Forbidden 403: access private web site from and to openvpn network (client use public ip instead openvpn ip)

  docker, http-status-code-403, nginx, openvpn, plesk

I’m trying to access a private web site from/to an openvpn network. But, nginx tells, in the access.log, that the client use his public IP instead of his private openvpn ip.

Here you can see my network:

OpenVPN server (tun mode): 
     10.10.10.1 (server public ip)
          172.17.0.1 (docker bridge)
               172.17.0.2 (openvpn server container)
               192.168.255.1 (openvpn server private ip)

My client :
     10.10.10.2 (public ip)
          192.168.255.10 (openvpn private ip)

mywebsite.domain.com : this is my private web site i'm trying to access.

nginx conf : (the allow line of this nginx conf does’nt work…). "The location param is not important here".

allow 192.168.255.10/32;
deny all;
location / {
    proxy_http_version 1.1;
    proxy_set_header Connection "";
    proxy_pass http://localhost:9000;
}

I’have a 403 forbidden when i’m trying to connect with "My client".

If I use this nginx conf :

allow 10.10.10.2;

Then, the mywebsite.domain.com works properly.

So… Why "My client" doesn’t use the internal openvpn IP ? (which is 192.168.255.10). In the nginx access.log, I can see that My client use his public ip.

I’m clarifying, except this point, my openvpn server seems to work properly. For example, when I navigate to Internet with my client, the external web sites see the public ip of the server (10.10.10.1). I used mon-ip.io to check.

Anyone have an idea?

Thank you in advance!

Source: Docker Questions

LEAVE A COMMENT