Clients connect to the Nethserver via VPN. Nethserver services are accessed via the VPN, all other internet traffic accesses the internet locally regardless of the VPN.
The public IP address of the clients is dynamic and this causes problems. The clients should connect to another public server that uses a White List to allow the connection, but this requires a fixed IP on the client side, which it doesn’t have. Nethserver has a public static IP address.
I was wondering if I could take advantage of this and redirect traffic to the other server on the client via Nethserver’s VPN?
This can be done, using a “pushed” route specific for this access to the NethServer.
All “other” Internet access would be done directly from the local device (VPN client).
This can be included in the OpenVPN config file distributed to clients.
The targets whitelist should cover the gateway public IP of your NethServer - and maybe also the internal VPN IP (Which can be “fixed” pro VPN client…). This would need additional tests.
As to specifics, like a howto, it would be very difficult, as no versions are stated.
Are you using NethServer 1.0?
I know that the push “route /32” line should be added to the openVPN server config. is the IP address of the server that the clients would reach via the Nethserver VPN, the traffic for this would be redirected from the client side to the VPN.
I entered the <specified-host-IP-address/32 line in the Custom routes setting of the Road Warrior server. This created the push “route 3x.1xx.x3.xxx 255.255.255.255” line in host-to-net.conf.
I connect to the Nethserver with the client via VPN and type into the browser on the client, but it rejects the connection with a timed out.
As said, it may be possible that MS-RDP transports it’s origin IP - the IP the VPN is using.
This may also need to be whitelisted at the site of that MS server…
