Which VPN Server Software is Best for Running Virtualmin Behind a VPN?

I hate having to change IP addresses if my ISP goes down for too long and I need to switch internet connections. Because of this, I used to run my server behind a (open)VPN(server), I have a VPS hosted by a third party, so I can put anything I want on it.

My question:
What is the most compatible solution with Virtualmin where I can just install, add details, or upload a config file in Virtualmin and be done with it?

Are you saying you want to add VPN software to your Virtualmin server?

I see this:

image350×245 11.8 KB

image1048×195 12.1 KB

image473×157 7.57 KB

Not quite. I’m more asking about what’s the best setup for the VPS. Should I stick with OpenVPN and just install the client on Virtualmin via CLI?

Virtualmin has nothing to do with VPNs or lower-level network details. You can run whatever VPN you want and you can configure networking however you like, Virtualmin doesn’t have any opinion on the matter (though if you’re using Virtualmin to manage DNS, it needs to know the public IP for records, and if the IP of the interface on the Virtualmin server will change sometimes, you’ll need to use * for VirtualHosts or do something about automatically updating the IP in Apache when the IP changes).

Jeet, not everyone uses Apache… I’ve told you this before, but of course, you can’t remember anything, haha!

Yes, I use BIND DNS, but what exactly do you mean? Here’s what I’m thinking:

1. Set up an OpenVPN client on the Virtualmin server.
2. On the VPN server, configure port forwarding to route necessary traffic (e.g., HTTP, HTTPS, SSH) from the VPN’s WAN IP to the Virtualmin server.
3. Assign the static VPN IP as the nameserver (NS) value for the domains in OpenProvider.

This way, there’s no more IP change—no matter what happens with the ISP, the VPN IP becomes the server’s consistent WAN IP address.

Does this approach make sense?

So I have setup my vpn server to portforward every necessary port, also connected the vpn using the right profile so it gets the right local ip towards the vpn server. However… if I go to the vpn ip x.x.x.x.x:1000 or whatever port it still shows as closed, virtual min. sees the correct ‘outside’ ip adres.

If you have a ‘stock’ Virtualmin install, port 10000 should be open on the machine.

root@main:~# netstat -ap |grep webmin
tcp        0      0 0.0.0.0:webmin          0.0.0.0:*               LISTEN      1854/perl           
tcp        0      0 somedomain.com:webmin syn-173-091-209-0:35996 ESTABLISHED 1032176/perl        
tcp6       0      0 [::]:webmin             [::]:*                  LISTEN      1854/perl           
root@main:~# grep webmin /etc/services 
webmin          10000/tcp

I think virtualmin is designed more to be public facing.

I use wireguard on my router.

if you have a VPS you can run virtualmin natively public facing and then install wireguard to have a VPN on it.

There are also several admin web-uis on github. or wg-easy.

My hope is that one day we get a Webmin module for wireguard VPN.

wireguard is simpler and much faster in establishing a connection compared to openvpn.

Virtualmin has a “Dynamic IP Update” feature under “Addresses and Networking,” but it’s not that reliable. PureVPN offers static IPs with port forwarding. But, the easiest option is to ask your ISP for a dedicated IP address, which typically costs around $5 per month.

lol, not in the US. My cable internet provider doesn’t offer a static address on anything less than an enterprise plan that is several hundred dollars a month.

Yeah, I should have mentioned “if the ISP supports it” in the first place.

Same situation here. I do have a static IP, but the issue is that there’s downtime with my main connection, so I’m currently relying on my 4G modem. I need the quickest and easiest way to connect my VPN server to any protocol, as long as I can easily forward the ports and get back online. I’ve tried using the swan stuff, but it refuses to port forward via iptables. I hate that stuff—setting it up is such a pain, but once it’s running… Does anyone have suggestions or a solution I can simply copy and paste? Please send me a small tutorial, I’m running out of hair to pull out of my head.

CG-NAT is terrible these days.

Thats why the sooner we move to IPV6 the better. No more NATing and no shortages of IPs.

Luckily my local power company is my FTTH ISP and up until the large network expansion for new development buildings recently, it always felt more like a side gig in a good way.

They gave me a free static IPv4 and IPv6 /56, and allowed me to have reverse DNS PTR record for mail.

I was also allowed to be unlocked from the supplied modem and can run any router directly off the wall outlet, DHCP and good to go.

The great thing about virtualmin is also that it detects local IP but automagically sets the correct DNS for the public IP.

But anyway, I think I would just get a data center VPS for reasonable budget and not have to deal with all that mess if I were on dynamic ip or CG NAT.

There are so many good KVM offers these days where you dont get any quota errors in virtualmin or need TUN/TAP for VPN.

is what Im going for… On indeed my datacenter vps… any setup suggestions?

i have installed wg easy now how to port forward? ip tables or what do you suggest?

You don’t have to open any port for Wireguard on Virtualmin machine if you want.
Have a Wireguard setup on your home router and open 13231 (default)
Have the Wireguard from Virtualmin machine connect to the Wireguard at your home.
Now, if you have a road-warrior like a laptop, connect that to your home router also via Wireguard and from there, you can access the Virtualmin machine also.

What you are referring to is a VPN in the local office. However, what I have here is an external VPS server running VPN software. On that VPN software, I need to open ports to access the 10.x.x.x IP range. I have tried multiple VPN servers and configurations with iptables , but I haven’t had any success so far

If this is a stock virtualmin install firewalld will be handling the firewall so all changes should be made to firewalld, I like you could not get the vpn server to work untill I disabled firewalld and set the rules up directly in the iptables module

That’s not useful since if you forward the ports on the vpn server it should also be picked up by firewalld since it is the same port…

Dunno why but it did not work until firewalld was disabled so it was useful for me