0

Just for an experiment I'm configuring my pi to run as a webserver (nginx, php). I've got this working and I forwarded port 80 to my pi. This also worked.

Although as soon as I enable OpenVPN it blocks the traffic, for private browsing etc.

Would it be possible at all to get this setup working, and how would I go about it?

I prefer to be send in the right direction instead of just a direct answer (e.g. look into ..., http://url would be a good place to start, tip: follow this and this method) :D This way i'll learn more from it.

Thanks all!

Gijs Beijer
  • 111
  • 2
  • You might want to explain the details of how you enabled openVPN, because the default behaviour is not to block traffic -- unless that's *why* you are using it (for online anonymity, as opposed to security and communication). – goldilocks Jul 25 '20 at 14:06
  • Hi, sorry about that, I'm using openvpn with a NordVPN downloaded config. – Gijs Beijer Jul 25 '20 at 14:11
  • As of the why, I want to use it for anonimity but it looks like it's also blocking traffic as only enabling and disabling the openvpn service creates the behavior I mentioned – Gijs Beijer Jul 25 '20 at 14:12
  • Sounds like you're connecting to it from the internet using port forwarding. Remember that OpenVPN routes traffic through a totally different port than a webserver does. So you'll have to change the port forwarding on your router. – HiredMind Jul 26 '20 at 04:59
  • Indeed, that's what I'm doing! You rock! Can I check which ports open vpn uses for http and https traffic? And would this affect my anonimity in any way? – Gijs Beijer Jul 26 '20 at 06:30
  • Ok so I tried some things: checked for open ports with netstat and I saw port 80 listed under the listening ports. Also I am able to connect to my pi's port 80 on the internal network. however when I port forward my public port 80 to the port 80 on my pi it is not available externally until I stop the OpenVpn server. Is this still expected behaviour? – Gijs Beijer Jul 26 '20 at 19:23
  • Hmm. I'd look for a routing issue. It's possible OpenVPN sets up a route on your Pi that is clobbering your default route (which would normally send everything not bound for a internal machine to your router and out to the internet). – HiredMind Jul 28 '20 at 13:49
  • Hi Thanks, for your reply and taking the time to help me. Guess this all still a bit out of my league. I probably need a lot more knowledge about networking / routing / etc. before diving in at this level. I'll read up more and hopefully someday i'll be at this level :p. Again, thank you! – Gijs Beijer Jul 28 '20 at 18:38

1 Answers1

2

You do not tell much about your configuration but you say you are more interested to be pointed in the right direction. To look how OpenVPN works you can use a
Simple openVPN with static keys.
It keeps things simple because it doesn't use an asymetric key infrastructure.

Here you can find some other examples:
How To Create A Private Subnet Behind Raspberry Pi?
Raspberry Pi as OpenVPN Access Point

If you want to have a bridged VPN using tap interfaces you can look at
How to bridge an access point with a remote network by openvpn?
but that isn't a simple setup in particular with troubleshooting because it doesn't work with ip addresses but mac addresses.

You may also consider to use Wireguard instead of OpenVPN:
How to bridge an access point with a remote network by Wireguard? (with the use of systemd-networkd).

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • Hi Thanks, for your reply and taking the time to help me. Guess this all still a bit out of my league. I probably need a lot more knowledge about networking / routing / etc. before diving in at this level. I'll read up more and hopefully someday i'll be at this level :p. Again, thank you! – Gijs Beijer Jul 28 '20 at 18:38
  • Hi again, sorry to bother you here but just wonder if you'd be up for a little Q&A over some chat sometimes. 've Been reading a lot about networking and routing and i think i have a pretty good basic understanding but struggling with some concepts and would like to pick someones mind. (also about the issue above) – Gijs Beijer Aug 19 '20 at 19:18
  • @GijsBeijer No problem, just invite me to a chat, or we can also meet us at the [bakery](https://chat.stackexchange.com/rooms/3748/the-bakery). – Ingo Aug 20 '20 at 08:29
  • Hi I was just at the bakery and was just in time to see you leave :p, when would suit you? what's your timezone? :p – Gijs Beijer Aug 20 '20 at 08:41
  • @GijsBeijer My timezone is west Europe (Berlin), UTC+1. But is shouldn't matter. I prefer to chat asynchronous because I'm also busy with other projects and take small gaps to chat. – Ingo Aug 20 '20 at 08:53