Solved

Using VPN client for web app hosting

Posted on 2014-03-17
9
421 Views
Last Modified: 2014-03-24
My ISP is blocking port 443.  I can get around that by running StrongVPN on my web app server, but it intercepts all traffic including domain traffic intended for the 2nd NIC.  What I want is for all domain traffic to go over NIC2 and all internet to go over NIC1 while the StrongVPN client is running.  I contacted StrongVPN before coming here, but they are unable to assist since it is not a true connectivity problem.

What do I need to do to make this work?
0
Comment
Question by:CPA_MCSE
  • 5
  • 3
9 Comments
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 39936288
Have you contacted your ISP to allow 443 to be open?  

Have you considered running on a non standard port e.g. https://yourdomain.com:8443?  Very easy to set up a redirect to that from a sub domain if your clients need to have an easier address to remember e.g. secure.yourdomain.com would redirect to https://yourdomain.com:8443
0
 

Author Comment

by:CPA_MCSE
ID: 39936650
I tested that previously and www.checkmyports.net and other tools told me the alternate port was not open either.  

On the router side, I had it port-forwarding from (using your example) 8443 to 443 on my server (because the web app requires 443).  After that did not work, I also enabled port triggering to send 443 traffic from the server out through 8443.  So, at that point, 8443 was going to 443 and 443 was going out to 8443.  No dice.  Port 8443 not open either.  

The ISP and the server is in a country where nobody on the phones has any idea what is a port.  I also tried with a native speaker as middle-man, but still no clue...

So, my StrongVPN work-around works fine except that the machine cannot communicate with the local domain when the VPN client is turned on.  That is the problem I am hoping someone can help me resolve.

I tried running StrongVPN (DD-WRT) on the router and connecting the internet NIC to that, but for whatever reason 443 reports as blocked although StrongVPN asserts they are not blocking it.  So, now I am back to trying to run the client directly on the machine because that reports 443 as open BUT it cannot communicate with the domain.

At this point, the router is also suspect and so I want to cut that out of the equation and run the client directly on the/a machine.  Suggestions about how to get it to work so that I don't also lose domain traffic?
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 39938288
Have you considered getting your site hosted outside of his restriction?

Aside from that, most VPN clients have a setting whether to route all traffic through the VPN gateway.  What client are you using to connect to the VPN as I know where it is in Windows but not sure in other clients.
0
 

Author Comment

by:CPA_MCSE
ID: 39938674
I am using StongVPN's client.  I believe it to be an implementation of OpenVPN.  I will look into it to see if maybe I can use vanilla OpenVPN or some implementation with those options.

Hosting it elsewhere is not an option.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:CPA_MCSE
ID: 39938688
It looks like you may be on to something there, Rob.  I clueless about how to set routes, but I think it would be possible to force a route in the OpenVPN config file.  Here is what is in one of my old config files (not the one used by the server).

remote 74.217.88.247 4672 udp
remote 74.217.88.247 123 udp
remote 74.217.88.247 53 udp
key-direction 1
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
verb 4
reneg-sec 86400
echo vpn-dc5 ovpn224
tun-mtu 1500
route-method exe
route-delay 2
redirect-gateway def1
comp-lzo adaptive
explicit-exit-notify 2
fragment 1390
mssfix 1390
hand-window 30

Any idea what to put to force internet traffic over a specific NIC (preferred)?  Or (using just one NIC) exclude local domain traffic?
0
 

Accepted Solution

by:
CPA_MCSE earned 0 total points
ID: 39940150
D'oh!!!

http://community.spiceworks.com/topic/358440-why-does-server-2012-change-network-type-to-public

Microsoft changes the network profiles to Public for guest machines when Hyper-V guests restart without being able to connect to a DC.  With the network profile set as Public, the guest was blocking everything.  I manually changed the network profile to Private and port-forwarding works just fine now.  No need for StrongVPN...

Thanks, MSFT for wasting my f time.  I am unable to figure how to set one NIC as private and the other as Domain, but whatever.  I can go back to using a single NIC now...
0
 
LVL 42

Expert Comment

by:Rob Jurd, EE MVE
ID: 39941447
Great news... well done
0
 

Author Closing Comment

by:CPA_MCSE
ID: 39949806
See comment
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now