Jump to content
Not connected, Your IP: 3.147.104.18
mehāniskākaravīrs935

Is it possible to use a VPS with AirVPN?

Recommended Posts

Hello, is it possible to encapsulate my VPS internet connection in a VPN? For situations where i cannot use OpenVPN, i could theoretically use a SSH tunnel to my VPS which would connect me to the VPN network. Not sure if its possible, so some fact checking would be appreciated

Share this post


Link to post

Why you cannot use OpenVPN? In any case, you can do any combination of SSH/OpenVPN from your home network, to the VPS server and to Air servers.

It can be either SSH both sides, or VPN both sides, or halfway SSH/VPN.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Hello, is it possible to encapsulate my VPS internet connection in a VPN? For situations where i cannot use OpenVPN, i could theoretically use a SSH tunnel to my VPS which would connect me to the VPN network. Not sure if its possible, so some fact checking would be appreciated

Yes. It is possible. But you have to be aware of an issue. See these posts:

 

https://airvpn.org/topic/18862-cant-connect-to-vpn-on-a-openvz-centos-7-vps/?p=46258

https://airvpn.org/topic/12274-ubuntu-vm-cant-connect-through-openvpn/?p=44812

 

===

 

"Why?", you ask.

 

I need to use a VPS in Europe together with AirVPN (I cannot find a VPS with a UK IP address that is not banned by BBC) to access British sites because I am in North America where ISP's are notorious for providing crappy peering to Europe, and many other places. I rip things to the VPS (over AirVPN) because I can usually have the file on the VPS in 10 to 20 seconds instead of an hour. Then to get it onto my home PC ASAP I download to home using segmented download (multiple simultaneous transfers of portions of the file)  with LFTP under Cygwin.

 

In order to browse the sites over the same connection I am about to use for ripping, I SSH/SOCKS to the VPS which then routes it over the same AirVPN connection.

Share this post


Link to post

Why you cannot use OpenVPN? In any case, you can do any combination of SSH/OpenVPN from your home network, to the VPS server and to Air servers.

It can be either SSH both sides, or VPN both sides, or halfway SSH/VPN.

Using public computers pretty much means OpenVPN is useless as its impossible to get admin level permissions. SSH on the other hand can get through, however it is not on the AirVPN network. The idea i had would be to connect the VPS to the VPN and then SSH to the VPS and use its OpenVPN connection.

Share this post


Link to post

You have SSH tunnel option with Air as well, unlike the majority of other VPN services which don't. You don't need any additional VPS.

 

I think he means PC-s where one cannot get onto an "Administrator" account. You cannot start OpenVPN (i.e. configure the TAP interface or the routing table) on Windows without this. Tunneling over SSH does not remove this necessity.

 

===

 

I should have emphasized in my first post that the VPS in Europe still needs to use AirVPN because I can no longer find a VPS provider whose UK IP addresses are not blocked by BBC. Having the VPS be in Europe is just to avoid poor peering. I have tried using a VPS in North America through AirVPN (OVH) and had results not much better than I get at home.

Share this post


Link to post

 

You have SSH tunnel option with Air as well, unlike the majority of other VPN services which don't. You don't need any additional VPS.

 

I think he means PC-s where one cannot get onto an "Administrator" account. You cannot start OpenVPN (i.e. configure the TAP interface or the routing table) on Windows without this. Tunneling over SSH does not remove this necessity.

 

===

 

I should have emphasized in my first post that the VPS in Europe still needs to use AirVPN because I can no longer find a VPS provider whose UK IP addresses are not blocked by BBC. Having the VPS be in Europe is just to avoid poor peering. I have tried using a VPS in North America through AirVPN (OVH) and had results not much better than I get at home.

Which is where PuTTY and a good VPS come in handy Which again is why i am asking if it is possible to connect my VPS to AirVPN so i can use my VPS as a passthrough to a VPN node.

Share this post


Link to post

This is something I miss in Airvpn: ssh tunneling without needing admin rights, but it's not in Airvpn plans

Share this post


Link to post

This is something I miss in Airvpn: ssh tunneling without needing admin rights, but it's not in Airvpn plans

 

The admin rights are required for setting alternative default route, not for the SSH connection.

This is how operating systems work, it's not "AirVPN plans" or anything related.

 

The solution with a VPS will have the same limitation. You cannot wrap all traffic in a tunnel

without admin rights, so this will not solve anything on limited permissions accounts.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

 

This is something I miss in Airvpn: ssh tunneling without needing admin rights, but it's not in Airvpn plans

 

The admin rights are required for setting alternative default route, not for the SSH connection.

This is how operating systems work, it's not "AirVPN plans" or anything related.

 

The solution with a VPS will have the same limitation. You cannot wrap all traffic in a tunnel

without admin rights, so this will not solve anything on limited permissions accounts.

 

 

It worlks very well to browse the web and hide our ip in places where we can't use an admin password and we're limited, for exampke schools, jobs, etc. And where the proxy limits the users not using youtube, downloads from certain sites, some websites, etc

So iI's useful and even necessary in those places where you are without admin rights and limited.

Share this post


Link to post

Again, this is not something you can "fix" or add as a feature - it is an OS limitation, and a fair one.

This is why I don't quite understand what benefit a VPS would provide - you will still be limited in a way

which you cannot change your current routing table. This is not because of the Air client.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

...

The solution with a VPS will have the same limitation. You cannot wrap all traffic in a tunnel

without admin rights, so this will not solve anything on limited permissions accounts.

 

But they will have "root" access on their VPS, which is where they now need it. They no longer need it on the PC where they are sitting.

 

Again, this is not something you can "fix" or add as a feature - it is an OS limitation, and a fair one.

This is why I don't quite understand what benefit a VPS would provide - you will still be limited in a way

which you cannot change your current routing table. This is not because of the Air client.

 

I don't think they expect anyone to modify OpenVPN. They want AirVPN to provide SOCKS servers or SSH servers that will allow the SSH client to do SOCKS, so that they don't have to set up a VPS to do it for themselves.

 

AirVPN have been very clear in the past that they are not going to do that.

Share this post


Link to post

But they will have "root" access on their VPS, which is where they now need it. They no longer need it on the PC where they are sitting.

 

In that case, same procedure applies as it would be for a Linux machine. There are no special requirements, except

maybe a forwarded port in order to maintain a VNC connection to it.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

This is something I miss in Airvpn: ssh tunneling without needing admin rights, but it's not in Airvpn plans

 

The admin rights are required for setting alternative default route, not for the SSH connection.

This is how operating systems work, it's not "AirVPN plans" or anything related.

 

The solution with a VPS will have the same limitation. You cannot wrap all traffic in a tunnel

without admin rights, so this will not solve anything on limited permissions accounts.

I'm not attempting to wrap my entire connection. Just to use PuTTY as a proxy for a browser that goes through a VPS which will go through AirVPN.

Share this post


Link to post

 

...

The solution with a VPS will have the same limitation. You cannot wrap all traffic in a tunnel

without admin rights, so this will not solve anything on limited permissions accounts.

 

But they will have "root" access on their VPS, which is where they now need it. They no longer need it on the PC where they are sitting.

 

>Again, this is not something you can "fix" or add as a feature - it is an OS limitation, and a fair one.

This is why I don't quite understand what benefit a VPS would provide - you will still be limited in a way

which you cannot change your current routing table. This is not because of the Air client.

 

I don't think they expect anyone to modify OpenVPN. They want AirVPN to provide SOCKS servers or SSH servers that will allow the SSH client to do SOCKS, so that they don't have to set up a VPS to do it for themselves.

 

AirVPN have been very clear in the past that they are not going to do that.

 

Which is why the VPS itself should have OpenVPN running, and my local computer will SSH to that VPS, which should tunnel me into the AirVPN Network.

 

Local Computer (PuTTY)-VPS(OpenVPN)-AirVPN-Internet

Share this post


Link to post

This being said, how could i maintain a SSH connection if my server is behind a VPN Node? SSH Port 22 will be impossible. Can you configure SSH on the VPS to run on a AirVPN forwarded port?

 

Yes, you can edit your sshd_config and run SSH on a high port that you can forward.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

This being said, how could i maintain a SSH connection if my server is behind a VPN Node? SSH Port 22 will be impossible. Can you configure SSH on the VPS to run on a AirVPN forwarded port?

 

Yes, you can edit your sshd_config and run SSH on a high port that you can forward.

And once i configure that port, i can use that port in PuTTY right?

Share this post


Link to post

This being said, how could i maintain a SSH connection if my server is behind a VPN Node? SSH Port 22 will be impossible. Can you configure SSH on the VPS to run on a AirVPN forwarded port?

 

Did you look at the links I posted before? I think you should.

 

Share this post


Link to post

 

This being said, how could i maintain a SSH connection if my server is behind a VPN Node? SSH Port 22 will be impossible. Can you configure SSH on the VPS to run on a AirVPN forwarded port?

 

Did you look at the links I posted before? I think you should.

 

 

So, its not possible then? Those posts seem to state that its impossible to use SSH to a machine connected to OpenVPN.

Share this post


Link to post

...

So, its not possible then? Those posts seem to state that its impossible to use SSH to a machine connected to OpenVPN.

 

They explain a problem you will encounter and then (if you follow more links) ways of solving the problem.

 

As I said in the same post, I DO this! It IS possible.

 

If you want me to provide a customized recipe just for you here in this thread, I am going to disappoint you.

 

 

UPDATE:

=======

 

I changed my mind. Here is a recipe.

 

I did not actually explain the problem above. The problem is that the default gateway gets changed by OpenVPN, and that breaks your current SSH connection unless you set up appropriate routes before you start OpenVPN.

 

It is assumed here that the default gateway interface before OpenVPN is started is "eth0". This is the usual convention for Linux systems.

 

It should ensure that when a connection to eth0 is made, even if eth0 is not the default gateway interface anymore, response packets for the connection go back on eth0 again.

# set "connection" mark of connection from eth0 when first packet of connection arrives
sudo iptables -t mangle -A PREROUTING -i eth0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1234

# set "firewall" mark for response packets in connection with our connection mark
sudo iptables -t mangle -A OUTPUT -m connmark --mark 1234 -j MARK --set-mark 4321

# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 table 3412

# route packets with our firewall mark using our routing table
sudo ip rule add fwmark 4321 table 3412
===

 

UPDATE to UPDATE:

 

The above works fine for me on Debian Jessie. But on an older Wheezy system I have just found that I need to add "via" to the routing table entry:

# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 via 12.345.67.89 table 3412
There "12.345.67.89" must be the original non-VPN gateway.

Share this post


Link to post

I didn't spot this thread before, and I know it's old, but it's so on target for me that I had to respond.

Firstly thank you for posting the info above. I am VERY new to Linux (if you're even still around and reading this :D) and I just set up a linux VPS myself to do some remote work but mainly to learn and play around with linux as I am getting interested in it!
I found your commands on another site (stack overflow maybe). I have tried them but no luck for me. I was using mullvad vpn client, maybe that's why they don't work for me (on ubuntu 20.04).
Will this only cure the problem for those running OpenVPN rather than a provider's client?
thanks again if anyone gets an alert for this golden oldie!

Share this post


Link to post
On 7/31/2016 at 5:16 PM, zhang888 said:

 

In that case, same procedure applies as it would be for a Linux machine.


Is there a guide or help page on how to set up this procedure?

Share this post


Link to post

Mr. Terry Stanford, please don't multipost. Your thread is here:

I'd like to turn your attention to the fact the same people who responded to you there are now responding to you here and the responses are very similar. I hope you see the redundancy in communications and why multiposting will get us nowhere. :)

I will lock the thread for now. Anyone else wishing to do what is described herein, open a new thread and describe your personal issues. If needed, link to the thread or individual posts. Your own thread is also a better way for others to help you directly without notifying everyone who may be following this particular thread. Thanks.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...