Ubuntu – Can’t SSH to server with VPN connection

dnsnetworkingserversshvpn

This is quite messed up, I know. Let me explain it all.

I have a dynamic DNS set on my router. I verified that, after port forwarding, I can connect to desired application (if I run something on port 1337 and forward the port to appropriate machine I can connect to it from outside with no issues).

Now, if I connect my Macbook to VPN and run something as described above, it works as expected. BUT, if I connect my machine running Ubuntu Server 16.04 to the VPN and run something or want to connect by ssh, it fails. I forwarded port I'm using for SSH connection on router. I also tried hosting a web server, which also failed.

What can I do about this issue? This doesn't make sense to me.

About Ubuntu Server machine: it's a clean install with openvpn client and ssh server configured, no firewall running, iptables not edited, connected to router via ethernet.

EDIT: Here are the routing tables:
http://pastebin.com/ay6fpLcL

Best Answer

OK, I managed to find a solution.

Using openvpn package without any wrappers:

Add those 2 lines to your .ovpn file (or .conf if you're auto connecting):

script-security 2
up /etc/openvpn/up.sh

Then, create /etc/openvpn/up.sh with executable permissions (755/700):

#!/bin/sh
ip rule add from <your-server-ip> table 128
ip route add table 128 to <your-server-subnet> dev <your-interface>
ip route add table 128 default via <server-gateway>

For example, here's my configuration:

#!/bin/sh
ip rule add from 192.168.1.26 table 128
ip route add table 128 to 192.168.1.0/24 dev eno1
ip route add table 128 default via 192.168.1.1

Using a different VPN client/different configuration:

I can't predict the steps required, but generally you need to run up.sh script (above) everytime your VPN connection is established.

Hope it helps someone having the same issue. Cheers!

Related Question