Jump to content
Not connected, Your IP: 3.145.57.120
Sign in to follow this  
Pepetops

Linux ssh server inside VPN with all web access are outside VPN. Is possible?

Recommended Posts

Hi

Trying to gain some download speed, I have configured eddie putting in "routes" only the pages that I want to remain inside the vpn and all the rest of web pages would go out of the vpn.

The problem that I find is that my ssh server does NOT respond to external requests while it is programmed as I said before, but it only works if all the connections work inside the vpn.

My question is: How can I make my ssh server stay within the vpn and take advantage of having a known fixed address through airdns.org.

Thank you

SOLVED

Share this post


Link to post

You want SSH to accept connections from the VPN interface but respond to a different (random) address on the internet?

This is not an easy and recommended routing setup.

A NAT rule with iptables can be a solution but again, not a solid one:

iptables -t nat -A PREROUTING -p tcp -d 10.x.x.x --dport 2222 -j DNAT --to 192.168.1.2:22

Replace all examples above with the correct addresses  and ports.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

I'm very ignorant in this, I'm sorry.
I have executed what you have told me, modifying -d 10.x.x.x by -d 10.4.0.1 which is the airvpn gateway and --to 192.168.1.2:22 by -to 150.125.1.39:22 which is my local address of the intranet The - 2222 port I have put it as 34576 which is the external port that I use from airdns.org connected to internal port 22. I have run iptables-save> / etc / network / iptables and then iptables-apply. I tried to connect from the outside through airdns.org and it does NOT connect ... What am I doing wrong?

Share this post


Link to post

-d is your local IP which you got dynamically assigned from Air, on tun0. --to can be only a local address, on which iptables can create NAT rules,

such as your local IP on this machine, or any other virtual interface, but not a WAN address in case you are behind NAT already.

 

As I said, this setup is neither recommended, nor can be (and will not be) troubleshooted much further.

Advanced users can of course do whatever they decide, but without at least basic iptables and routing knowledge it is prone

to connectivity problems, leaks, and security issues.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...