Linux routing: connect to VPN but still make services (e.g. Apache) accessible via ISP-assigned ip

2

I have a pfSense firewall sitting directly behind my cable modem. On my lan, among other things, I have a linux (Mint 13) box running apache. I have a port forwarded from pfSense to my linux box and am able to access apache happily. However, I've recently begun using a vpn service which I connect to from my linux box. When the linux box is on the vpn, services running on the linux box are not accessible any longer.

I've tried setting up split routing as well as enabling "use this connection only for resources on its network" in NetworkManager but neither seems to quite solve the problem. Ultimately, what I need is to be able to route traffic coming in on specific ports as normal (as if the vpn was not present). What would I need to do to be able to still allow access to my services yet route the rest of my traffic through the vpn?

Naenyn

Posted 2013-12-12T03:55:24.903

Reputation: 21

Answers

1

When the linux box is on the vpn, services running on the linux box are not accessible any longer.

This is not exact: your Mint pc receives a query through your local router, but replies through the VPN router. The machine that had tried to access your pc is then confused: it has called your home, but it has received a reply from another IP address, it will most likely drop the connection.

If you want to use the VPN, the simplest solution is to set-up a Linux Container (LXC), a simple form of virtualization. You can find a good, concise intro to it on this very same site. In saying this, I very much hope you are not running Mint-Debian, because Ubuntu, and thus Mint-Ubuntu, has some very helpful scripts to set up LXCs, which make your life quite a bit easier.

In LXC you have your own network-space, so that you can run the VPN from the command line like this (if you are using OpenVPN, change as needed):

   sudo openvpn --config /home/my_name/my_openvpn_config_file.conf 1> ./openvpn.log 2>/dev/null &

At this point, you are still on your own pc, with your own resources, except for the VPN.

MariusMatutiae

Posted 2013-12-12T03:55:24.903

Reputation: 41 321

I'm intrigued by the container idea. Would I still be able to run Xorg from that container? I was recently introduced to LXCs and have very little familiarity with them, so I'm unsure of the limitations. – Naenyn – 2013-12-12T22:31:16.767

Not usre what you mean. There can only be a single X instance running per pc. If however, the question would I be able to run a graphical application, then the answer is yes. – MariusMatutiae – 2013-12-12T22:35:13.120

1I'm guessing there's some magic happening here that I don't quite understand. So lets say for instance I spin up a container, then connect to the vpn from within that container and then start up Chrome from within that container. Apps run from that container can see the X server on the host? And the linux kernel would still know what to route to the container and what not to..? – Naenyn – 2013-12-12T22:52:54.883

Asked: 2013-12-12T03:55:24.903

Viewed: 492 times

Active: 2013-12-12T07:32:45.507