I have a server running both an openvpn server and an http service. The service isn't exposed to the internet and should only be accessible through the vpn. My vpn is running fine and I can access the internet through it. Unfortunately, I cannot access my internal service and I don't quite know why.
I suppose the issue comes from openvpn missing some configuration but I'd love some help to know where to search.
I'm using firewalld as a firewall and here is my config so far:
server (active)
target: DROP
icmp-block-inversion: yes
interfaces: eth0
sources:
services: dhcpv6-client http https
ports: 22/tcp 1194/udp
protocols:
forward: no
masquerade: yes
forward-ports:
source-ports:
icmp-blocks: echo-request
rich rules:
tunnel (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: tun0
sources:
services:
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Here is my openvpn configuration:
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_JgSbRjw5qgxxQzwc.crt
key server_JgSbRjw5qgxxQzwc.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
Turns out, you don't have to do anything. You can request the vpn network by finding which subnets it runs on.
In my case, the vpn subnet is 10.8.0.1 so I can access any http service directly with this IP.
source: Numbering private subnets