Tunneling between two servers to use the Internet of the second server by OpenVPN or SSH

Question

I'm from Iran and our international Internet is being shut down , so we are going to lose our connection to the world .

VPNs are getting blocked one by one . Tor Network is block and bridges do not work mostly and even if it gets you connected , the ping is above 1000 .

Some servers in our country still have international internet . ( which thier connection to the international internet is not guaranteed .)

The best way to reach international internet is to tunnel through a local(Iranian) server and from that server , Tunnel through to a foreign server . Then you can use blocked programs and websites from Iran .

::::: Your computer <==> local(Ir) server (A) <==> foreign server (B) :::::

To do this ; you need a vpn protocol which I prefer to use OpenVPN or SSH

I want to configure my server A in a way that when I connect to server A , I will use server B internet connection .

I have Installed openvpn on server B and A . openvpn server on the server B is active and I copied its client.ovpn file to my server A directory .

when I enter the command : openvpn client.ovpn

it gives me this error :

Mon Oct 10 14:37:58 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 10 14:37:58 2022 TLS Error: TLS handshake failed
Mon Oct 10 14:37:58 2022 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 10 14:37:58 2022 Restart pause, 5 second(s)
Mon Oct 10 14:38:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]168.119.106.217:1194
Mon Oct 10 14:38:03 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Oct 10 14:38:03 2022 UDP link local: (not bound)
Mon Oct 10 14:38:03 2022 UDP link remote: [AF_INET]168.119.106.217:1194
Mon Oct 10 14:39:03 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 10 14:39:03 2022 TLS Error: TLS handshake failed
Mon Oct 10 14:39:03 2022 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 10 14:39:03 2022 Restart pause, 5 second(s)
Mon Oct 10 14:39:08 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]168.119.106.217:1194
Mon Oct 10 14:39:08 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Oct 10 14:39:08 2022 UDP link local: (not bound)
Mon Oct 10 14:39:08 2022 UDP link remote: [AF_INET]168.119.106.217:1194
  

I found a lot of solutions for this problem . Many of them are different or they need some network knowledge . I just copy terminal commands and use them , I know nothing . (weeks ago I could connect to server B directly by my phone openvpn app using client.ovpn )

I just know it's a firewall problem and I should use iptables , But I don't know how .

My server.conf on server B :

local 168.119.106.217
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fddd:1194:1194:1194::/64
push "redirect-gateway def1 ipv6 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify

my client.ovpn on server A:

client
dev tun
proto udp
remote 168.119.106.217 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
verb 3
<ca>

( Apart from that , If you know how to do this just by ssh tunneling , give me your solution .

<< How to use the internet of server B just by connecting to server A >>

my laptop <== ssh ==> server A server A <== ssh ==> server B )

( or give me a way that server A is connected to server B by ssh tunnel , then I can use openvpn app or a ssh tunnel vpn to the internet of server B)

sorry for my grammatical mistakes .

Answer 1

Server A:

use the following command on server A {Replace your server IPs and Ports} :

sudo ssh -p {SERVER B SSH PORT} -f -N -L 0.0.0.0:{ANY PORT YOU WANT}:{SERVER B IP}:{SERVER B OPENVPN PORT} root@{SERVER B IP}

Example :

sudo ssh -p 22 -f -N -L 0.0.0.0:800:2.2.2.2:22222 [email protected]

After using the above command, you will be asked for the root password of server B.

• With the above command, port 800 on server A listens to 22222 which is server B OpenVPN port. To make sure everything is correct, enter the following command:

ps -aux

If you see the above command in the list, everything is correct

You have to authorize the public key in the server machine for establishing the SSH connection without using any password:

ssh-copy-id root@SERVER-B-IP

This tunnel will be lost after every reboot. Now to run this command automatically after reboot:

sudo nano vpn.sh

Paste the following lines {Replace your server IPs and Ports} then save it:

#!/bin/sh
ssh -p 22 -f -N -L 0.0.0.0:800:2.2.2.2:22222 [email protected]

Use the following command to make the shell script executable.

sudo chmod +x vpn.sh

Then :

cp vpn.sh /usr/local/bin/

For run the shell script with crontab after reboot:

sudo crontab -e

Then add the following line in the file and save it:

@reboot /usr/local/bin/vpn.sh

Now reboot the server and then use the following command to make sure everything is correct:

ps -aux

Now you can EDIT your .ovpn client file and change the Server B IP & PORT to Server A IP and the Port you set for 0.0.0.0 in the first command above

You can use this method for Shadowsocks , Outline , Anyconnect etc