I have my own servers and have hosted a few services (game servers, web servers, ...), and use to host these on a publicly accessible dynamic IP using DuckDNS.
I have recently moved to a rural area and use a satellite service for my internet that does not support publicly accessible IP address.
I would really like to host these things again, but the only way I can think of doing that, is to have an IP somewhere in the cloud and route that back into my network. I have been messing around in Azure but I can't seem to get what I want working. I am not stuck on Azure, just happens to be the one I am message about with.
I have pfSense as my router, so I can setup a VPN client on that and pretty much keep that alive indefinitely, so here is what I am thinking and I hope someone can point my in the right direction, or if you like, poke holes in the idea.
I configure a VPN client on pfSense to be an WAN interface
create a VPN gateway in the cloud
connect pfSense VPN client to the VPN gateway
create a static external IP in the cloud
route traffic from the external ip through the VPN back to my pfSense server and into my internal network
once I get the traffic coming into pfSense , I can route to computers / VMs on my internal network.
This way, I do not need a publicly accessible IP from my ISP, I can connect to the Azure and use its external IP and route back through the VPN to my internal network.
If this was real hardware, I would have had this built in 30 minutes, seems this virtual world is messing me up.
Any ideas on how to configure this or maybe another solution?
I am struggling with the whole Azure setup and have watch hours of videos about each of the bit in Azure, but I am lacking some key bits of knowledge to bring this together.
If you know what you are doing with pfSense...
cloudfanatic.net
$2.99 US a month for a VPS running pfSense. They will spin up a VPS with pfSense on it at no extra charge. Open an account, send support an email.
Gives you a static permanent IP. Shared 1GB Internet link. No data limits. I see between 150 and 500Mbps. Perfectly fine for what I use it for.
Wireguard on that pfSense, people connect in, etc...
I've been using it for about 6+ months. Been very impressed.
Chunky
Related
I have configured Azure P2S IKEv2 VPN and downloaded the VPN client (in machine it shows as PPP adapter) into 2 machines, one each in different countries. Say our IP addresses are 170.10.10.121 & 170.10.10.122 . From here on we'll call the site with .121 machine as site A.
My machine(.122) would like to use (.121) as a gateway, so that I could browse the internet in my computer using site A's public IP address. Is this possible or have I got this terribly wrong?
My end goal is that, we have multiple sites(B,C,D) that'd like to use the internal network as well as access public internet using site A. This site has dynamic IP address for public internet and port forwarding is not an option as ISP is non cooperative.
As shown in the below picture, machines PC-B-1,C-1,D-1 are trying to use the PC-A-1 as a gateway to access the internet through Site A.
Thanks.
what you need to do is installing the P2S on all PCs in all sites and setup a FW/NVA in Azure and route the traffic through that one or setup S2S from all sites to Azure and route the traffic to a FW/NVA in Azure. Basically you will need a NVA/FW in Azure to get the same IP for all computers. You cant use a P2S as a gateway.
Prefered solution is to setup S2S VPN with NVA to get the same IP.
So this is the setup I am using as a work around.
Since setting up a S2S is not an option for lack of infrastructure and lack of time,
As given in the question, I installed P2S VPN agents in all the machines that is involved, from the machine whose internet we wanted (in site A) to be used by others, to all the other machines (in B,C,D). Now that all the machines are in Azure Vnet, I installed WinGate application at Site A machine and activated proxy.
Then I configured proxy on the rest of the machines in sites B,C and D to proxy through the machine in Site A using its Azure Vnet ip address.
Machines involved are all Windows 10.
This might not be the best solution, but given the extraordinary list of limitations definitely this was the quickest and easiest.
Let's see if we can get better and quicker solutions for the same :)
Meanwhile thanks for all the suggestions :)
I am more a C# dev than a network admin and I am not understanding what happened.
I have a website hosted on an Azure Web App and I started to get a lot of repetitive requests from IP address 172.16.5.1, to a point that it affected the web server stability
The only way I found to fix the problem is to block this IP address, but I still have questions.
1) Is blocking the IP the best solution to the problem?
2) After googling, I found that this IP address is in the range of Private IP addresses. How can a private address reach my public web server?
3) Could it be another resource from my Azure subscription that could be making these requests?...I only have a web app configured so I don't know where these requests could come from internally
4) Can this be a DDoS attack?
This IP Address is private range as you found it, but needs more information to answer your couriosity.
I could say that’s not the best solution, you need to find out which resources on your Azure that use that IP and see why it sends a request to Web App.
This is possible when your Web App connected to the Virtual Network, discuss with your Network Admin or System Architect.
I’m quiet sure that your Web App is connected to Virtual Network or could be another instance of your Web App requesting each other.
I’m not quiet sure that was an external DDoS attack.
That appears to be the default gateway for a subnet. Check the Networking blade to see if you are integrated with a VNet. I would expect that probes from something in the VNet (AppGW, Azure Firewall, NVA, etc.) would come from the instance IP of that resource and not the default gateway, but you really need to see the subnet range and know what's in there. If this is a WebApp that is integrated with a VNet via point-to-site VPN, then maybe this is something from the VNet Gateway, like Keep Alives. That might be apparent in a network trace. Blocking that IP could result in some other service marking the WebApp as unhealthy and not routing traffic to it.
Lots of conjecture here, but like Rudy said, you're not getting an external DDOS attack from a private IP.
I received a call from a business owner. One of his services will only license and whitelist one public IP well he has three locations. When I got involved they were trying to spin up an OpenVPN appliance and have site to site vpns to the remote locations. Well the remote locations have Fortigate firewalls and this will not work I believe with the SSL VPN of OpenVPN.
I would like to recommend something with Azure or AWS but I am unclear on the best VPN setup with Azure. Essentially he will need all remote sites exiting to the internet through Azure.
Late last night tried to test with AWS VPC and a VPN back to the fortigate. Client later expressed he would rather not use AWS.
Also recommended this https://forum.fortinet.com/m/tm.aspx?m=148626&p=
but he did not want to bottlekneck one of his locations
All sites exiting Azure out of one IP address
If you have 3 sites in Azure, you can make all 3 sites exiting Azure with one VPN gateway IP for the same destination.
You need to configure VNET to VNET peering and enable Gateway Transit to make it work. Can you also elaborate your ask here with a Network Diagram ?
I'm attempting to create a server using IIS.
I created a site. Configured the firewall. It's available in the browser as localhost(http://localhost:8555/) and static IP(http://10.12.66.79:8555/) too
But from another network like my phone. I tried accessing using the static IP but it failed. then I tried using the virtual IP then it show me the login page of my service provider.
what I can do next?
Hope you grab a computer networking book some time to study the basic concepts.
10...* is a private address your ISP gives to your server,
https://en.wikipedia.org/wiki/IP_address#Private_addresses
So that this server can be accessed by other devices on the same network.
Your phone is on another network (via Internet in most cases), so it won't be able to access your server.
To pass packets between two networks, many other devices and settings are required.
If you do want to do experiments, public cloud computing platforms are far better an option, as they can give your server public IP addresses that can be accessed anywhere.
you can change the mobile's default DNS to your system's(IIS) IP may be this could help you but it can be able to run locally only. Make sure that your site is working in your system through the static IP (http://10.12.66.79:8555/) if it is working properly then this could be the only problem change the DNS.
I have just taken over as a developer for a company. They host their development site on Rackspace. When I arrived, this server was spun down. Upon bringing it back up, I discovered that the IP address of that server points to the live website. There must be some kind of forwarding in place (I assume that it is through Rackspace) that does this. How can I fix this? I searched for settings on Rackspace to no avail. I would like to be able to access this dev site at least through the direct IP address until the network admin reappoints the develoment domain name to proper IP.
I'm guessing that you mean the live website domain routes traffic through to this server? Off the top of my head, you either have DNS load balancing in place - so an A record on your domain matching the IP address of the powered down machine OR you have a load balancer within rackspace that is routing traffic to it.