Jump to content
Not connected, Your IP: 34.204.3.195
mrtick

VPN only for remote access

Recommended Posts

I've tried searching similar topic, but didn't find anything.
So here's my issue:
I have a PC, that I want to have remote access (ssh) to and I only want essential routes for VPN to work.
It's connecting using wireguard and I have port 22 forwarding configured.
When I configure the PC to route everything through VPN the ssh connection works fine (and airvpn port check reports port 22 is open).
However when I restrict the route through VPN to 10.128.0.0/10 network it does not (and airvpn port check reports port 22 is closed).
So the question basically is:
When I have VPN address assigned from 10.128.0.0/10 network, what's the minimal set of routes for the port forwarding to work?
 

Share this post


Link to post
On 9/28/2022 at 4:41 PM, mrtick said:

However when I restrict the route through VPN to 10.128.0.0/10 network it does not (and airvpn port check reports port 22 is closed).


How is this restriction implemented?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 9/29/2022 at 9:50 PM, OpenSourcerer said:
How is this restriction implemented?

I've changed "allowed IPs" in wireguard conf from 0.0.0.0/0 to 10.128.0.0/10

Share this post


Link to post

Sharing a solution I've found eventually.
There are two steps:
1. Allow wireguard to accept packets from all IPs, without creating a default route:
Add "Table = off" to the [Interface] section of the config file.
2. Route all packets coming from VPN interface back through that interface:
In my case interface name is just "airvpn".

> echo 200 vpn1 | sudo tee -a /etc/iproute2/rt_tables
> sudo ip rule add from <airvpn IP> table vpn1
> sudo ip route add default dev airvpn table vpn1
And it works :)
image.png.486fffafe03752ab30ec32ac609f489e.png
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...