OpenVPN - force resolve of specific domain (ip) to local VPN IP

Hi, I have quite simple (i guess) need. I have a domain pointed to my public IP, which ends up on my router if accessed from outside, then if it’s port 80, it’s pointed to my server. Simple. Now, I want my port 80 to be available only in home network, not from the outside. I would simply turn off the port forwarding for that port and for access from outside I would use openvpn. But I don’t know, how to do the configuration of this behavior.

Again:

  • domain.com:80 is not accessible from outside
  • domain.com:80 is accessible from inside thanks to hosts on router pointing it inside (192.168.1.10)
  • I don’t want all traffic or DNS resolve to go over openvpn
  • openvpn connection works, so I get to 192.168.1.10:80 from outside
  • I’m not able to access domain.com:80 from outside… that is my problem I want to solve.

Thank you

How did you make this work? (please see my questions towards that topic: https://forum.test.turris.cz/t/directly-routing-traffic-to-internal-ressources-calling-a-public-domain/4801)

Concerning your question: how did you set up VPN - do you rout all traffic via VPN? If not you should try that.

replied to your thread. About the all traffic. That’s what I don’t want to do, to route all traffic. I want the VPN just to be able to access local network from outside.

I’m not sure it’s easily doable. I have the same issue (but it’s not Omnia-specific) and I resorted to putting a hosts entry in the client machines.

But then it does not work if the VPN is disconnected, that’s the issue. I solved it using up-script and down-script which openvpn runs if it’s called the same as the client config file + _up.bat or _down.bat. I put the hosts info in on up and remove on down. This way it works great. But I feel dirty :smiley:

I don’t think you should, :wink: That’s what they were meant for.

Thank you! I’ll test it next time I get hands on my machine :grin:

It might be able to adjust the openVPN-settings to make sure your public domain is resolved by your openVPN-DNS (the Turris I assume). But on this field I have no experience by now.