Connected to OpenVPN Server but can't SSH
To limit SSH connect for VPN clients, you need to first open port 22 for the VPN subnet. Using the default OpenVPN subnet 10.8.0.1/24
sudo ufw enable
sudo ufw allow 1194/udp comment "Allowing OpenVPN Connections"
sudo ufw allow from 10.8.0.1/24 to any port 22 proto tcp comment "SSH allowed for VPN clients"
Now after connecting to the VPN, SSH the server with
ssh [email protected]
Related videos on Youtube
N. Chalifour
Updated on September 18, 2022Comments
-
N. Chalifour over 1 year
I created a OpenVPN Server on my Ubuntu 18.04 home server using this tutorial. I can't connect to my VPN using tunnelblink on my mac but I get a message saying that my apparent IP address did not change. I want to be able to connect to my VPN and then access my home network as if I was there. I have a file server that I want and a media server. My computer says its connected to the VPN but I can't SSH into my server afterward. I also port forwarded 1194 to my VPN server. I followed the instructions to a tee however I did not do either of the optional steps.
Can anyone help?
-
j-money over 5 yearsI don't think this is how a vpn works... But I am no expert on vpns. Why are you not just using ssh to connect to the server? Why add this extra layer of complexity that is the vpn?
-
N. Chalifour over 5 yearsBecause I don’t want to just port forward my ssh because and then anybody can SSH into my computer if they get my public ip
-
N. Chalifour over 5 years@j-money from what I have read, OpenVPN is meant for exactly this
-
Bernard Wei over 5 yearsAre you trying to start ssh connection to the server after your machine has vpn connection to the server? That shouldn't be problem but you do need to open a firewall rules to allow ssh if you have block port 22. You can unlock it for internal vpn IP's if you don't want external excess. What is your internal IP pool?
10.8.0.XXX
? -
N. Chalifour over 5 years@BernardWei yes that is what I’m trying to do... I allowed port 22 on my ufw... what is an internal IP pool?
-
Bernard Wei over 5 years@N.Chalifour The default IP pool should be
10.8.0.xxx
if you haven't changed it from the default. So you need to open port 22 for10.8.0.1/24
and ssh to10.8.0.1
to access the server via the VPN tunnel. -
N. Chalifour over 5 years@BernardWei open 10.8.0.1/24 on the firewall? Also just curious, where does 10.8.0.1/24 come from?
-
Bernard Wei over 5 years@N.Chalifour It means taking 24 bit from the total of 32 from this IP address
10.8.0.1
. It's like telling the firewall to use the wildcard10.8.0.*
But firewall don't use wildcard, so we use bit mask. -
N. Chalifour over 5 years@BernardWei thanks! It worked... if you put that as a answer I will accept it
-
Bernard Wei over 5 years@N.Chalifour Good to hear it works for you, I have similar setup. Answer added, cheers.
-
-
Mantra about 5 yearsIs there a way to still reach the server via its FQDN instead of the internal OpenVPN IP?
-
Bernard Wei about 5 yearsIf you follow the standard setup for OpenVPN, it is possible to reach the server using external FQDN, but you need configure the firewall to allow SSH connections from those origins. Or you could just open all external connections for SSH using sudo ufw allow ssh.
-
Mantra about 5 yearsI've used this script: github.com/angristan/openvpn-install — I only want to allow SSH from specific IP ranges and the server itself, if I'm connected to it via VPN. I can't add the FQDN with
ufw
("Bad source address"), obviously, but I'll try with the server's fixed external IP address.