1

I've already looked here and believe this is on the right track, though I still can't get it to work: Port forward to VPN Client?

I have a vps, and on that vps I'm using openVPN. I have a connection with the server, and I've identified both my local client ip, and the server ip.

Though, when I attempt to connect, it's still failing. I'm not really sure what I could be doing wrong at this point. I've tried different configurations with no luck.

My current setup:

  1. sysctl -w net.ipv4.ip_forward=1

  2. iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 32400 -j DNAT --to-dest 172.27.232.2:32400

  3. iptables -t nat -A POSTROUTING -d 172.27.232.2 -p tcp --dport 32400 -j SNAT --to-source 172.27.224.1

The 50.xxx.xxx.xxx is my VPS's public ip. I've omitted the rest, so that's why there are x's.

The 172.27.232.2 is client ip that is local to the VPS. I tested from the VPS, and had no problem connecting to anything that was at that local address.

172.27.224.1 is the VPS's local ip, and I've tested from my client and had no problems connecting to anything on the server.

The goal is to be able to connect to the VPS' public ip, and have it forward that connection to the client so that I can access a plex server remotely (that can't have ports forwarded normally)

I've also tried 

  iptables -t nat -A POSTROUTING -d 172.27.232.2 -p tcp --dport 32400 -j SNAT --to-source 172.27.224.1:32400

Instead of what I listed in 3. Is there something simple I'm doing incorrectly? Thank you.

Edit: I'm also willing to try different solutions, but this seemed like the smartest choice to me. I did get an SSH tunnel to work and do what I wanted, but... tcp over tcp is incredibly slow. So that's not really an option.

Rough diagram showing what I'm trying to do: Networking

world177
  • 21

2 Answers2

1

I was using OpenVPN access server, and not the older open source OpenVpn software. I believe my routing was being blocked by access server.

OpenVPN (access server) has their own system in the latest software to handle all of this networking stuff for you. You no longer need to port forward using iptables. User Permissions -> More settings -> DMZ settings -> put the VPS public ip, and the port. Then connect using that user account. It'll automatically forward everything.

world177
  • 21
0

First of all, you don't need SNAT to achieve your goal. Steps to follow to make this working are:

  1. sysctl -w net.ipv4.ip_forward=1 (VPS)
  2. iptables -t nat -A PREROUTING -d 50.xxx.xxx.xxx -p tcp --dport 32400 -j DNAT --to-dest 172.27.232.2:32400 (VPS)
  3. iptables -t filter -A FORWARD -p tcp -d 172.27.232.2 --dport 32400 -j ACCEPT (VPS)
  4. Change the default gateway (Home computer) to 172.27.224.1 so the packet back throw the VPN
  5. (If you have linux on you home computer) iptables -t filter -A INPUT -p tcp -d 172.27.232.2 --dport 32400 -j ACCEPT (Home computer)

After that make sure that Plex service is listening for all IPs on that port not only localhost, 127.0.0.1

Wissam Roujoulah
  • 3,229
  • Thank you for the response!

    I've set 1-3 without a problem. 4. I set, but doesn't seem to make a difference. 5. I'm using Windows for hosting plex, but I turned off my firewall completely while testing, so it shouldn't be affecting this.

    The normal default gateway for the VPS is 172.27.232.1, while I can only connect to it locally with 172.27.224.1. I'm not really sure if that information is helpful.

    Anyway, after changing those settings, I'm still failing to connect to it from outside the network.

     – world177 Oct 13 '17 at 03:04
  • @world177 please check the edit – Wissam Roujoulah Oct 13 '17 at 03:21
  • Just saw it, I've connected another client to the vpn, and had no problem connecting to my plex server through the vpn. So I would think that shows that it's listening for connections. Was also able to request pages on the vps from the home plex server using the 172.27.232.2 address. – world177 Oct 13 '17 at 03:25