Gargoyle Forum

Dear pal, I'm working with OpenVPN in client mode.

Is normal or wrong?

Regards from Chile.

Lantis wrote: ↑

Sun Jun 12, 2022 6:50 pm

Are you saying you can’t DMZ when using openvpn as a client or server?

The DMZ rule was only designed to work over WAN.
I'm not really sure a DMZ makes much sense over a VPN to begin with?
Y
In either case, you would need to write your own iptables rules sorry.

First, thanks for your reply..

About the "sense": I've created VPN 'cause the mobile Internet doesn't allow to open ports since that service only provides IP private (not bridge mode). My intention is show my CWP Server (only in case of emergency for Optical fiber fail) to the network .

As aditional note, OpenVPN is pointed to an own SoftEther Server in remote location.

Question: Modifying iptables rules could I fix my problem?

Regards from Chile.

Lantis wrote: ↑

Sun Jun 12, 2022 10:27 pm

The DMZ rule was only designed to work over WAN.
I'm not really sure a DMZ makes much sense over a VPN to begin with?
Y
In either case, you would need to write your own iptables rules sorry.

The rules Gargoyle uses to create the DMZ are as follows: Where
$from = wan
$from_if = wan
$to_ip = The IP you specify
Code Here

You would need to change:
$from = vpn
$from_if = tun0
$to_ip = The VPN IP of the device you want to DMZ

This is purely a guess, not a supported configuration, and something you would need to explore and troubleshoot on your own sorry. It isn't something the forum can really assist you with.
I don't think it will work, as you'll redirect VPN packets away from the openvpn process and hence the tunnel will die. But i might be wrong.

Individual port forwarding would be MUCH better/safer. Unfortunately the Gargoyle port forwarding has the same limitation, so again you'd need to write your own iptables rules.
Code Here

I know.. It's pure assumption but it would help me a lot if this solved the problem.

Thanks once again. I will try it tomorrow and I will comment to you.

Regards from Chile.

Lantis wrote: ↑

Mon Jun 13, 2022 4:20 am

This is purely a guess, not a supported configuration, and something you would need to explore and troubleshoot on your own sorry. It isn't something the forum can really assist you with.
I don't think it will work, as you'll redirect VPN packets away from the openvpn process and hence the tunnel will die. But i might be wrong.

Individual port forwarding would be MUCH better/safer. Unfortunately the Gargoyle port forwarding has the same limitation, so again you'd need to write your own iptables rules.

Individual port forwarding would be MUCH better/safer. Unfortunately the Gargoyle port forwarding has the same limitation, so again you'd need to write your own iptables rules.
Code Here

I was just looking at this today for a problem I had

I wanted
LAN >> VPN

But I saw it was only
WAN >> LAN

No matter

Quick clarification, I'd like to configure my gargoyle v1.12 to connect to Surfshark VPN. Is this still not supported?

Not on 1.12 if they require a username and password.

Unfortunately a username/password are required for surfshark. Is it working in 1.14?

Username and password is supported. I’m not aware of anyone trying surfshark specifically but it should be fine.