Ubuntu – Can’t SSH to server with VPN connection

Ubuntu – Can’t SSH to server with VPN connection

dnsnetworkingserversshvpn

This is quite messed up, I know. Let me explain it all.

I have a dynamic DNS set on my router. I verified that, after port forwarding, I can connect to desired application (if I run something on port 1337 and forward the port to appropriate machine I can connect to it from outside with no issues).

Now, if I connect my Macbook to VPN and run something as described above, it works as expected. BUT, if I connect my machine running Ubuntu Server 16.04 to the VPN and run something or want to connect by ssh, it fails. I forwarded port I’m using for SSH connection on router. I also tried hosting a web server, which also failed.

What can I do about this issue? This doesn’t make sense to me.

About Ubuntu Server machine: it’s a clean install with openvpn client and ssh server configured, no firewall running, iptables not edited, connected to router via ethernet.

EDIT: Here are the routing tables:
http://pastebin.com/ay6fpLcL

Best Answer

  • OK, I managed to find a solution.

    Using openvpn package without any wrappers:

    Add those 2 lines to your .ovpn file (or .conf if you’re auto connecting):

    script-security 2
    up /etc/openvpn/up.sh
    

    Then, create /etc/openvpn/up.sh with executable permissions (755/700):

    #!/bin/sh
    ip rule add from  table 128
    ip route add table 128 to  dev 
    ip route add table 128 default via 
    

    For example, here’s my configuration:

    #!/bin/sh
    ip rule add from 192.168.1.26 table 128
    ip route add table 128 to 192.168.1.0/24 dev eno1
    ip route add table 128 default via 192.168.1.1
    

    Using a different VPN client/different configuration:

    I can’t predict the steps required, but generally you need to run up.sh script (above) everytime your VPN connection is established.

    Hope it helps someone having the same issue. Cheers!

  • Add a Comment

    Your email address will not be published. Required fields are marked *