I like to control access to different Openhab Services via nginx (allow - deny rules for IPs in the location blocks). This works fine for local access to the Openhab Server. When I use external access via OpenVPN (a Synology DS running the OpenVPN server), nginx does not recognize the local IP (assigned by the VPN Server) of the VPN client.
My router is a Unifi Dream Machine Pro.
How can I get this problem resolved?
What do you mean by “nginx does not recognize the local IP”? Can you connect at all? What does nginx access.log and/or error.log show?
I want to allow / restrict access to specific sitemaps and habpanels using ALLOW and DENY rules for specific IPs using the nginx location block.
But nginx does recognize the OpenVPN Client IP, thus I can not write specific rules for VPN access.
More specific, right now I need to define a rule that opens the door completely (allow all) to give VPN clients access to a specific openhab service - which defeats the purpose.
I still don’t understand what you mean by “not recognizing” nginx sees the IP the devices sends as the source address in the IP packet, which should be the IP the device gets from the OpenVPN server. There’s no other means of “recognizing” the address of a device. Then that IP just needs to be allowed in the nginx config.
I just did a trial in my envrionment - yours of course might be different but …
I connected with my mobile via VPN to the VPN that is provided by my router.
Connecting to the OH server on port 80 I am redirected to my external IP address on port 443.
From that moment on I only see the public IP address of my mobile.
Second trial connecting to the https port of the NGINX interal IP address I am not redirected and access with the internal IP works and is logged in the nginx log file.
When looking into the NGINX error log, I saw that the mobile device used the local IP of the OpenVPN server to access Openhab. So by allowing this IP in NGINX ,the access to Openhab worked.