Openvpn – Forwarding OpenVPN traffic on specific port to different OpenVPN server

openvpnPROXYtunnelingvpn

I am trying to figure out how to setup an OpenVPN server that is able to forward traffic from a specific port to another OpenVPN server at a different location.

I guess this could best be described as an OpenVPN proxy of sorts.

As an example, let's say that I want have an OpenVPN server that I don't want serving HTTP requests, but everything else is okay. I have another server in a different location that I want serving the HTTP requests. The client is only allowed to connect to the first server, so how would I tell the first server to forward all requests on port 80 to the server in the different location?

Best Answer

Make sure the tunnel between the clients and the "proxy" is operating in routed mode.
Make sure the "proxy" is able to reach the services on other servers (through tunnels).
Set up DNAT. Let's say the IP of another server serving port 80 is 172.16.76.1:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 172.16.76.1

Alternatively, run a proxy of some sorts: balance, haproxy, nginx, whatever, depending on protocol and use case.

Make sure the clients are accessing the service on a tunneled (secured) IP.

Related Solutions

Nginx – How to Set Up as a Caching Reverse Proxy

I don't think that there is a way to explicitly invalidate cached items, but here is an example of how to do the rest. Update: As mentioned by Piotr in another answer, there is a cache purge module that you can use. You can also force a refresh of a cached item using nginx's proxy_cache_bypass - see Cherian's answer for more information.

In this configuration, items that aren't cached will be retrieved from example.net and stored. The cached versions will be served up to future clients until they are no longer valid (60 minutes).

Your Cache-Control and Expires HTTP headers will be honored, so if you want to explicitly set an expiration date, you can do that by setting the correct headers in whatever you are proxying to.

There are lots of parameters that you can tune - see the nginx Proxy module documentation for more information about all of this including details on the meaning of the different settings/parameters: http://nginx.org/r/proxy_cache_path

http {
  proxy_cache_path  /var/www/cache levels=1:2 keys_zone=my-cache:8m max_size=1000m inactive=600m;
  proxy_temp_path /var/www/cache/tmp; 


  server {
    location / {
      proxy_pass http://example.net;
      proxy_cache my-cache;
      proxy_cache_valid  200 302  60m;
      proxy_cache_valid  404      1m;
    }
  }
}

Proxy mail to different smtp server with Postfix

Postfix is extremely flexible (and therefore, complex) in its configuration, so there are various ways to achieve this. The simplest way would probably be to use a transport(5) table.

First, enable the use of a transport table in postfix:

/etc/postfix/main.cf:
    transport_maps = hash:/etc/postfix/transport

You'll also have to make sure that Postfix accepts mails for the addresses that will be handled by Lamson. Have a look at permit_auth_destination for the rules Postfix will apply to determine valid recipient addresses. For the following example, assuming "example.com" is a domain not otherwise known to Postfix, it's probably easiest to simply add it as relay domain:

/etc/postfix/main.cf:
    relay_domains = example.com

Then, create an appropriate table. E.g. to redirect all mail for the domain "example.com" as well as mail for "user@mydomain.org" to your local Lamson listening at port 10025:

/etc/postfix/transport:
    example.com          smtp:127.0.0.1:10025
    user@mydomain.org    smtp:127.0.0.1:10025

After that (and then once after every update to the transport table file) don't forget to run:

$ postmap /etc/postfix/transport

This should get you going. Be sure to read the transport(5) man page, which will give you more ideas on how to use this powerful facility.

Best Answer

Related Solutions

Nginx – How to Set Up as a Caching Reverse Proxy

Proxy mail to different smtp server with Postfix

Related Topic