Hope someone here can help me to understand.īut what I do know is that after this step, when there’s traffic coming to the public IP, the machine will accept them. I don’t even really know what are subnet and gateway. I have almost zero knowledge about network stuff. To be honest, I don’t really know what these two commands are doing. Next, we add routing rules to the table: # ip route add table 128 to / dev # ip route add table 128 default via To my understanding, the above command says, whenever there’s traffic coming to the public IP, the system will look up the routing rules in the table 128. Step 3: add a routing table and rulesįirst, we add a table for traffic coming to the original public IP and name the able 128: # ip rule add from table 128 $ ip route show dev Īgain, let’s use the previous example, in which enp8s0 is the name of the interface. The following command outputs the traffic routes related to the internet interface. For example, using this calculator with the IP address (123.123.123.123) and the mask (23), in the output, the line Network: 123.123.122.0/23 represents the subnet and the mask.
#Allow ssh through airvpn how to#
If you don’t know how to calculate the subnet, use any IP calculator on the internet. And the line inet4 123.123.123.123/23 is the public IPv4 address and the mask.
The interface enp8s0 is the one connecting to the internet in this example. For example, the output may be something like this: $ nmcliĬ1194 VPN connectionĮthernet (igb), xx:xx:xx:xx:xx:xx, hw, mtu 1500 If you are using NetworkManager, then find the inet4 information from the output of the command nmcli. There are many ways to achieve this step. Step 1: obtain subnet and mask information And this routing is allowed only when the server is responding to the traffic coming to the original IP, not other IPs (i.e., not the traffic coming to VPN’s IP). The idea of the solution is to route server’s return SSH signal through its original IP. So the client declines to accept the signals and drops the SSH connection. Then the client gets the returned signals from VPN’s IP, not the server’s public IP that it’s expecting. In other words, when the server tries to return SSH signals, it uses the VPN. The underlying issue of the SSH server behind a VPN is that, when a client connects to a server with the server’s public IP, the client expects to get server’s return traffic from the same public IP. Also, any correction is welcome! I hope to learn from real experts! That is to say, if you want to try my solution, please use with cautions. What I am sure is only that it works on my machine. But what if you really really want to use the VPN on that machine?ĭisclaimer: I am no expert, so I am not confident that all the procedures I did or all my understanding are correct. An easy solution is to disconnect the machine from the VPN, so clients outside the VPN can access it. If you own an SSH server and that machine is behind a VPN, then apparently, without any special setup, you are not able to SSH to it with its original public IP from a client outside the VPN.
0 kommentar(er)
