Restricting nginx website connection to VPN Users on the same server

nginx vpn pptp pptpd

My main aim is the following: Install a VPN server on a server, and a website on that server should be accessible only to users that are using the VPN on that same server.

First, the two server case works.

That is, I have two servers, A and B. The PPTP VPN server is installed in A, and the nginx is on B.

I have set up allow rules for my nginx site as follows and they work OK:

allow ip_of_a;
deny all;

However, when I try to connect a site on A (the vpn server has an nginx server too), my remote IP appears as my original IP, not the IP I get when I connect through VPN and I get a 403 Forbidden page on nginx. The error logs show a connection attempt from my original ip, not the VPN's IP.

I understand that the VPN still knows my original IP instead of the ip it gave to me, but there should be a workaround for this situation.

The VPN assigns local IP's of the form allow 10.80.80.*, so I put another allow of the form

allow 10.80.80.0/24;

That did not do the trick.

I also tried directly adding the local ip the VPN gives to me, but again it did not work:

allow 10.80.80.100;

Does this need to fixed from the pptp server somehow or can it be fixed from an nginx rule?

Edit: The routing tables on the client (OS X) before and afterconnecting to the vpn:

Before:

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1        UGSc           18        0     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH             17 12724964     lo0
169.254            link#4             UCS             0        0     en0
192.168.1          link#4             UCS             3        0     en0
192.168.1.1        0:25:9c:4a:c6:44   UHLWIir        19    28906     en0   1000
192.168.1.126      0:88:65:5c:6a:f4   UHLWIi          0       33     en0    440
192.168.1.129      127.0.0.1          UHS             1        0     lo0
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWbI          0       24     en0

After:

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            10.99.99.99        UGSc           16        0    ppp0
default            192.168.1.1        UGScI          11        0     en0
10                 ppp0               USc             1        0    ppp0
10.99.99.99        10.99.99.100       UHr            17        8    ppp0
SERVER_IP_HERE      192.168.1.1        UGHS            1      299     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH             17 12724968     lo0
169.254            link#4             UCS             0        0     en0
192.168.1          link#4             UCS             3        0     en0
192.168.1.1        0:25:9c:4a:c6:44   UHLWIir        13    28987     en0    988
192.168.1.126      0:88:65:5c:6a:f4   UHLWIi          0       33     en0    428
192.168.1.129      127.0.0.1          UHS             0        0     lo0
192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWbI          0       38     en0

VPN server don't redirect web trafic by default, as explained here, adding the line

push "redirect-gateway def1"

on your openvpn.conf will permit you to have the VPN server IP as your remote IP, and with that your web server should let you pass.

Related

How to Setup Perfmon to Automaticaly Start an "Alert" At System Startup?
Lock user account in LDAP (without using ppolicy)
Active Directory Domain with SAMBA or Other Tool
Solaris/OpenSolaris resources
Windows Server 2012 Can't Print
Serving PHP from an Nginx Alias
How can I correlate a wall jack to a user/machine on the domain?
Problems with apache svn server (403 Forbidden)
IPMI goes offline after powering up machine
heartbeat: find out machine's status within a cluster?
export XenServer snapshot as file via console
Set device offset in Linux due to failed hardware RAID?