I would like to run OpenVPN in client mode on my cloud VM (EC2 instance), so that traffic that exits the VM in general goes through the VPN. But I would still like the existing IP Address to be available for SSH connections (so it doesn't break the SSH connection that I'm currently connected to the machine on).
Here are the current .ovpn settings file that I'm using:
client
dev tun
proto udp
remote xxx.yyy.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ
Edit: This question may be a duplicate of Prevent SSH connection lost after logging into VPN on server machine … but there is no accepted answer over there either.
Best Answer
You can use advanced routing to route packages incoming on your primary interface through the same interface. This way any traffic originating from the server will get routed through VPN, but the primary interface of your server will remain available for connections. The idea here is that if a packet comes through the primary interface, it will use a different routing table named "vpn", so it won't be affected by the routing settings of the VPN client.
In order to achieve this, do the following:
Edit the
/etc/iproute2/rt_tablesfile. It should contain something like this:Add this line to the end of the file:
To the
/etc/network/interfacesfile, under the settings of your main interface (or to the appropriate file in/etc/network/interfaces.d/), add the following lines:Replace
the.primary.ip.addrwith the IP address of your primary interface (that is, the IP you want your server to be available through), anddef.ault.gwwith the default gateway address.