Ssh – How to SSH into a server that is using a VPN

external-connectionsshvpn

I have a Raspberry Pi server (rpi) with a static internal IP using a VPN service. My router has a static public IP and I have the NAT set up to forward SSH traffic to the rpi as I have other devices on the network.

I am able to SSH into the rpi server remotely (out of my network) when no VPN is used. I am able to SSH into the rpi internally (in my network) when the VPN is used. I am not able to remotely SSH into the rpi when the VPN is used.

I have seen other questions that are similar but I'm such a novice I couldn't quite understand fully what was explained or ascertain if the situation was the same as mine.

I don't believe I'm using a firewall on the server but am relying on the router to block connections and using NAT to forward connections. I don't understand what iproute is for or on which machine it should be configured.

Best Answer

Your Raspberry Pi has a direct connection to its local subnet 192.168.1.0/24, but the VPN ads a new route to 0.0.0.0/0, over the local default gateway. Therefore, packets back to the PC over the Internet uses the VPN route even when the incoming connection comes through the local gateway.

You could

add a new static route to the netblock of the PC via the router or
forward port 22 to another machine on your LAN, and connect to your Raspberry Pi from that machine, instead.

Related Solutions

Ubuntu – How to ssh into the Ubuntu VM when the Mac is on a VPN

My suspicion is that, when you connect to the VPN, it alters the routing tables on your computer, and redirects that route to the VPN. I believe running netstat -r while both connected and disconnected from the VPN, and diffing the results, would be the way to test for this.

I assume that you can not ping the VM from the Mac when connected, but can when disconnected.

I believe you can work around it by using a reverse SSH tunnel. (Here is one explanation on how to do it -- note that I haven't actually tried it.)

Alternately, does the VM have any other way to access it? Can you use mDNS (Bonjour) to connect, say, using hostname.local, where hostname is the VMs hostname?

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Ubuntu – How to ssh into the Ubuntu VM when the Mac is on a VPN

Ssh – How to automate SSH login with password

Related Topic