Created
July 17, 2015 01:40
-
-
Save ianchen06/1460c26686f92d31771e to your computer and use it in GitHub Desktop.
Configure SSH via public IP when an OpenVPN connection is present
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Hi, | |
| #(First, I assume you've tested the VPN and verified that it's actually working, i.e. you can make connections from your Linode and they're routed over the VPN.) | |
| #This is a classic problem: when you connect to the Linode by its public IP address, the return packets get routed over the VPN. You need to force these packets to be routed over the public eth interface. These route commands should do the trick: | |
| #Code: | |
| ip rule add from x.x.x.x table 128 | |
| ip route add table 128 to y.y.y.y/y dev ethX | |
| ip route add table 128 default via z.z.z.z | |
| #Where x.x.x.x is your Linode's public IP, y.y.y.y/y should be the subnet of your Linode's public IP address, ethX should be your Linode's public Ethernet interface, and z.z.z.z should be the default gateway. | |
| #For example: | |
| #Code: | |
| ip rule add from 172.16.9.132 table 128 | |
| ip route add table 128 to 172.16.9.0/24 dev eth0 | |
| ip route add table 128 default via 172.16.9.1 | |
| #Note that this will apply to all ports, not just ssh. If you only want to accept ssh traffic on your public IP address you'll need iptables rules like these: | |
| #Code: | |
| iptables -A INPUT -d x.x.x.x -p tcp --dport 22 -j ACCEPT | |
| iptables -A INPUT -d x.x.x.x -j DROP | |
| #(again, x.x.x.x is your public IP address) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment