Community discussions

MikroTik App
 
iu2frl
just joined
Topic Author
Posts: 3
Joined: Wed Aug 03, 2022 9:38 pm

Expose a web service via a VPN connection

Wed Aug 03, 2022 10:12 pm

Hi Everybody,
I have a web service running on a host machine which is connected to a network which does not have a public IP address to be reached, i thought to connect it as a VPN client to an OpenVPN server running on my RB and expose the port from there but it didn't work. Let me explain:
  • Network setup (see attached schematic)
RB951g is acting as a OpenVPN server, RB4011 and hAP are connected as clients.
hAP has a NAT rule set as this:
add action=dst-nat chain=dstnat dst-port=80 in-interface=all-ppp protocol=tcp src-address=192.168.100.0/24 to-addresses=192.168.150.2
and both RB4011 and RB951G have:
add action=dst-nat chain=dstnat dst-port=80 protocol=tcp to-addresses=192.168.100.11 to-ports=80
  • Current situation
If i connect a laptop to both RB951g and RB4011 pointing the browser to their local addresses (192.168.200.1:80 for RB4011 and 192.168.250.1:80 for the RB951) everything works fine and i see the Web Server, however if i connect from outside my local(s) network i can't get the page to be shown.

How can i solve this?
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Expose a web service via a VPN connection

Thu Aug 04, 2022 1:00 pm

I have no clue what your words mean but from the diagram it seems pretty basic.
You have an RB4011 as your main router attached to the ISP modem.
You have some MT devices attached to this.
You have multiple subnets.

Solution.
Create vlans on RB4011 (no lans, all vlans).
Ensure firewall rules allow port forwarding for the server
Done for internal and external users wanting to access the server.

If you dont want external access via the www, but only want to allow access to the server via VPN, great idea,
why not use wireguard to the router (built-in) and bypass the openvpn server?
Accessing the server will be so easy that way.
 
iu2frl
just joined
Topic Author
Posts: 3
Joined: Wed Aug 03, 2022 9:38 pm

Re: Expose a web service via a VPN connection

Thu Aug 04, 2022 2:19 pm

Thanks for the answer, i just realized I forgot a big step here: the three mikrotik devices are part of three different internet lines placed in three different locations. The hAP does not have a public IP address and I need to forward the webserver wither via the RB4011 or the RB951 which both have public IP

Who is online

Users browsing this forum: Bing [Bot], dido1236, fibracapi, Josephny, patrikg, soulflyhigh and 89 guests