An OpenVPN connection (a Linux-like homebrew package on macOS) to my office works flawlessly, but it blocks incoming HTTP(S) traffic from my external IP address; however, when I turn off OpenVPN, I can access my computer from outside, otherwise it is blocked.
How can I configure OpenVPN to allow incoming connections over ports 80 and 443, as if there were no VPN?
- Client config:
client dev tun proto udp remote my-server-1 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key remote-cert-tls server tls-auth ta.key 1 cipher AES-256-CBC verb 3
- Server config
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 tls-auth ta.key 0 cipher AES-256-CBC persist-key persist-tun status openvpn-status.log verb 3 explicit-exit-notify 1
- Output of
netstat -rn
without VPN:Internet: Destination Gateway Flags Netif Expire default 192.168.0.254 UGScg en0 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 169.254 link#6 UCS en0 ! 192.168.0 link#6 UCS en0 ! 192.168.0.187/32 link#6 UCS en0 ! # my macbook 192.168.0.254/32 link#6 UCS en0 ! # router 192.168.0.254 0:1e:e5:6d:91:fb UHLWIir en0 1195 192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI en0 ! 192.168.56 link#17 UC vboxnet0 ! 192.168.56.255 ff:ff:ff:ff:ff:ff UHLWbI vboxnet0 ! 224.0.0/4 link#6 UmCS en0 ! 224.0.0.251 1:0:5e:0:0:fb UHmLWI en0 255.255.255.255/32 link#6 UCS en0 ! 255.255.255.255 ff:ff:ff:ff:ff:ff UHLWbI en0 !
- Output of
netstat -rn
with VPN: (utun3
are VPN records)Internet: Destination Gateway Flags Netif Expire 0/1 10.8.0.5 UGScg utun3 default 192.168.0.254 UGScg en0 10.8/24 10.8.0.5 UGSc utun3 10.8.0.1/32 10.8.0.5 UGSc utun3 10.8.0.5 10.8.0.6 UHr utun3 127 127.0.0.1 UCS lo0 127.0.0.1 127.0.0.1 UH lo0 128.0/1 10.8.0.5 UGSc utun3 169.254 link#6 UCS en0 ! 192.168.0 link#6 UCS en0 ! 192.168.0.187/32 link#6 UCS en0 ! # my macbook 192.168.0.254/32 link#6 UCS en0 ! # router 192.168.0.254 0:1e:e5:6d:91:fb UHLWIir en0 1162 192.168.0.255 ff:ff:ff:ff:ff:ff UHLWbI en0 ! 192.168.56 link#17 UC vboxnet0 ! 192.168.56.255 ff:ff:ff:ff:ff:ff UHLWbI vboxnet0 ! <VPN IP>/32 192.168.0.254 UGSc en0 # VPN server public IP 224.0.0/4 link#6 UmCS en0 ! 224.0.0.251 1:0:5e:0:0:fb UHmLWI en0 255.255.255.255/32 link#6 UCS en0 ! 255.255.255.255 ff:ff:ff:ff:ff:ff UHLWbI en0 !