Revisions to ssh into a server which is connected to a VPN service

add link to a related question, which provide more details

edit approved Sep 20, 2021 at 12:21

103
3

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is probably 50.1.2.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via 50.1.2.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

To understand these commands in details, see the related answers.

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is probably 50.1.2.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via 50.1.2.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is probably 50.1.2.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via 50.1.2.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

To understand these commands in details, see the related answers.

Changing to an actual example gateway. A friend of mine literally typed in x.x.x.1 and didn't read the error he got. Two of the commands use example IPs but one doesn't.

Source Link

edit approved Sep 15, 2020 at 12:48

Dimitar Nestorov

103
3

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is xprobably 50.x1.x2.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via x50.x1.x2.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is x.x.x.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via x.x.x.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is probably 50.1.2.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via 50.1.2.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

Fixed formatting (correct answer now)

Source Link

edit approved Jan 1, 2017 at 18:15

phk

6.1k
7
44
76

You get locked out of your vpsVPS because once the vpnVPN service is up, your ssh packets get routed via the vpnVPN not your vps'sVPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is x.x.x.1
eth0 eth0 is device to gateway

Do the following using iproute2iproute2:

ip rule add table 128 from 50.1.2.3

ip route add table 128 to 50.1.2.0/24 dev eth0

ip route add table 128 default via x.x.x.1

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via x.x.x.1

Then run your openvpnOpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptableiptable filters to restrict access to your public IP from non-ssh:22 sessions.

You get locked out of your vps because once the vpn service is up, your ssh packets get routed via the vpn not your vps's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is x.x.x.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3

ip route add table 128 to 50.1.2.0/24 dev eth0

ip route add table 128 default via x.x.x.1

Then run your openvpn client config openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.

Lets assume your server's:

Public IP is 50.1.2.3 (as per your example setup)
Public IP Subnet is 50.1.2.0/24
Default Gateway is x.x.x.1
eth0 is device to gateway

Do the following using iproute2:

ip rule add table 128 from 50.1.2.3 ip route add table 128 to 50.1.2.0/24 dev eth0 ip route add table 128 default via x.x.x.1

Then run your OpenVPN client config: openvpn --config youropenvpn-configfile.ovpn &

You will then be able to ssh into your server while your server is connected to the vpn service.

You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.

Source Link

answered Nov 14, 2015 at 18:02

hcb

556
4
6

Loading

Stack Exchange Network

Return to Answer