SSH server can't be connected to when VPN is turned on
Solution 1
When you use a vpn generally the vpn network takes over your entire interface such that you are only routable from somewhere on the vpn network not the internet at large. Most people solve this problem by running a vm (virtualbox etc) and connecting to the vpn in that virtual machine so that it doesn't completely hose the main connection on the actual machine.
Solution 2
Before adventuring through the network setups, check if the ssh server in question listens on the vpn interface. Maybe it is bound to a specific interface on your server.
Example netstat -a
output:
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
The ssh server in this example listens on all interfaces (indicated by the asterisk in *:ssh
. If on your system there is a host address instead, the ssh server is bound to specific interfaces.
Edit /etc/ssh/sshd_config
and set ListenAddress 0.0.0.0
to adjust this, if neccessary.
If sshd already listens to the correct interfaces, feel free to enter the routing dungeon :-)
Related videos on Youtube
dharmaraju
Updated on September 18, 2022Comments
-
dharmaraju almost 2 years
I recently found that when my workstation connects through a VPN connection then its SSH server can't be connected to from a remote site. I am sure it's a routing problem because the the VPN client changes the default gateway to its peer (VPN server) of the ppp connection.
Is there a solution to make SSH server and VPN client both happy?
-
Christopher Pecoraro over 12 yearsYou can do some routing tricks to route data from the vpn one way and other data the other way (different gateways etc) but it's really just a lot easier to use virtualbox. :-)
-
dharmaraju over 12 yearsThanks for the suggestion! I'd like to know what routing trick can achieve this.
-
Psychonaut almost 9 yearsTo what address should
ListenAddress
be set? The IP of the server on the local interface? The IP of the router? Something else? -
Jamie Hutber about 6 yearsI'm using VM stu, but what I'm not able to do is get assess the VPN in the host, as I need to do dev work.
-
Christopher Pecoraro about 6 yearsoh, I was suggesting the other way. Use the vpn solely in the vm and that leaves the reak machine for open and free internet.