Solved

Using VPN tunnels for specific ports

Posted on 2013-05-24
14
823 Views
Last Modified: 2013-06-22
Is it possible to use VPN tunnel for one specific port and let all the other traffic follow the normal unsecured ISP path? Can this be done by software application. On a server I have openVPN installed and squeezeserver ( with music database).
Now I would like to connect my squeezebox, wich is located at another office, to this server.
So I'd like to be able to specify that only the squuezebox   connects to the remote server through the VPN tunnel...
0
Comment
Question by:mycofilip
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 10

Expert Comment

by:JEaston
ID: 39194830
I don't know if you can filter VPN traffic by port, however you can route by IP Address and network - this is standard is many business VPN setups and I think would achieve what you are looking for.

For example, your home network could have the IP range 192.168.1.x, the network your squeezebox is on has IP range 192.168.2.x and the VPN tunnel (and network routing) is configured only to route traffic to the 192.168.2.x network through the VPN while local traffic and internet traffic is uneffected.

This is how we connect small remote offices back to our Head Office!

Hope this helps.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39195177
"Port routing" would require a very sophisticated router / VPN device. It is called "policy-based routing", and allows for more complex rules than target IPs. But I agree in your case the target IP routing should suffice. Each router and OS is able to do that. But how to do it depends on your actual setup. Most simple is if the OpenVPN client/server is also the Internet gateway for each site, then all you need is to set up the routes to the other site in both OpenVPN configs.
0
 

Author Comment

by:mycofilip
ID: 39196766
I have a modem/router from my ISP wich gives 192.168.0. x ip adres to the clients.
The server is also behind a ISp router with IP 192.168.1.2 ( but I can use dyndsn here).
So on the server site I install open VPN? But what about the client site?  This is where the squuezebox is located. But instead of installing the squeezeserver software on  a pc at that location I would want to install the VPN client wich connects the squuezebox to the open vpn server ...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:mycofilip
ID: 39196808
Seems like openvpn access server doesn't run on windows homeserver directly. Is it really necessairy to install a virtual Linux system to run this ?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39196969
You don't need OpenVPN Access Server. The free OpenVPN Community server works, and it runs on ANY Windows OS. WHS should not be an exception.
0
 
LVL 3

Expert Comment

by:corower
ID: 39200464
the simple answer is "no, you can not use VPN tunnel for one specific port". TCP/IP can distinguish paths only by IP, as routing decision is made on OSI level 3 - = based on IP address.  Tunneling (VPN) is also working on L3. TCP port is extra information, that is not used in routing decision.

however. you may apply some tinkering to work that around. i.e. - you open a VPN towards your sqeezeserver, and route all trafic to this machine (and only to this machine) through that VPN. just make sure, you do not install default route from that VPN :) as long as yo do not use other services than sqeezeserver, that traffic will be routed through VPN.

the you should configure windows server as a RAS (VPN dial-in) server and a client on your side. here is a manual, that looks pretty good -- http://thedigitalmediazone.com/2012/03/26/how-to-set-up-vpn-for-windows-home-server-2011/

when you configure VPN connection (client side), get into ICP advanced settings and uncheck "use default gateway on this connection". then all traffic except that subnet on VPN will continue to go directly through old connection.
0
 

Author Comment

by:mycofilip
ID: 39212745
OThanx for yur answer corower. The VPN is setup on de homeserver. But can I change the VPNport, sice my is^p blocks everything below port 1024 ?
When you say to open a VPN towards the squeezeserver you mean to open a VPN from a pc on the client site , where the squeezebox is installed? I can't make a vpn connection  from a squeezebox can I?
0
 

Author Comment

by:mycofilip
ID: 39212810
Sorry but can't seem to find " get into ICP advanced settings "
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 39212816
That's a typo. ICP => TCP
0
 

Author Comment

by:mycofilip
ID: 39212819
???
0
 

Author Comment

by:mycofilip
ID: 39212821
Ok, understand typo = mistype ;-)
0
 

Author Comment

by:mycofilip
ID: 39214336
This is how far I got till now.
On the client site I have a pc that has IP 192.168.0.22 from local ISP router.
Also connected to that router is the squeezebox wich I gave fixed IP 192.168.1.20.

At the server site I have the same ISP router that gives the server IP 192.168.0.50.
On this server I have VPN server enabled that gives IP 192.168.1.90 to VPN client.
On this server I have squeezecenter installed.

Now, at the clients site I could make a VPN connection to the server and got the 192.168.1.90 IP , but when I can't connect the squeezebox to the squeezecenter software on the server site.
How can I let the squeezebox tunnel through the VPN i set up ?
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39214888
Confusing setup. Each independent site needs to have one and only one but distinct network. Else you get into a lot of unnecessary trouble with proper routing.
That is, your client site should have 192.168.0.x, your server site 192.168.1.x, and the OpenVPN network 192.168.2.x.

The OpenVPN server config then needs a
    push route 192.168.1.0 255.255.255.0
to push the necessary route for the server site to the  client.
0
 
LVL 3

Expert Comment

by:corower
ID: 39214890
Hi!

it seems, we're getting a bit to heavy on heads on sundays evening. maybe a small picture would help us (okay, at least - me) to understand what is the situation?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
I need help getting Virtual Server working on F5--LAB 13 126
UNIX SCP 5 78
SQL Server memory Issue 7 122
Penetration Testing home based work 3 76
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question