0

I have two linux machines connected to same router at home. I installed ssh-server on machineA and I am able to connect locally to machineA from machineB. However I am not able to do that when machineA has a vpn connection. The ip I am connecting to is the 'wlp2s0/inet' in the output of ifconfig of machineA. Output of ifconfig (of machineA) has additional 'tun0' block when it is connected to vpn. MachineB does not (at least as of now) have vpn connection. My goal is to have vpn connection on machineA and be able to ssh machineB->machineA (locally only) so alternate solutions are also welcome if some virtual machine trick is easier.

Edit:

machineA is 192.168.0.108

machineB is 192.168.0.102

So I am trying to access address 192.168.0.108 but I fail when I turn on vpn on machineA (and using the same port). Even ping from machineB to 192.168.0.108 does not respond. Ping from machineA to 192.168.0.102 gives ping: sendmsg: Operation not permitted. However ping machineA <-> machineB works both ways when vpn is off.

machineA$ route
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.13.10.5      128.0.0.0       UG    0      0        0 tun0
default         gateway         0.0.0.0         UG    20600  0        0 wlp2s0
10.13.10.1      10.13.10.5      255.255.255.255 UGH   0      0        0 tun0
10.13.10.5      0.0.0.0         255.255.255.255 UH    0      0        0 tun0
128.0.0.0       10.13.10.5      128.0.0.0       UG    0      0        0 tun0
link-local      0.0.0.0         255.255.0.0     U     1000   0        0 wlp2s0
14.95.40.192.st gateway         255.255.255.255 UGH   0      0        0 wlp2s0
192.168.0.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp2s0
machineA$ ip route
0.0.0.0/1 via 10.42.10.5 dev tun0 
default via 192.168.0.1 dev wlp2s0 proto static metric 20600 
10.42.10.1 via 10.42.10.5 dev tun0 
10.42.10.5 dev tun0 proto kernel scope link src 10.42.10.6 
128.0.0.0/1 via 10.42.10.5 dev tun0 
169.254.0.0/16 dev wlp2s0 scope link metric 1000 
192.40.95.2 via 192.168.0.1 dev wlp2s0 
192.168.0.0/24 dev wlp2s0 proto kernel scope link src 192.168.0.108 metric 600
machineA$ ip rule
0:  from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default 

machineB$ ip route get 192.168.0.108
192.168.0.108 dev wlp2s0  src 192.168.0.102 
cache

Edit2: I noticed that address 192.40.95.2 changes in last position between vpn reboots. For example 14->2->7

Edit3: I feel a bit ashamed. I had a switch "disable local connections" enabled on my vpn client. I can't seem to find any noticeable differences in route, ip route or ip rule outputs.

Improve this question
7
  • 1
    Check the routes on A when the VPN is active, it possibly routes everything to the VPN.
    – xenoid
    Commented Jul 1, 2018 at 8:16
  • VPN connection should not be used for local traffic - it is not for me in a similar configuration as your's. What is the output of 'route' command when your VPN is active on A? and what is the local IP of B?
    – tonioc
    Commented Jul 1, 2018 at 9:29
  • I added output of route to original post. I do not intend to ssh through vpn. I would prefer ssh connection through my local network.
    – VadaVad
    Commented Jul 1, 2018 at 11:23
  • 1
    You should edit again and add instead of route: ip route;ip rule;iptables-save -c. The Operation not permitted can also come from firewalling.
    – A.B
    Commented Jul 1, 2018 at 12:14
  • To check if the routes work as intended: do ip get 192.168.0.108 and see if it goes where it should go. If that's ok, next step is to check all firewall tables.
    – dirkt
    Commented Jul 1, 2018 at 12:42

1 Answer 1

Reset to default
1

I feel a bit ashamed. I had a switch "disable local connections" enabled on my vpn client. I can't seem to find any noticeable differences in route, ip route or ip rule outputs.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .