1

I've created an Ubuntu 20.04 scale set (2 vms) on Azure and access these vms via ssh from my laptop's shell.

I want one of them to be connected to nordvpn (using nordvpn connect command, default is openvpn connection protocol).

Once the vm connects to nordvpn server the ssh session hangs and no new ssh session can be established, so only hard reset of the vm helps to reconnect to it.

I tried to follow this tutorial but it seems to not work:

Interfaces:

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0d:3a:52:90:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.7/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:3aff:fe52:9000/64 scope link
       valid_lft forever preferred_lft forever

Routing Table:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
168.63.129.16   10.0.0.1        255.255.255.255 UGH   100    0        0 eth0
169.254.169.254 10.0.0.1        255.255.255.255 UGH   100    0        0 eth0

vpnbypass routing table created:

# echo "250   vpnbypass" >> /etc/iproute2/rt_tables
# cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
250   vpnbypass

Routing rules applied:

ip rule add table vpnbypass from 10.0.0.0/16
ip rule add table vpnbypass to 10.0.0.0/16
ip rule add table vpnbypass to 169.254.169.254
ip rule add table vpnbypass to 168.63.129.16
ip route add table vpnbypass to 10.0.0.0/16 dev eth0
ip route add table vpnbypass default via 10.0.0.1 dev eth0

port 22 and the ip subnet are whitelisted for nordvpn client:

nordvpn whitelist add port 22
nordvpn whitelist add subnet 10.0.0.0/16

After I issue nordvpn connect command the ssh session still hangs.

What am I doing wrong?

Any help is extremely appreciated.

Improve this question
7
  • Is the ListenAddress within sshd_config set to a specific IP? Until a fix can be found, a workaround would be configuring a script to restart sshd ~15s after nordvpn is started (you could even set a cronjob to do so every x minutes, as doing so shouldn't kill a current SSH session).
    – JW0914
    Commented Mar 25, 2022 at 12:37
  • @JW0914 Thank you for suggestion. Yes, the public IP address of this VM is set in sshd_config. The thing is, that after nordvpn client is connected, I cannot even establish new ssh session - only thing I can do to regain access to vm is hard restarting vm via azure web UI to disable nordvpn client.
    – drew1kun
    Commented Mar 25, 2022 at 13:18
  • I'm not familiar with NordVPN or the firewall of Ubuntu, but the way I configure my routers with OpenSSH and OpenVPN are to add a second ListenAddress set to the IP of the VPN's vlan interface, then a DNAT rule in the firewall to allow WAN traffic to that IP (this may be what you've done, as I'm not familiar with Ubuntu's firewall, and if NordVPN's client config needs modification, it supports all OpenVPN config options - they're just in a different place than the norm for OpenVPN)
    – JW0914
    Commented Mar 25, 2022 at 13:31
  • @Drew I too am facing the same issue. Did you figure this out?
    – Vaibhav Maheshwari
    Commented May 10, 2022 at 13:46
  • 1
    It sounds like the scenario you've set up is: Client connects to server via SSH, server starts VPN, client loses connection to server, server must be restarted. If that server is blocking traffic, not coming from the VPN, your client will have no way to connect. Can you create a seperate virtual interface, just for your client side connection to your azure VM?
    – Timmy Browne
    Commented Aug 18, 2023 at 17:54

1 Answer 1

Reset to default
0

It happened to me, I just needed to wait for a few minutes to connect again to it.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .