Jump to content
Not connected, Your IP: 3.147.58.159
f58189f403

ANSWERED SSH remote administration without leaving AirVPN servers?

Recommended Posts

Both my home and remote servers connect to the internet through AirVPN tunnels. I use SSH to remotely admin and would like to connect to the remote server without leaving AirVPN's network. Bellow is an image I knocked together for example of what I want to do.

SSH tunnel.gif

Share this post


Link to post

Hello!

You can rely on inbound remote port forwarding used by the remote server, please see here:
https://airvpn.org/faq/port_forwarding/

Configure sshd to listen to the remotely forwarded port, preferably on all interfaces, in order to avoid a potential lock out of remote ssh connections (if the VPN connection is not established, sshd should remain reachable on the server's real IP address), and restart sshd.

Please make sure that your devices and the remote server connect to either different VPN servers (simpler solution), or by using different keys, in order to prevent conflicts with remote port forwarding. If you decide to connect different devices to the same VPN server, your remote server's ssh port should be remotely forwarded only for the key used by the remote server itself to connect to the VPN server. If necessary, please see here:
https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/

On the AirVPN account port panel you can link a port to a single specific "device".

Kind regards
 

Share this post


Link to post
5 hours ago, Staff said:

... (if the VPN connection is not established, sshd should remain reachable on the server's real IP address), ...


For Linux, with proper routing/firewall rules, you can ensure that sshd is reachable on the real IP address even if the VPN is established.

https://github.com/tool-maker/VPN_just_for_torrents/wiki/Maintaining-SSH-Access-Using-a-VPN-on-a-Remote-Linux-Server

This might be helpful for trouble shooting.

If the OP just wants to be able to SSH to the server without stopping the VPN, rather than needing to go through the VPN, this might be a better solution?

 

Share this post


Link to post
52 minutes ago, NaDre said:

If the OP just wants to be able to SSH to the server without stopping the VPN, rather than needing to go through the VPN, this might be a better solution?


Hello!

Maybe not for the OP as he/she wrote "without leaving AirVPN's network", but in general it could be, provided that the user is fine with Network Lock disabled.

With Network Lock engaged, the user wanting to adopt this solution and at same time wanting Network Lock can improve the setup by inserting on top a specific input rule allowing packets to sshd through the physical network interface after Network Lock has been applied (because at the activation the previous rules are flushed). Furthermore, to avoid correlations sshd listening port should not be remotely forwarded by the AirVPN account since incoming connections through the VPN interface wouldn't be needed anymore.

Kind regards
 

Share this post


Link to post
On 9/20/2024 at 9:42 AM, f58189f403 said:

Still trying to work it out. How do I get the device in the Devices tab to bind to the server or home computer?


Hello!

We're not sure we understand the question. If you mean how to connect a machine through a specific certificate/key (i.e. a "device" in the user panel), then it's simple:
  • on Eddie GUI's main window, just under the login credential fields, you have a combo box which will let you pick any certificate/key (if the box does not appear, log the account out and in again)
  • on Eddie CLI, you can set it with the option --key=key_name
  • on Bluetit, you may either specify the key on the bluetit.rc run control file (option airkey key_name) or on the Goldcrest configuration file or line option through the option air-key key_name
Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...