access to web interface using openVPN - ssh working

[JGodfrey82]

Setting up a router to be a plug and play gateway behind a nat connection (one I wouldn't have control of moving to bridge mode), have it setup to use OpenVPN to connect to a pfsense box I have setup in the cloud. Connection works perfectly, can ping and see other clients connected to the pfsense box, can connect to SSH from another OpenVPN client, however no matter what port I set the webserver wan access to run on, it timesout. The app will pick up a security link connection, but no matter what local access I have no https/http connection on the openvpn IP. How can I force the httpd to listen/accept connections on the OpenVPN ip address?
local - 192.168.48.x
OpenVPN - 192.168.49.1 (server
OpenVPN client 1 - 192.168.49.2 (merlin wrt ac68U latest version)

I connect to openVPN from a client 192.168.49.3, can ping .2, can ssh into .2, but no https/http access.

 

[lgkahn]

same issue running openvpn client back from a box behind cgnat.. i can ping and ssh into the connected openvpn ip.. but cannot get web access.. did you ever solve this?

 

[lgkahn]

getting closer.. i am able to bind a web instance to the tun15 interface that the outgoing openvpn client creates but still not working correctly .. se below thanks

 

[lgkahn]

ok getting farther you can run the command after changing to the /www directory
ie
httpd -i tun13 -p 8080

and the web server works great over the ssh client ip (ie http://10.9.0.2:8080) from the openvpn servers remote network...
however when exiting the ssh shell that you started the command under it terminates..
at least progress.

from my reading apache or whatever lighthttp deamen in running here is set to terminate when the shell exits if not running from root.

so now trying to get the web command to startup from the system or a cron job so it runs under root.. i dont think i can do it from system startup as the openvpn tunnel/tun13 is not up yet at that point.

 

[lgkahn]

got it working for those who care..

GT-AC5300-A680:/tmp/home/root# cru l
0 * * * * sh /mnt/sda1/bin/killoldjobs.sh
10 */2 * * * sh /mnt/sda1/bin/killoldsshweb.sh
15 * * * * sh /mnt/sda1/bin/startuptelnet.sh
*/12 * * * * sh /mnt/sda1/bin/startupsshweb.sh
*/10 * * * * sh /mnt/sda1/bin/keeptunnelup.sh
0 */3 * * * sh /mnt/sda1/bin/runst.sh
5 */3 * * * sh /mnt/sda1/bin/mailresult.sh
@GT-AC5300-A680:/tmp/home/root#


@GT-AC5300-A680:/tmp/home/root# cat /mnt/sda1/bin/startupsshweb.sh
#!/bin/sh
cd /www
httpd -i tun13 -p 8080

 

[AurelM]

Setting up a router to be a plug and play gateway behind a nat connection (one I wouldn't have control of moving to bridge mode), have it setup to use OpenVPN to connect to a pfsense box I have setup in the cloud. Connection works perfectly, can ping and see other clients connected to the pfsense box, can connect to SSH from another OpenVPN client, however no matter what port I set the webserver wan access to run on, it timesout. The app will pick up a security link connection, but no matter what local access I have no https/http connection on the openvpn IP. How can I force the httpd to listen/accept connections on the OpenVPN ip address?
local - 192.168.48.x
OpenVPN - 192.168.49.1 (server
OpenVPN client 1 - 192.168.49.2 (merlin wrt ac68U latest version)

I connect to openVPN from a client 192.168.49.3, can ping .2, can ssh into .2, but no https/http access.

You should use the router's LAN IPv4 address, the one set up in WebUI in LAN page -> LAN IP tab -> IP address field, just as you would do if your pc was connected directly to the it.
Of course, you need to make sure that the LANs for each vpn client and the vpn server are on different subnets.

Check the httpd listening IPs and port with netstat -lpn | grep httpd command.

 

[lgkahn]

Cant do.it that way when on.cgnat it.is.not a real IP address