Jump to content
Not connected, Your IP: 3.135.201.101
Chase87

OpenVPN per process (running on a server)

Recommended Posts

Hi,

First of all, I'm very happy with the service. AirVPN is simply the best VPN service out there and I am glad to have found you!

Running AirVPN on my desktop machines (Win, OSX, Linux) works like a charm either with plain OpenVPN or one of your clients.

 

However, I'm not really sure how I can also use your service on my Linux server to which I connect via ssh. The issue is that as soon as I run openvpn with

sudo openvpn --config your_config_file.ovpn

naturally the existing ssh connection - as well as any other means to reach my server - gets interrupted.

 

So my use case is that my server should stay reachable publicly as before, but ideally I would like to open a single shell session that gets routed through your VPN for occasional casual browsing or processes which I prefer to use anonymously..

 

Can I somehow restrict the VPN to only one process?

Do you see any other solution for my use case?

 

Best regards!

 

Share this post


Link to post

Hi!

 

In order to make your server reachable outside of the VPN, do the following:

 

Create a file eg route.sh

#!/bin/bash
ip route add <yourIP>/32 dev <interface>

Note: replace <yourIP> and <interface> with the correct values.

Make it executable:

chmod +x /etc/openvpn/route.sh

 

Then add this to your ovpn file:

up /etc/openvpn/route.sh

Voilà!

Share this post


Link to post

Hey nick75,

 

Thanks for the input. I've follewed your instructions, also added a line "security-level 2" to my ovpn file to make it pass. However, it doesn't help - the server still disappears. Here's the output of openvpn:

 

 

...
Tue Feb 28 15:04:58 2017 /sbin/ip link set dev tun1 up mtu 1500
Tue Feb 28 15:04:58 2017 /sbin/ip addr add dev tun1 10.4.1.66/16 broadcast 10.4.255.255
Tue Feb 28 15:04:58 2017 /etc/openvpn/reachable.sh tun1 1500 1558 10.4.1.66 255.255.0.0 init <- here the script is called, named it reachable.sh
Tue Feb 28 15:04:58 2017 /sbin/ip route add IP.OF.AIR.VPN/32 via 0.0.0.0
packet_write_wait: Connection to IP.OF.MY.SERVER port 22: Broken pipe  <- here my ssh connection dies, and I can't reconnect either.

 

Share this post


Link to post

I have partially resolved my issue by following this blog post:

http://www.georgiecasey.com/2013/07/26/how-to-use-overplay-and-other-vpns-as-a-curl-proxy/

 

Here it is outlined how you can prevent openvpn to add iptables entries pushed by the server. Once this is done, you then have to bind a given process to the tun0 interface, whereas the rest of the traffic is unaffected. This however relies on the ability of a program to specify the network interface, e.g.

 

ping -I tun0
traceroute -i tun0

 

etc. It would be great if I could simply create some environment (like a bash shell) in which all subprocess get routed through tun0. This however seems a little tricky.

On Windows there's a very useful tool called ForceBindIp.exe, which the Unix world seems to lack.

Share this post


Link to post

Either what you call "IP.OF.AIR.VPN" is a misnomer or you got it wrong!

It should be your device/computer's IP address (or your public address if it's a remote server).

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...