The proxy server is set to only allow traffic from a certain IP network (192.168.100.0/24 from DHCP server) to pass and only allow access to certain websites in the Apache server that are whitelisted.
I have an OpenVPN server in another machine (Server PC) next to the proxy server's (Router PC), which spits out it's own DHCP IP (10.8.0.4/30) to connected clients. So my client computer has 2 interface and 2 IP, one that's connected to the router PC and has IP from DHCP server (192.168.100.0/24), and a TAP interface with OpenVPN's IP (10.8.0.6/30).
As per my knowledge, when I send request to open a website in my Apache2 server, OpenVPN encrypts the packet going out and is using it's own IP to send those packets (hiding the original IP).
My question is how does the request gets through Squid, despite not having the IP that is allowed (it's using the VPN's IP of 10.8.0.4/30 instead of 192.168.100.0/24) in the proxy setting, yet the proxy still works and blocks the non-whitelist website?
P.S. It's for a final exam in my Vocabulary School in Network & Computer Engineering, and it is not mentioned whether the OpenVPN supposed to be installed in the Server PC or Router PC.
As per my knowledge, when I send request to open a website in my Apache2 server, OpenVPN encrypts the packet going out and is using it's own IP to send those packets (hiding the original IP).
I feel a great misunderstanding here. OpenVPN does not intercept traffic or anything. It appears on your computer as a regular network interface with an IP address and all. Only traffic that leaves over this virtual network interface is sent over the encrypted VPN connection.
So, how is traffic directed over the VPN interface? With regular routing. On Windows, you could use route print to inspect the routing table. Unless you set something up (e.g. using OpenVPN’s redirect-gateway option), only traffic to 10.8.0.4/30 (likely an effect of topology net30) will use the VPN connection.
If OpenVPN is configured with redirect-gateway def1, you still have a more specific route going to the Squid host. Contacting anything in 192.168.100.0/24 will simply not use the VPN.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments