Need some help with OpenVPN + routing

eclipsedeclipsed
in VPN Setup Support
I have searched high and low and yet to find an actual working solution for this...

first of all my setup :

Ubuntu 14.04 server, full time VPN connection to PIA

Setup as proxy server for LAN clients, works great and clients confirmed to be tunneling through the proxy/VPN

Connected through terminal, server does not have a GUI and VPN is established by init.d on boot.


I want to open SSH access to this server to the internet over port 22, using my actual IP from my isp.  (connecting through my router over port 22 to the internal ip of the server),

If I add a "route-nopull" this allows me to connect to the server as expected externally.  However this causes the server to no longer route it's internet traffic over the vpn.

I have tried adding a route in the config file to my local network, this does nothing, traffic to the local network works without issue without it.  It is only coming from the public ip of my router > internal server ip that does not work while connected to VPN.

Any suggestions?

Comments

  • eclipsedeclipsed
    Found the solution myself after about a month of searching...  I had tried policy and source based routing.  Push routes through the OpenVPN config files...  But I finally found the answer and it was so simple...

    just add these 3 lines to the bottom of your /etc/network/interfaces so that it looks like the following (sudo nano /etc/network/interfaces)

    auto eth0
    iface eth0 inet static
    address 192.168.0.12
    netmask 255.255.255.0
    gateway 192.168.0.1 
    dns-nameservers 192.168.0.10
    up ip rule add from 192.168.0.0/24 table 128 || true
    up ip route add table 128 to 192.168.0.0/24 dev eth0 || true
    up ip route add table 128 default via 192.168.0.1 || true

    where 192.168.0.0/24 is your local network and 192.168.0.1 is the gateway.  Change the local network and gateway to match your networks configuration.  Save your changes and reboot.

    After reboot you can now allow access through your home router/firewall to whatever local ip and port you wish and all internet traffic from the machine will still go out the VPN tunnel. 

  • gr11ngr11n
    I've seen this kind of solution posted a few places and I'm damned if I can get it to work. Once the routes are added I can receive incoming connections over eth0 but no other outgoing connections work until I kill the vpn connection.

Sign In or Register to comment.