Results 1 to 12 of 12
  1. #1

    OpenVPN DDoS Protection

    I'm trying to set up an OpenVPN network to tunnel traffic for the purpose of protecting a web server from DDoS attacks.

    I have the OpenVPN server set up and my web server can connect, but when the web server is set to listen to the ip that openvpn assigns, it fails to start saying it cant bind to the IP.

    Any idea how i can fix this?

  2. #2
    Why don't you use gre ?

  3. #3
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,153
    I would recommend GRE, NAT or IPIP as well, if it has to be tunneling. Using a proxy software such as NGINX or HAProxy would make most sense in your case. OpenVPN is a weird appraoch for protecting a web server.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  4. #4
    I have to use OpenVPN because im tunneling from a Linux VPS to a Windows 2008 machine. I tried Ipsec+L2TP, but i couldnt get it working plus i learned that Ipsec+L2TP uses more resources than OpenVPN.

  5. #5
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,153
    You can use NAT in this case. Or, as I said, a proxy software such as NGINX or HAProxy. A tunnel is not what you want to use for a website (no X-Fordwarded-For headers, no caching, etc.).
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  6. #6
    Quote Originally Posted by infinitnet View Post
    You can use NAT in this case. Or, as I said, a proxy software such as NGINX or HAProxy. A tunnel is not what you want to use for a website (no X-Fordwarded-For headers, no caching, etc.).
    I have to use a tunnel because its the only way to protect against DDoS attacks.

  7. #7
    Join Date
    Dec 2011
    Location
    Germany
    Posts
    1,153
    Quote Originally Posted by |Jordan| View Post
    I have to use a tunnel because its the only way to protect against DDoS attacks. Reverse proxy doesnt protect against DDoS ttacks.
    I'm not sure what you mean - neither protects you from DDoS attacks, but you can use both to forward protocols from one server to another.
    Inbound Marketing & real SEO for web hosting providers
    ✎ Get in touch with me: co<at>infinitnet.de

  8. #8
    I'm using BuyVM which supplies VPS's and they provide (shared) DDoS protection with a DDos protected ip. The web server listens on the internal ip and forwards all traffic to the vps and this hides the ip address of the actual web server. Simply using a reverse proxy doesnt hide the ip address of the actual web server so the attackers can still target your web server by bypassing the ddos protection.

  9. #9
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    4,845
    Quote Originally Posted by |Jordan| View Post
    I'm using BuyVM which supplies VPS's and they provide (shared) DDoS protection with a DDos protected ip. The web server listens on the internal ip and forwards all traffic to the vps and this hides the ip address of the actual web server. Simply using a reverse proxy doesnt hide the ip address of the actual web server so the attackers can still target your web server by bypassing the ddos protection.
    If it's a proper reverse proxy (NGINX i guess) it will protect it, unless you have leaks

    You've told us you've had gameservers to protect, though, which always leads to a run around.

    Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  10. #10
    Yeah gameservers too im trying to get the web protection working first though since its simple and runs on one port. Once i get that figured out, i can apply it to the game servers which run on several ports.

    I know that it is possible to protect game servers because the person who referred me to BuyVM uses it to protect his TF2 servers albeit he uses GRE because both the VPS and his game server box are linux.

    I got OpenVPN working and the server can connect, but when i run the web server on the ip address of the TAP win32 network interface it does appear to work (locally), but i cant view it on the ddos protected ip even though i have iptables rules set up to forward the traffic.
    Last edited by Think Tank Networks; 12-08-2013 at 06:44 PM.

  11. #11
    Join Date
    Jan 2003
    Location
    Canada
    Posts
    4,845
    Then run an NGINX + the OVPN for the gameserver.

    Nothing wrong with 2 options.

    Francisco
    BuyVM - OpenVZ & KVM Based VPS Servers - Chat with us
    - All popular VPN methods supported
    - Affordable offloaded MySQL & DDoS protection
    - 5GB backup space, unmetered private LAN bandwidth & native IPv6 included. All with a strong serving of pony

  12. #12
    Ah cool, i didnt think of that. Thing is though, i have a voice server and 1 game server on the web server box (3Ghz quad core with 16GB ram).

Similar Threads

  1. [DDOS-Attack-Protection.com] Get up to 100 Gbps DDoS Protection per Server!
    By WooServers in forum Dedicated Hosting Offers
    Replies: 0
    Last Post: 12-05-2013, 07:32 AM
  2. Replies: 0
    Last Post: 08-24-2013, 06:33 AM
  3. Replies: 0
    Last Post: 04-29-2012, 05:09 PM
  4. Replies: 0
    Last Post: 05-08-2011, 02:43 PM
  5. Replies: 0
    Last Post: 10-08-2010, 04:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •