unread posts | Unanswered posts |
|