mayrp2001
Posts: 1
Joined: Fri Jun 14, 2019 9:18 pm

SSH with OpenVPN running

Fri Jun 14, 2019 9:24 pm

Hi All,

I'm pretty new to all this and I have ran into a bit of trouble. I had been following a youtube tutorial on setting up the raspberry pi as an always on torrent box that incorporated OpenVPN.
I also set up duckdns on my pi so that I could SSH into my pi while I was in work. All was going well, I was remotely working on my PI following the youtube tutorial, installing OpenVPN and running it. The problem is obviously, that once the PI rebooted I could no longer SSH from work into my pi for the obvious reason that It is going through a tunnel.

My question is whether there is a solution to this problem. Is there a way that I can remotely SSH into my pi while it is connected through OpenVPN?

Any help would be greatly appreciated.

Cheers

epoch1970
Posts: 2806
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: SSH with OpenVPN running

Sat Jun 15, 2019 12:10 pm

SSH and OpenVPN are unrelated services, you can use any of these at any time.

That OpenVPN is a client I suppose?
In this case if "redirect-gateway" is in use, all outgoing traffic from the point of view of the Pi goes to the tunnel, arrives at the VPN server and goes to its destination from there.
If you hit the address of your home router, the Pi receives the SSH connection, and sends its responses (and everything with a non-local destination) via the VPN server. Your computer never sees answers coming from the IP address of your home router as it expects. Meanwhile it is "attacked" by weird traffic coming from a foreign IP, the VPN gateway's IP.

If the VPN server's internet gateway allows it, you could direct an SSH connection to its IP, and the gateway would forward the connection, through the tunnel, to the Pi. It would respond through the tunnel as well, and all would be fine.

Or perhaps you can do away with redirect-gateway and run a "split tunnel" setup, where the Pi keeps its normal gateway address, and only uses the tunnel to reach other peers on the other side.
That is the way many site-to-site VPNs were setup in the old days, performance and availability is better; This setup is less secure/paranoid and most of all it does not "hide my *ss", so full tunnels are all the rage now.

Simpler solutions would be a.) to SSH into another host on the LAN, and from there SSH into the Pi (local traffic does not go via the tunnel), b.) run a VPN client instance on your machine, "meet" the Pi over the VPN and SSH into it.
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Return to “Networking and servers”