HTTPS Proxy over VPN

[Essence]

I have set up zentyal on a work server (192.168.1.xxx).
This machine is behind a router (lets say 208.xxx.xxx.xxx) and connected just on eth0 (which is currently configured as internal).
I have set up VPN so that external users (people working from home) may access to the local network machines (192.168.1.xxx), which is working great.

What I want to do is have it so that the external VPN users (174.xxx.xxx.xxx) can access https webpages as if they were from the work address of 208.xxx.xxx.xxx.

I can find little documentation on how to do this, any help would be greatly appreciated. I am not sure what firewall or proxy settings on the zentyal server would be required, or if I need to make the zentyal server's eth0 as external even though it is behind the routers.

To clarify the setup at work. The internet comes in through a router. On this router are many machines, including the zentyal server.

Thank you for any help!

Bryan

[christian]

Bryan,

Do you mean that 208.x.x.x is your external (public) IP address?
Does it also mean that Zentyal is not "between" internal and external networks?
Is your question related to access to "external web servers" using Zentyal HTTP proxy for HTTPS protocol? If yes, you have to ensure that Zentyal proxy is configured in explicit (non transparent) mode.
Last but not least, what do you mean with:

What I want to do is have it so that the external VPN users (174.xxx.xxx.xxx) can access https webpages as if they were from the work address of 208.xxx.xxx.xxx.

HTTPS is quite different from HTTP because of the tunnel and tunnel is between web browser and HTTPS server, not between proxy and server. Thus could you please clarfify your goal?

[Essence]

Sorry I will try to clarify.

There is an external page (https://www.external.com) which is only accessible from our work IP address (208.x.x.x).
208.x.x.x is our external IP address.

The zentyal server is not between internal machines and external ones.
The Zentyal server along with other internal machines are on a router together.

The goal is that if someone is working from an external location, then they would be able to view a webpage (https://www.external.com) as if they were from our work external IP of 208.x.x.x.

I hope this helps clarify, thanks for your help

Bryan

[christian]

Which means that if you are using Zentyal proxy to relay requests from VPN via your router, it will be seen as "flow from internal" like any other client isn't it?

[half_life]

Probably needs an allow line in the apache config file for his vpn IP address range.

[robb]

If you want to use your VPN clients to use the gateway of your network instead of their local gateway you will have to uncomment the push "redirect-gateway" line in the config file for your VPN server.

you can find the config file in /etc/openvpn

I do not know if this will be persistent since zentyal works with the .mas config environment.

[Essence]

Thanks for the responses.

The last comment about having my VPN clients use the gatewayof my network instead of their local gateway sounds correct, assuminig this will have them appear to have the external IP of my work network.

I will try and modify this setting and report back any success or failure. Thank you.