1

I'm trying to make an SSH connection to my VPN server.

I'm connection the VPN with openConnect like this

echo PASS | sudo openconnect --juniper https://example/ -u user --passwd-on-stdin

This will by my route -n result

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 tun0
0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0 enp3s0
151.151.91.171  0.0.0.0         255.255.255.255 UH    0      0        0 tun0
151.151.91.9    192.168.1.254   255.255.255.255 UGH   0      0        0 enp3s0
161.251.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp3s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0

I can ssh to my target witch in my case is 

ssh [email protected] -p 22

IT WORKS!

But,

since I need to change the traffic to enp3s0 I'll use this command (I'm adding vpn-slice)

echo PASS | sudo openconnect --juniper https://example/ -u user --passwd-on-stdin -s 'vpn-slice 192.168.1.92'

But now I cant ssh to my destination, It will just hang

Also my route changed to this 

 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 enp3s0
0.0.0.0         192.168.1.254   0.0.0.0         UG    100    0        0 enp3s0
151.151.0.4     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
151.151.0.4     0.0.0.0         255.255.255.255 UH    1      0        0 tun0
151.151.0.5     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
151.151.0.5     0.0.0.0         255.255.255.255 UH    1      0        0 tun0
151.151.91.9    192.168.1.254   255.255.255.255 UGH   0      0        0 enp3s0
161.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp3s0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 enp3s0
192.168.1.92    0.0.0.0         255.255.255.255 UH    0      0        0 tun0

I tried to use -b option with ssh e.g ssh -b 151.151.91.179(local IP4) [email protected](destination) -p 22 but had no result

Question

How can I choose my tun0 route when SSH'ing to my destination

Improve this question

1 Answer 1

Reset to default
1

Without vpn-slice, you write that your target host has an IP address of 151.151.91.91.

But then when you invoke openconnect with vpn-slice, you aren't routing traffic to that host through the VPN:

echo PASS | sudo openconnect --juniper \
  https://example/ -u user --passwd-on-stdin -s 'vpn-slice 192.168.1.92'

As you showed, your routing table does not contain an entry to send traffic to the target (151.151.91.91) through the VPN… so when you try to connect to it with ssh, that traffic is going through your regular network adapter, and getting nowhere.

If you want vpn-slice to send traffic for this host through the VPN — and only this host — then you need to tell it so:

echo PASS | sudo openconnect --juniper \
  https://example/ -u user --passwd-on-stdin -s 'vpn-slice 151.151.91.91'

I suggest adding the -v and/or --dump flags to vpn-slice to get a better idea for how it works. And please submit an issue or PR on Github if there's something specific that you think should be improved or clarified in the documentation.

(I wrote vpn-slice.)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .