All geek questions in one place

SSH connection is screwed after establishing a VPN connection

I searched a lot for my problem, but did not find a possible solution, so I thought that I myself would ask a question.

Problem:

I have a remote server (allows calling A) and a local computer (lets call it B), both start Ubuntu 14.04. I could set up a reverse SSH tunnel connecting A and B by doing this on server A: ssh -R 2014: localhost: 22 userb @B On local computer B: ssh -p 2014 UserA @ local

where user-a and user-b are two users in and B. respectively.

Now I connect A to the VPN. After a successful VPN connection is established, the ssh session does not currently respond anymore. In addition, I cannot get into A until I have killed the VPN connection.

Is there a way for both SSH and VPN to be happy? Perhaps to separate an SSH session from a VPN? (I found something called split tunneling, but didn't really understand it). Can anyone enlighten me on this?

+4
source share
2 answers

It may be a little late, but ...

The problem is that the default gateway changes to OpenVPN, and this interrupts your current SSH connection if you do not configure the appropriate routes before starting OpenVPN.

. iptables ip (iproute2). , OpenVPN "eth0". , , eth0, eth0 , eth0.

, . , .

# set "connection" mark of connection from eth0 when first packet of connection arrives
sudo iptables -t mangle -A PREROUTING -i eth0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1234

# set "firewall" mark for response packets in connection with our connection mark
sudo iptables -t mangle -A OUTPUT -m connmark --mark 1234 -j MARK --set-mark 4321

# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 table 3412

# route packets with our firewall mark using our routing table
sudo ip rule add fwmark 4321 table 3412

===

UPDATE:

Debian Jessie. Wheezy , "" :

# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 via 12.345.67.89 table 3412

"12.345.67.89" VPN-.

+3

VPN , . , ssh- . , , ssh -R 2014: localhost: 22 userb @B VPN?

traceroute? ( VPN). - vpn? , .

--- EDIT

, VPN, A:

telnet B 22

, TCP SYN . , , hidemyass , ssh- .

, VPN ? B A VPN? traceroute VPN ( whatismyip.com, ).

, :

tcpdump -nnXs 0 -i eth0 host ip.of.vpn

+1

Source: https://habr.com/ru/post/1548051/

More articles:


All Articles