Public IP via VPN - access from LAN

Hey there!

I have setup everything like in this thread: Public IP via VPN - #12 by faser This means that I have a home server available via public IP through VPN, as the public IP is associated to VPS. Everything works fine, except one thing: I am unable to access server with public IP from another machine in LAN. As a workaround, I added entries to /etc/hosts on the router and dnsmasq resolves the domain name with private IP instead if my laptop is connected to home network. Unfortunately, the problem begins, when I connect from my laptop to another VPN (i.e. to my corporate network). This VPN overrides my DNS servers and thus domain name of my server resolves to public IP once again and I am unable to connect.

Could you tell me, what am I supposed to do with routing tables, to make the traffic go from local network to the router and then a) directly to server as if I connect with private IP, or b) via VPN to VPS like any connections from the internet and then back to router and server?

Any ideas?

The vpn should manage this. To redirect all traffic via vpn on openvpn on the client you should use the redirect-gateway local def1 directive in your config. Same as here:
To route the trafic the old way, you can remove the directive and the traffic will not go over VPN tunnel, e.g. will use the default route.

I do not want to route all traffic via VPN.
I have got a VPN set between VPS and my router. VPS has two public IP addresses and traffic that comes to one of them is forwarder to my router via VPN and then goes to the server. Also all outgoing traffic from the server goes via router and VPN to the VPS and is being send to the internet with VPS's public IP.

VPS (public IP address) -------- router ======= server

---- VPN between VPS and router
=== LAN

Now behind the router I got also my laptop. When I try to access the server with it's private IP address then everything works fine, but when I try to do that by using VPS's public IP, I cannot access the server. I would like to fix that.

Try the following firewall rules:

config redirect
        option name 'DNAT from LAN to Server'
        option src 'lan'
        option src_ip '$LAN_NET/$PREFIX_LENGTH'
        option src_dip '$VPS_PUBLIC_IP'
        option dest_ip '$SERVER_IP'
        option target 'DNAT'
        option reflection '0'
        list proto 'all'
        option dest 'lan'

config nat
        option name 'SNAT from LAN'
        option target 'SNAT'
        option src 'lan'
        option src_ip '$LAN_NET/$PREFIX_LENGTH'
        option snat_ip '$ROUTER_LAN_IP'
        list proto 'all'

This should redirect all the traffic from lan destined for the VPS public IP to the local server. Better specify the protocols and ports of the services you use.


This almost works, because instead of a server, it redirects traffic to the router.

Post the result of the following commands, redacting the VPS' public IP address:

iptables -t nat -nvL zone_lan_prerouting; iptables -t nat -nvL zone_lan_postrouting

Ahh I found an issue, I fixed my typo and everything works fine now. The SNAT rule seems to be not needed also. Thank you!

The SNAT rule is not needed only if masquerading is enabled on the lan zone. Otherwise you will encounter the NAT loopback "triangle" routing problem.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.