Bit of a specific one this, with a couple of questions, but I’ll run you over what I have and what I want to set up.
My Windows home server has a dynamic DNS (using noip) for the purpose of logging in from elsewhere via RDP and to access web based software that is assigned via port forwarding on my router. I added a VPN (IPvanish) to this to hide some of my activities. Firstly, my Dynamic DNS is still able to pick up my original public IP, which allows me to use the RDP and software, provided it is set to my ethernet adaptor. MyIP searches on google show my IP as the one provided by the VPN.
Should this be possible when using a VPN? Shouldn’t there only be one public IP being displayed by the server?
The next thing is setting up a new incoming connection, which would allow me to connect to my server via VPN. This will allow me to map my Shares from my home network on my work PC.
Currently, as soon as I create that new connection, noip stops picking up the public IP provided by my ISP, therefore disabling my remote access to anything. When I disable my IPvanish VPN, it will pick the public ISP IP up again.
Ideally, I would like to have my IPvanish VPN running, with a dynamic DNS picking up my original IP and a VPN set up so I can map home network shares to my work PC.
Is this possible and what are the potential problems with doing so?
Sounds like you need s VPN that you can forward ports through. Look into something like AirVPN.
Precisely what I was afraid of. Jumped into a 12 month subscription with IPvanish so ideally didn’t want to do that.
I had an old Raspberry Pi lying around so decided to turn it into a VPN server, solely for the purpose of tunnelling into my home network.
I’m still interested to know why noip is able to pick up my original ip address though. Makes me worried that my VPN isn’t properly hiding me.
Hmm, does it create it’s own network adapter in the Network and Sharing center? I’m trying to piece that together in my head. If you have your standard network adapter, and it’s tunneling through the installed TAP adapter, but you also have a third adapter hanging out that isn’t tunneling through the TAP, that might be possible.
I guess you can change what you use for remote desktop. I’m using teamviewer. When I connect to my VPN, teamviewer still “broadcasts” my IP, but it starts broadcasting my VPN IP after a few seconds. If I’m already connected to it when I switch servers on my VPN, there will be some brief handover period (which is almost always shorter than the timeout on Teamviewer), so I don’t ever fully lose connection.
Since I can stay logged into teamviewer on other computers, and leave my home computer permanently logged in to teamviewer, I can watch in my control panel as the IP address switches from one to the other.
I have 2 adaptors enabled. An ethernet adaptor and a seperate TAP adaptor for the VPN. Remoting in isn’t so much an issue now i’ve set up the Pi server. I installed noip on there as well so it picks up my original IP so I use that for my dynamic DNS instead of the main server. It still worries me that the main server is able to pick it up at all though.
Excuse my lack of understanding, but could it be possible that the router is providing the main server with the original IP then any traffic requested by the server is sent out through the VPN adaptor and received back through it, therefore masking it?
I do use Teamviewer as a backup remote option but as my work licence only allows 1 connection at a time, I need to leave that open for work and remote in to my home network via RDP. I also access programs on the server via WebUI so i need the dynamic DNS setup and the appropriate ports forwarded to the server.
I’m not 100% sure I understand what you are saying. But if you are forwarding ports on your computer and your router to the Internet-at-large, and these ports are being fowarded on your ethernet adapter and router, then yes, you are talking to the internet on that particular port, with your ISP IP address and not your VPN IP.
The way around that is to remove the port forward settings from the router, and forward the port in the VPN software (if you are using a VPN than can do that). So the forwarded port is going through the VPN tunnel on your end, and then the VPN exit node is listening on that VPN IP on the other end on that port. So the client on the other end is configured for the VPN IP port number.
I just re-read my paragraph, and it’s a mess and confusing, but I have to run. I’ll try to clean up later. Maybe you understood me anyway.
The one thing I still don’t understand, is why are you using both a VPN and a client-side Dynamic DNS? I’m still lost.
I think I’ve confused myself a little here as well!
Originally I wanted the VPN installed on my server so I could hide my IP for any traffic from the server only. I had the DDNS software set up on there as well because it was the only device that would be on at all times, so could constantly update the IP given to me by my ISP. This DDNS allowed me to remote in to my server from anywhere and also allowed me to access programs from a WebUI. I have several ports forwarded from the router to the server for these programs so i can access them using myddns:portnumber.
The reason I want the VPN server on the Pi and a DDNS as well is so I can quickly access these programs via WebUI without having to connect to my VPN first, while having the option to VPN in to my home network when I want to access and map the drives on a PC on another network.
So you’re saying if I forward ports from the router to the server, any traffic that comes in or goes out on those ports doesn’t go through the VPN? I thought that port forwarding bypasses the firewall, not the VPN service?
The VPN service is essentially a firewall itself. I’m assuming you are using a commercial VPN of some kind. If you look at the logs of what it’s doing, it’s directing the traffic to the TAP adapter, and making firewall rules to prevent leaks related to the primary ethernet adapter.
I think you can accomplish what you want, while always staying on VPN too. Check out AirVPN. You can set a port in their client config area. Say you set port 30123. Their software also lets you set up DDNS directly. So you set your DDNS to ForceMajeur3. Automagically, ForceMajeur3.airvpn.org is :30123, dynamically. TTL is about an hour, but the system is so stable, you very rarely will change servers. I’ve stayed connected to the same AirVPN server for two weeks straight before. If the client has to switch servers, the dynamic address will resolve properly in about an hour.
Worth looking into.