OpenConnect VPN doesn't work for sites on the same server
Daniel Lenski
dlenski at gmail.com
Tue Jul 27 08:03:39 PDT 2021
On Tue, Jul 27, 2021 at 7:55 AM Hossein H <haji309 at gmail.com> wrote:
>
> Yes, they have the same IP. The technique for hosting more than one domain on a single IP address/host is called virtual hosts. and indeed is very popular for low-traffic sites. The http get request contains the domain name that the request is for, this allows the webserver to match up the request with a particular virtual domain.
Yes, I understand the concept of vhosts.
For the reasons I described above, it's simply not possible to have
the public IP of the *VPN server* be identical to the IP of a server
that you expect to access *over the VPN*. A client computer connected
to this VPN would have to somehow figure out whether to route packets
for [that IP address] either (a) over the VPN tunnel interface, if
intended for the "web server", or (b) over the Internet-facing
interface, if intended for the "VPN server"… WITHOUT ACCESS TO
ANYTHING OTHER THAN THE IP HEADER.
To make the web server accessible over the VPN, you need to assign a
separate IP address and route it via the VPN. That's the sane and
straightforward solution here.
Dan
(ps- Please keep the list cc'ed!)
More information about the openconnect-devel
mailing list