Originally Posted by
cropicana
Ok, so I'm still not quite sure which addresses you're referring to here. How would I find the actual adress of my client machine, and where it connects to the router?
From the point of view of the Azure server, your public IP address is the address assigned to the Internet-facing side of your router.
Also what is the tunnel address stuff?
Each end of the tunnel has its own IP address like 10.8.0.1. All the tunnel traffic flows between these two addresses. On my machine that is the OpenVPN client, running the command "ip addr" returns
Code:
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 10.1.1.30 peer 10.1.1.1/32 scope global tun0
10.1.1.1 is the tunnel address I assigned to the server; the tunnel address on the client is 10.1.1.30. These are assigned in the "ifconfig" directive in the OpenVPN .conf file. For instance, on the server:
Code:
ifconfig 10.1.1.1 10.1.1.30
with the reverse order of addresses on the client:
Code:
ifconfig 10.1.1.30 10.1.1.1
I think I understand what you are saying, but this sparked another question: will this solution work if my client is switching between different routers and access points when I use it in public?
I assume you have some kind of the firewall running on the Azure machine. You'll need to open up the OpenVPN port on that machine to all remote IP addresses. Suppose you chose a random high port for OpenVPN like 43210 instead of the default 1194 (which I suggest you do). Then you'd need iptables rules on the Azure server that look something like
Code:
iptables -A INPUT -p tcp -d Azure.server.public.ip --dport 43210 -j ACCEPT
iptables -A INPUT -p udp -d Azure.server.public.ip --dport 43210 -j ACCEPT
I've never read a more truthful statement in my life lol. Thanks so much for helping me learn this.
You're welcome!
I don't try to pass all my traffic through the tunnel. Stuff like HTTP requests just go out from my router to the Internet. I use the tunnels to communicate privately with the remote servers I have running at Linode. If someone wants to sniff my traffic to see I visit ubuntuforums.org routinely, I honestly don't care.
Bookmarks