Member-only story
Routing Traffic To A CIDR Range via VPN Using OpenVPN CLI
Recently we had a requirement to route traffic to one of our staging sites via OpenVPN. This staging site is publically accessible since a lot of external users(within the same organization but different departments) also access this site. In our firewall, we only whitelisted OpenVPN Server’s Public IP(which is AWS NAT Gateway IP). This way only those users who have our VPN server access, can access the site.
Now you can go to OpenVPN Admin Console->Configuration->VPN Settings ->Specify the private subnets to which all clients should be give access and give the IP addresses where the website is pointing to. After this change, your traffic to the site will be going via VPN server, and not over your internet connection.
The problem in our case was that our website is poiting to an ALB and ALB’s IP can change quite frequently. So every time ALB IP changes, access gets broken and we need to add the new IP in our OpenVPN server configuration. To overcome this issue, we created a script and scheduled it as a cron job.
#!/bin/bash
FILE=/home/openvpnas/dont_delete_ip.txt #Store current IP address of the website in this file
dig +short test.com | tail -n2 >/tmp/current_ip.txtif test -f "$FILE"; then
previous_ip_address=`cat $FILE`
current_ip_address=`cat…
