Intro: Hi, I've been trying to get a VPN and ssh command to work together. And I've been successful to the point where I can get on the server with ssh user@hostname
. But when the VPN is active, all of my internet passes trough that VPN.
Target: I'd like to use my own internet connection for everything other than that SSH connection.
Option breaks SSH > VPN:
I've noticed that there is an option "Use this connection only for resources on its network" in the "Editing VPN" – "IPv4 settings" tab – "Routes…" button.
It seemed like the solution, but if I enable that, I can't connect anymore with the "ssh user@hostname" command, it hangs till it times out.
Thoughts: My thoughts so far are that it does not work because the hostname(from ssh username@hostname) and the gateway(from the VPN settings) are different. But I don't know enough about ssh or VPN to know that.
Ideas? Is there like an option in ssh that I am overlooking? I tried ssh -b gatewayFromVPN username@hostname
but this didn't seem to work (and I doubt it should). Or is there an option in the VPN settings or something that could solve this?
Thanks in advance.
Summary
- browse etc > internet connection
- (simultaneously with)
- SSH > VPN connection
"Use this connection only for resources on its network" breaks SSH > VPN
Best Answer
I have wanted to do something similar in the past. I had two ideas: split things based on port and split things based on process owner. Linux's networking system can, it transpires, handle both of these scenarios.
I asked two questions on Unix.SE. I haven't followed up on either particularly well so if you do play around, let me know what works for you.
I dare say there is some overlap between the two techniques and that's why I mention both of them here. I've also put a large bounty on the second for some solid examples. I think splitting network connections between users is probably the most useful scenario for both of us.
Edit: I just did a Google for
iptables owner
and found this. This seems to suggest that a few dirty iptables lines would fix this right up. I'm still to test but it looks positively simple...Assume you had
eth0
andeth1
connections and you wanted userbob
to useeth1
and only ever useeth1
, and force everything else ontoeth0
. This should do it...I'm assuming you can just swap our
eth1
for your VPN connection's name andbob
for an new user you'll create to run your ssh connection from via:su -c ssh username@host bob
.