frame

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

How to connect to VPN from your server when SSH connection is lost?

ReginaRegina Moderator
edited December 2018 in Various Tutorials
In this article we will provide solutions to the issue, when you are connected to your first server and initiate the VPN connection to the second server but get disconnected. The SSH connection is lost with the first server. This happens because in the default OpenVPN configuration all the outgoing flow goes through the VPN server.

In this tutorial we will be using these shortened terms:

PC - the device from which connection is made
SERVER1 - Your first server.
Second Server - your VPN server

1. First solution:

In order for your traffic to be going directly through your PC and not VPN, add your PC IP route. You will be able to connect to your server only from the device's IP address that you will include. Use the command bellow while connected to your VPS via SSH:

For Container and Storage VPS:
ip r a PC-IP/32  dev venet0

For Linux VPS:
ip r a PC-IP/32 via 169.254.0.1

Please take a note that "PC-IP" should be changed into your device's IP from which you are trying to connect.

2. Second solution for advanced users:

In the pre-routing chain you need to mark the traffic to the specific port to be routed not through VPN, but  directly to the server (as it was before setting up the VPN).

For Container and Storage VPS:

* Disable rp_filter:
sysctl -w net.ipv4.conf.venet0.rp_filter=0
* Create iptables rules:
iptables -A OUTPUT -t mangle -p tcp -m tcp --sport 22 -j MARK --set-xmark 3
ip rule add fwmark 3 table 3
ip r a default dev  venet0 table 3

For Linux VPS:

* Create iptables rules:
iptables -A OUTPUT -t mangle -p tcp -m tcp --sport 22 -j MARK --set-xmark 3
ip rule add fwmark 3 table 3
ip r a default via 169.254.0.1 dev eth0 table 3
Note: When creating these rules, you can change the 22 port to, for example, 80 or 443 port. Then other services of your first server will be accesible from outside.

Additionally, if you wish that first server's traffic would go directly to a specific IP (or port), then use VPN in all cases except when connecting to server via SSH. For that create these iptables rules (example for Container and Storage VPS):
iptables -A PREROUTING -p tcp --dport 22 -t mangle -j MARK --set-mark 3
iptables -A POSTROUTING -t nat -m mark --mark 3 -j SNAT --to-source SERVER1-IP
ip rule add fwmark 3 table 3
ip r a default dev venet0 table 3

Comments

Sign In or Register to comment.

Time4VPS

Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2024 Time4VPS. All rights reserved.

Get In Touch