Portforward on external server with private VPN

[Tommy Vange]

Hello, 

 

I am currently facing a problem where I am unable to port forward on the network my computer is on. The is because there is no broadband connection, only 4G (using a 4G router) and my ISP does not support port forwarding over mobile networks. I came up with the idea to rent a cheap cloud server from Hetzner Cloud (running Ubuntu 18) and make my own VPN. So I started googeling, and I foud this program that basicly does everything for you called Algo (https://github.com/trailofbits/algo). Algo is really amazing, and I have managed to setup my VPN correctly. But I am unsure how to do the port forwarding part, and any help would be greatly appreciated. So if you know how I can make the port forwarding work, or an alternative way, please dont hessitate replying with your idea.

 

Thanks in advance,

Tommy Vange

[afranco]

So you need to port forward the VPN Server side which resides in the Hertz server? Unless is public IP facing in which you don't have to do anything. I believe they have an interface which allows you to to edit traffic comming in or out. On the PC I don't believe you need to do any port forwarding if your PC is acting as a VPN client.  

[Tommy Vange]

8 hours ago, Franco093 said:

So you need to port forward the VPN Server side which resides in the Hertz server? Unless is public IP facing in which you don't have to do anything. I believe they have an interface which allows you to to edit traffic comming in or out. On the PC I don't believe you need to do any port forwarding if your PC is acting as a VPN client.

Wierd that its not working, I just figured that I needed to do something on the linux server.

[afranco]

If the VPN is set up correctly you should be able to see if the port for IPSEC is open if you download nmap for Windows and scan the public IP address to see if it's open or not. 

 

It's a little redundant, you can also check the logs as well are you sure that the VPN.is running correctly?

[Tommy Vange]

@Franco093 Yes, the VPN is running correctly, I am able to browse the internett just fine. Its a little slow, but that shoulnt matter (50 Mbps). I will try nmap later when I get home. Its also using Google Public DNS, I would use Cloudflares 1.1.1.1 but that didnt work for me

[Alef]

I know you can do what your trying to do with a GRE tunnel using this as a rough guide https://wiki.buyvm.net/doku.php/gre_tunnel

obviously some steps will be slightly different depending on your requirements/setup. Though if you figure out a VPN based solution I'd be interested to know  

 

Also is "net.ipv4.ip_forward" enabled on the server?

 

[afranco]

I am a little confused, ok so your Hertz Ubuntu server is running the VPN server. Then you have your PC running a VPN client to connect to your server. You mentioned that this is working correct? If so why do you need to port forward anything?

[Alef]

I think they want to port forward on the client end so they can run some service ex web server

[Tommy Vange]

36 minutes ago, Alef said:

I know you can do what your trying to do with a GRE tunnel using this as a rough guide https://wiki.buyvm.net/doku.php/gre_tunnel

obviously some steps will be slightly different depending on your requirements/setup. Though if you figure out a VPN based solution I'd be interested to know  

 

Also is "net.ipv4.ip_forward" enabled on the server?

 

I will look into using a GRE tunnel, thanks for the tip!

Also Yes, I have enabled port forwarding on my Linux machine.

 

 

21 minutes ago, Franco093 said:

I am a little confused, ok so your Hertz Ubuntu server is running the VPN server. Then you have your PC running a VPN client to connect to your server. You mentioned that this is working correct? If so why do you need to port forward anything?

↓

15 minutes ago, Alef said:

I think they want to port forward on the client end so they can run some service ex web server

This is correct, what I want to accomplish is to host something on my local machine, tunnel it to the Linux server, then host it from the IP of the server (aka, only do the port forwarding on my Linux machine.

 

 

[afranco]

You don't need to port forward if the webserver is configured to listen to all interfaces on your local machine. 

 

Your local machines VPN IP will be the webservers local IP in which your VPN Server should be able to reach. 

 

From the VPN server end you may need to edit iptables to redirect port 80 and 443 comming from the public IP interface to the VPN interface on the server. 

 

 

 

 

[afranco]

Also I am not familiar with IPSEC, if there is no IP interface regarding this IPSEC,  @Alefsuggestion is a good idea to look at, GRE will encapsulated all traffic. 

 

Also look into SSH tunneling which allows you to create a tunnel over SSH and redirecting traffic without port forwarding. You can specify local machine ports to forward over SSH torwards to your Hertz Server.

[Tommy Vange]

21 hours ago, Franco093 said:

You don't need to port forward if the webserver is configured to listen to all interfaces on your local machine. 

 

Your local machines VPN IP will be the webservers local IP in which your VPN Server should be able to reach. 

 

From the VPN server end you may need to edit iptables to redirect port 80 and 443 comming from the public IP interface to the VPN interface on the server. 

 

 

 

 

Okay, I'll try in a couple of days, when I am done with my exams.

 

Thanks for the help!