I have a virtual private server, which I would like to run a web server while my server is connected to a VPN service
When the VPN connection to my provider is not up, I can do anything I want with this server, ssh, scp, http etc.
Once the openvpn is running and connected to the provider's VPN service, the server is not accessible by any means and of course for a good reason
The picture is something like this :
My VPS ------------
+----------------+ / \
| | / Internet / 101.11.12.13
| 50.1.2.3|-----------------\ cloud /----<--- me@myhome
| | / \
| 10.80.70.60| / \
+----------------+ \ \
: \_____________/
: :
: :
: :
: :
+------------------+ :
| 10.80.70.61 | :
| \ | :
| \ | :
| 175.41.42.43:1197|..............:
| 175.41.42.43:yy|
| ..... |
| 175.41.42.43:xx|
+------------------+
Legend
------ Line No VPN connection present
...... Line VPN connection established
Things to clarify:
- All IP addresses and port numbers above and below are fictitious
- The lines with port numbers xx, yy and anything in between are my
assumption, not something that I know for a fact. - I set up a cron job which runs every minute pings another VPS of mine, running apache2 In the apache2 logs, I can see the origin IP address changing from 50.1.2.3 to 175.41.42.43, when VPN is active, so VPN is working fine
OpenVPN logs show these:
UDPv4 link remote: [AF_INET]175.41.42.43:1197
[ProviderName] Peer Connection Initiated with [AF_INET]175.41.42.43:1197
TUN/TAP device tun0 opened
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 local 10.80.70.60 peer 10.80.70.61
At this point, I would like to be able to ssh from myhome
to My VPS
in the picture, while the VPN is up and using PuTTY.
In the past, in one of my workplaces, I have been given a very strange sequence to ssh into one extremely secure server which had three @
signs in the string. So, it was jumping from box to box as I imagine, but since the jump boxes were running some version of windows OS and a proprietary app on those, there was no visibility for me to see what was happening under the wraps. So I did not pay much attention. Now I am beginning to realize, I may be in the same or similar situation.
Using the IP addresses and ports in the diagram and/or log snippet, can someone tell me how I can traverse through this tunnel and access my server ?
Best Answer
You get locked out of your VPS because once the VPN service is up, your ssh packets get routed via the VPN not your VPS's public IP 50.2.1.3.
Lets assume your server's:
Do the following using iproute2:
Then run your OpenVPN client config:
openvpn --config youropenvpn-configfile.ovpn &
You will then be able to ssh into your server while your server is connected to the vpn service.
You would need to add the appropriate iptable filters to restrict access to your public IP from non-ssh:22 sessions.