What's new

Port Forwarding not working for pc running openvpn

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

goaspy

New Around Here
Hi, I don't know if this a router issue or a linux issue, but when I connect OpenVPN on my linux machine, I can no longer remote connect over ssh.

I'm suspecting the router because I can connect from the internal network just fine even when the vpn is connected, but not externally.

I have port 22 forwarded, and it works fine when the pc is not connected to vpn.

I have no special routing in the router, other pc's in my network access regular internet.

Please advise. Thanks.

PS: My router is AC56U, running 376.49_5
 
Last edited:
What VPN are you connecting to? One that you control the server or a commercial VPN service? Most commercial VPNs block all but the standard ports.
 
If I understand correctly, you're initiating the VPN connection from your Linux machine which is inside your internal network. And then have a SSH port forward from the WAN side of the router pointing to your Linux machine. If that's the case I suspect that once your Linux machine connects to the VPN it's default gateway is pointed to the remote server that it's connected to. So when you're trying to access the Linux machine from outside your internal network it won't be reachable.

One of the VPN guru's here will likely be able to point you to a way of either modifying the client connection side or adding a static route after the VPN connection has been establish so that you can then reach the Linux machine again from outside the network.
 
If I understand correctly, you're initiating the VPN connection from your Linux machine which is inside your internal network.

That's right, thanks for explaining it a bit better.

Is there a way to fix this probable gateway situation without affecting the VPN connection? I still want the traffic from this client machine to go trough the VPN connection.

What VPN are you connecting to? One that you control the server or a commercial VPN service? Most commercial VPNs block all but the standard ports.

It's a commercial VPN, and I've tried connecting to that IP just in case, it didn't work :) But I'm puzzled why connecting from another machine on my internal network works, but not externally.
 
Last edited:
That's right, thanks for explaining it a bit better.

Is there a way to fix this probable gateway situation without affecting the VPN connection? I still want the traffic from this client machine to go trough the VPN connection.



It's a commercial VPN, and I've tried connecting to that IP just in case, it didn't work :) But I'm puzzled why connecting from another machine on my internal network works, but not externally.

Because that machine does not have to deal with the VPN tunnel.

Tunnels introduce two problems:

1) the tunnel providers typically is adding its own level of NAT, so inbound connections can't reach you, because the provider isn't forwarding the port on THEIR router toward you. You need either a tunnel provider that allows you to configure some sort of port forward on their end, or one that gives you an actual public IP on your tunnel endpoints, with no NAT.

2) Tunnels where you force your Internet traffic through them mean the inbound gets from one route (your ISP) and the outbound tries to go through a different route (the tunnel). That simply doesn't work, as both in and outbound traffic for a given connection must go through the same route.

The bottom line is: forget about port forwarding when using a tunnel where you force all your Internet traffic through, unless you are prepared to do a lot of manual configuration at the router's traffic classifier level. Not something simple to do.
 
I've found a workaround. I've enabled SSH over WAN on the router, connected to it, and then I've opened another tunnel to my machine connected to VPN.

So tunnel, in tunnel, I can access my machine regardless of the VPN connection. :)

Is it safe to leave the SSH to my router exposed? I've selected the brute force protection (I guess it's similar to fail2ban running on my machine), I hope that's enough. Also I've set a port different from 22.

Thanks.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top