Server Access Outside VPN and local?

Hi all,
I'm have a NextCloud server running on my home network and I have the entire network running behind openvpn. Can I also use something like dynamicDNS to allow access to the NextCloud server from the outside world, but not through the VPN, but to the ISP?
I used to have access from the outside, but that was before I setup the VPN. It is possible that it is actually still working, but the IP has changed, but I don't have a ton of time to home to play with it. I actually have 2 networks because of how the ISP setup works. The cable modem is also a router and AP. I have it routed to my OpenWRT router that most items in the house run through.

If your whole network is behind/using the VPN then you cannot port forward via your WAN port.
This is because traffic comes in via the WAN but goes out via the VPN and the firewall will not allow this.
You must use Policy Based Routing to make sure traffic which comes in via the WAN also goes out via the WAN.

You can use the full PBR package:

Or do it manually making a routing table via the WAN and connecting either the IP address of the server to this routing table or the port nextcloud is using.
I can provide details if required

It has been a long time since I've done any in-depth network setup and the technology and software have really changed.
So, the question is, since the NextCloud server is on a fixed IP, can I have it's WAN traffic not go through the VPN, but all other WAN traffic does? I still want all of it's LAN traffic to be accessible to the LAN since that's where we typically access it.
Yes, I would need some more detail.
Nextcloud is on 192.168.2.15 if that helps.

Like I said you can install the full PBR package but in your case it might be overkill.

I do not know your exact setup so a bit a shot in the dark but assuming you use a recent OpenWRT build e.g. 23.0.5.3 the following might work:

Make a routing table with default routing via the WAN and name it table 100
Luci: Interfaces > WAN interface > Advanced setting: Override IPv4 interface and Add custom table 100

/etc/config/network
config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option ip4table '100'

Make routing rule attaching the client ip address to table 100
Luci: Routing > IPv4 Rules:
Source: 192.168.2.15/32
Table :100

config rule
	option src '192.168.2.15/32'
	option lookup '100'

Save and Apply and Reboot

I'm using the most recent version of OpenWRT, but RC4 instead of release. I haven't had time to go back and install the release and reconfigure yet. Running on a BPi R3.
Thanks for the config. I'll give it a try when I get home. Hopefully I'll have time tonight. Busy household.

1 Like