Website Behind VPN

[cm0s 118]

thanx zhang888

[zhang888 1066]

You forgot the rule that will accept 51206 on tun0 and DNAT it to your webservers 80/443.

[cm0s 118]

got it goin

[zhang888 1066]

iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 51206 -j DNAT --to 192.168.1.105:80

iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 51207 -j DNAT --to 192.168.1.105:443

 

You will need 2 high ports if you wish to use both 80 and 443 local ports.

 

Those 2 don't make sense since they will never match - your tun0 IP will be 10/8 and not 94.100.23.163:

 

iptables -I FORWARD -i tun0 -p udp -d 94.100.23.163 --dport 51206 -j ACCEPT # forward airvpn port
iptables -I FORWARD -i tun0 -p tcp -d 94.100.23.163 --dport 51206 -j ACCEPT # forward airvpn port

[cm0s 118]

cheerz

[zhang888 1066]

Not sure what you meant in your other part of the post, but in order to have SSL running

you don't have to wait for any verification from your reseller (Namecheap etc.) and you can

simply authorize your domain's SSL certificate using MX, TXT or HTTP methods.

All of the methods are supported with EFF sponsored https://LetsEncrypt.org CA.

 

If you still want to avoid using high ports for your target audience, you have 2 options:

1) Running a VPS with a public IPv4, where the VPN client will run and forward it to your (home) backend

2) Running a Tor hidden service.

[cm0s 118]

easy to get lost in diff hosting companies admin areas got it goin appreciate the help