Web Proxy OpenVPN

English Forums > Web Proxy Filtering and Caching

Web Proxy OpenVPN

(1/2) > >>

Georges:
Hello :)

OPNSense 20.1.9_1.
I'm trying to make the Web proxy passing throught the OpenVPN client but the only solution i found is to modify the global gateway of my opnsense. Since i'm doing it, my Web serveur behind the NAT cannot be reach from outside :/.
- Is there a solution to force the Web Proxy to passing through the OpenVPN client?
Or
- Is there a solution to keep my website accessible from outside when i have the default gateway into the OpenVPn client interface?

Thank you in advance :)

Amr:
Hello Georges,

You have your web server on the same subnet of your LAN? in that case it'd be better to put it in DMZ that way it'll save you lots of trouble and configuration errors while being more secure.

if however DMZ is not feasible, you can add a static route (through NAT> Port Forward) to redirect all traffic for the proxy or the webserver through the desired gateway.

Georges:
Hi Amr,

Yes of course i have the websever on a DMZ :).
for One LAN i can modify the gateway use by the rules to put the LAN client into the OPENvpn, no problem.
But in my case, client are going into the web proxy of OPNSense.

Just thinking... Maybe i can just for the NAT rules for the Web server to no use the default gateway (Because i want the default to be the OPENVpn) but instead the gateway of my router. Maybe this can work.

I will try as soon as i can.

Georges:
Ok, i can-t found how to force the NAT rule to use a specific Gateway, so i can't force the return :/ and i see the return going into the VPn gateway instead of the other.

Amr:
Hello Georges,
I think you don't need to configure static routes since you have DMZ, you can simply create two gateways (VPN and router) set the LAN gateway to VPN and DMZ to the Router.

I believe you'll need to enable "Allow default gateway switching " under system>Settings>General, not sure on this one so enable it if the setup doesn't work.

however, if you like tinkering with static routes for educational purposes you'd need the following NAT rules:
1-Redirect all HTTP(S) traffic sent by the webserver (except to LAN) through the Router
2-Redirect all HTTP(S) traffic from anywhere to web server domain name to the webserver

note that in the 2nd rule you must use the domain name instead of the IP
example:

--- Code: ---Interface: DMZ
Source: single host or network: Example.com
Destination / Invert : check this
Destination: Lan
Destination port range: HTTP(S)
Redirect target IP: (put router gateway here) 192.168.1.1
Redirect target port: HTTP(S)

--- End code ---
add a description and log the rule
this will route all traffic sent by the webserver to the internet thorugh the router except for lan

ps: here's a guide to port forwarding https://forum.opnsense.org/index.php?topic=8783.0

Navigation

[0] Message Index

[#] Next page

Go to full version