How do you reach servers behind an openVPN network?

St
- in Servers
24

I know a lot of things, but VPN is still a foreign word…

I assigned an IPv6 subnet at home from my internet provider (German fiber). I don't get an IPv4 … (= DS Lite)

I have now managed to install an OpenVPN server on a VM at Hetzner.de and run it there.

I have an openVPN client running on my local computer, which also connects completely to the server. The local computer is operated behind a Fritz Box. The connection to the VPN server is:

Connected to: Name of the server, connected since: Date and time, assigned IP: 10.8.0.2

Now I would like to start a Minecraft server on my computer / client, for example, which will then host via the IP "on the server side".

I can also see the external IP of Hetzner's VPN server when I look at "wieistmeineip.de" and it is also the correct IP that I have there - but I can't use the "external" IP on my server behind, so to speak access the VPN client…

I can also open websites when the connection is active, but port 80 is closed during a port check… I don't understand…

How do I get my local servers to the IPv4 that the VPN server at Hetzner has.

I know the whole thing would also be ready at fixed-IP.net, but I would like to set it up myself, for practice purposes and for later times…

thank you in advance, best regards and stay healthy

the user

sy

Only comment here because I'm also interested in answers.

Run NAS with FTP, plus an image gallery and mail server - without a fixed IPv4 I couldn't get external DSLite requests to my home connection.

The only remedy was the conversion by the DSL provider from DSLite to their own IPv4. Fortunately, 1und1 makes this completely free of charge within a nice phone call.

Cl

A VPN is nothing else than a LAN, but with remote clients. You can reach any client within the VPN. You are writing from an "external" IP, but this is just a remote internal IP address.

The 10.x.x.x is just like the 192.168.x.x. Only a private LAN area.

St

German fiber optic is standing there… I've tried several times…

St

May be, but I need help what I have to set on the game servers…

the MC server, for example (for the sake of simplicity MC), I can reach via 127.0.0.1 and also my local IP 10.8.0.2 …

Via the external but not… As if the port were closed, but according to IP tables everything should be open…

I used this script by the way:

https://github.com/...pn-install

St

I can reach all of my internal servers and IP cams via IPv6 …

but Ark servers don't run over IPv6 and the streaming server doesn't do that properly either…

sy

Incidentally, I was given IPv4 without hesitation because I told the gentleman on the phone that I would also use DSLite, but he had to give me a solution for external access. There was none.

sy

Reaching a server internally is not a problem, same LAN. Coming from the outside is another number. The Hetzner server probably has tens of users on it, if there's an inquiry for your Minecraft server at home, it doesn't know which customer to route to. No solution can look like this.

sy

Even with external IPv4, you probably wouldn't be able to reach it. First of all it starts that the server gets a fixed IP in the home network and then the ports have to be forwarded. So if a request comes in on the router on port XYZ, it must be routed to the home server and its port ZYX.

Problem is, no requests come in to your router. If you address the DSLite IP from the outside - whether VPN or not, you end up in the provider's data center, not at home. Because you share the IP with various other fiber optic users. That's the problem. How should the distributor at the provider know which household to send it to when making an inquiry? Not possible and I got a neck back then.

I tried to solve this problem for months, no chance other than IPv4 fixed or to install the desired server service on a root or vps from Hetzner, OVH and others.

St

This is what VPN looks like…

An external server with IPv4 connects to the client, which then reaches the server's IPv4 … Or am I wrong?

sy

Upside down, you virtually dial into the network of the server and use it. If he had now released network paths, for example, which can only be seen with an internal IP, these network drives would be displayed for you. That is and the purpose of a company VPN.

A request that comes in on the server's IP has nothing to do with your VPN. This is simply a request for a port on the server at Hetzner and it will not find its way to your home.

St

I'm not talking about the IP of DS Lite, but the one that is given to me at Hetzner (or wherever, just a VM with an openVPN server) … And that is tunneled through an IPv6 tunnel to my client, which is within mine Network is running…

and the VPN doesn't interest my router - it tunnels through… With IPv6, the router only serves as a port blocker (firewall) anyway, but you don't have to release an IP, because IPv6 goes directly to the server… Each server within the private network has its own IPv6 … That's the good thing about IPv6 … It just has to prevail - because of me, you can still switch off IPv4 today, because IPv6 is MUCH easier…

St

Conversely, does that mean maybe that I have to install the client at Hetzner and that it connects to a local server hosted here? Would it then be possible for me to be able to reach myself via the IP obtained from Hetzner?

somehow it has to work, as I said as with fixed-ip.net, they can do it with VPN…

Le

Does the log look like a successful connection? I can only discover success but no fail * or err *.

The remote station must then also connect to a proxy that represents the client-side entrance to the VPN tunnel. Of course, this proxy needs the IPv6 address of the server-side proxy.

St

Hmm. The players should connect to the IP that the server at Hetzner has… And this connection then tunnels to me via IPv6 …

the tunnel is there, that says the protocol…

only how do I connect the client with me to the server that also runs on the same PC as the VPN client…

MC Server listens to 0.0.0.0, VPN Client IP is 10.8.0.2 Internal IP from me is 192.168.2.162

from the outside you should come up with the IP that the VPN server has (at Hetzner)

or am I completely wrong…

Le

A VPN is a virtual private network - i.e. H. The computers at the ends of the tunnel only see the LAN, but not the actual network that the VPN is tunneling through. Only the proxies at the tunnel exits see the WAN, the tunneled network.

Either you configure the proxy settings of the web client or you enter a URL of this form:

[Proxy server protocol]: // [proxy server] / [forwarding script]? Url = [service server protocol]% 3A% 2F% 2F [service server_im_VPN]% 2F [service application]

where% 3A and% 2F are the URL "masks" for: and / (and of course the terms in square brackets must be replaced accordingly).

St

I'm not interested in web servers - I want to host game servers - over IPv4, because they are not IPv6 capable…

and I tunnel with the IPv4 over IPv6 to my home…

that works as you find it at Goole - without a proxy because

https://www.feste-ip.net/

do it too…

Le

You said that you only have an IPv6 address to the outside, the service server (it doesn't have to be a server for websites, it can be any service, even a game) but can only be reached via IPv4.

So you would have to rent one of the - scarce - IPv4 addresses.

Cl

You need a public IP address that can be redirected to the (internal) server IP. This is usually done in a router, maybe this can also be set in your VM. Without this public IP address, your VPN is not connected to the Internet (v4).

If you know this public IP, you must then forward a port to the internal server IP.

St

Yes, I have it all…

only the question of where is the server and where is the client…

and, can the client / server just stand around openly and forward the IPv4 packets that my game servers need through the tunnel?

How does the game server look like the tunnel? Do I have to indicate that?

St

I rent it from the VM at Hetzner… I'm already doing it… And it should come to me in a tunnel… Via VPN…

Le

On the server side, you will receive a success message after your uploaded log.

On the client side, you then have to proceed as described by your provider.

St

Nothing is described at my provider - they have no plan of their own technology… The worst service besides Host Unlimited.

but they have good lines - but you have to do everything yourself…

As

In order to communicate with the server on the Internet, it is not enough to have an IP assigned by the ISP. Register at DYNdns.org. There you will also find instructions on how to use the assigned data. So in order to connect to the Hetzner server, you must also be visible on the Internet, worldwide.

You can do this with DYNdns.org.

If both places are visible on the Internet, you can also communicate with each other, provided that it is configured correctly on both sides.

St

Dyn only sets me a hostname on my IP… I don't need it necessarily… The IP is enough, but it must be reachable…

I will now try again to operate the VPN server in the home network and connect it from the "outside" via VPN client… "outside" means the VPS at Hetzner…

So if a player connects to the IP from the VPS at Hetzner, I want this data to enter my network via the tunnel and reach the game server from there…

As I said, it works when you use the VPN service from Feste-IP.net:

https://www.feste-ip.net/

uses, but I want to do it myself to save costs…