Following Situation.
One of my homeservers is running an OpenVPN server as well as an OpenSSH Server (and some other stuff), both remotely accessible.
When I'm not at home, I usually connect to said server via VPN and open a few SSH sessions via the public ip of said server.
I want to connect my homeserver to an external VPN, such that all (outgoing) traffic going through my server is tunneled through the external VPN as well.
|MobilePhone|---VPN ----|
|
|Other Dev|-----SSH ----|----VPN---->| Homeserver | --- VPN ---> | External Provider |
| ^
|Laptop|--SSH/NFS/VPN---| |
|
|
|Laptop|--------SSH---------------------|
I still want to be able to SSH into my server via its (former) public IP. My router is still directly connected to my ISP, so any incoming traffic should be forwared straight to the server, so i think that should be possible.
Naive as I am, I thought ,it might just work if I connect my server to the external VPN via tun1 (tun0 is used by the server) and I'm good to go. The external VPN's client config has nobind
set, so there shouldn't be any conflicts on the ports either.
I could still see the output of openvpn connecting. However a short time after that, all my connections dropped.
*I can now neither connect to my VPN nor can I SSH into it. Also apache isn't reachable anymore. I guess nothing would be
My router still responds to pings on its public IP address.
I guess connecting to the VPN took over my servers network interface or something in this direction. So it should be a routing issue.
But I'm not sure what exactly's going on there and what things I would have to change for this to work.
I would like to understand why this isn't working the way I tried it.
What do I need to learn about in order to setup such a scenario correctly?
Notes:
- I thought about the returning packages. But I thought I can somehow set up a route, such that all packets coming from my routers internal ip will be sent back to the router instead of through the VPN?
- Something like
ip route add 192.168.0.0/24 via 192.168.0.1 dev eth1
?
Update
I managed to get a step further by adding following lines to /etc/network/interfaces
up ip rule add from 192.168.0.0/24 table 128 || true
up ip route add table 128 to 192.168.0.0/24 dev eth0 || true
up ip route add table 128 default via 192.168.178.1 || true
This enabled me to access apache and SSH into my server via its original public IP even when the server is connected to an external VPN.
I guess that does about what I had in mind, any packets originating from my LAN or router get routed over eth0 using my router as default gateway, instead of the external VPN's tun1 adapter.
So far so good.
The problem I'm having now is, when my laptop is connected to the OpenVPN server running on my homeserver, every connection times out.
I guess the problem is similar to the original problem. The packets originating from my laptop, connected via VPN (172.16.0.10), don't get routed back to the laptop as the returning packets will be sent via the default gateway, which is the external VPN my server is connected to.
I fiddled around with the routing table trying to route anything coming from 172.16.0.0 back to 172.16.0.xx via tun0
. Eventually I screwed up the routing table and now any request times out when my laptop is connected to my servers VPN, regardless whether my server is connected to the external VPN or not.
I flushed the routing table and rebooted the server, hoping to fix at least this again.
I'm not sure whether it could be an issue that my laptop is connected to my lan (192.168.178.xx) as well.
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE