dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1578
share rss forum feed

salvo2002

join:2012-08-30
Bellevue, NE

VPN Service & ISP IP

Background:
I am currently running OpenWRT on a buffalo WZR-HP-AG300H and using OpenVPN to connect to a VPN service. When connected to the VPN a TUN device is created and assigned a class A IP from the VPN server and then all the traffic in/out of the router is through the VPN. When I am connected to VPN Whatismyip.com shows my public IP as the public IP of the VPN server. Most of the time I am away from my home lan and need to access my file server by using ssh. With the VPN running I am unable to get routed into my lan since my public IP is that of the VPN server and I can't change any of the routing on the VPN server.

Question:
With the VPN connected is there anyway for me to use my ISP public IP to ssh into my local lan? Is this even possible? Any suggestions? (I am a newbie when it comes to routing, subnets, firewalls, etc.)

Supporting Info:
eth1 = WAN port, tun0 = VPN, br-lan = 4 port switch on router (VLAN)

Route table with VPN connected:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.99.0.61      128.0.0.0       UG    0      0        0 tun0
default         98.179.8.1      0.0.0.0         UG    0      0        0 eth1
10.10.10.0      *               255.255.255.0   U     0      0        0 br-lan
10.99.0.1       10.99.0.61      255.255.255.255 UGH   0      0        0 tun0
10.99.0.61      *               255.255.255.255 UH    0      0        0 tun0
98.179.8.0      *               255.255.248.0   U     0      0        0 eth1
128.0.0.0       10.99.0.61      128.0.0.0       UG    0      0        0 tun0
178.73.212.245  98.179.8.1      255.255.255.255 UGH   0      0        0 eth1
 

Route table with VPN disconnected:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         98.179.8.1      0.0.0.0         UG    0      0        0 eth1
10.10.10.0      *               255.255.255.0   U     0      0        0 br-lan
98.179.8.0      *               255.255.248.0   U     0      0        0 eth1
 


eibgrad

join:2010-03-15
The fact the VPN client on the router is connected to a VPN server only changes the *perceived* public IP by any destination IPs accessed over that tunnel. At no time is your *actual* public IP changed.

Your question suggests that you’re trying to SSH into the VPN server’s public IP, which is the problem. You should still be using your router’s public IP.

One way this could happen if you’re using a DDNS client on a desktop or any other device that’s NOT the router. Then your DDNS domain name would be wrong because just like everything else over the VPN, it would only see the VPN server’s public IP. That’s why you should be using a DDNS client on the router, which will only update the DDNS service based on its WAN IP (the actual public IP).

salvo2002

join:2012-08-30
Bellevue, NE

1 edit
eibgrad, thanks for the reply. I've posted on a few other forums with no such luck.

Exactly what I am trying to figure out. When the VPN is connected the routing table shows two default routes. But the default route with my actual router public IP is being ignored.

With the VPN connected I have tried ssh using my ISP IP but I can't even ping it successfully. Which makes me think the packets are getting there but the reply is getting sent out the VPN because of the routing table.

I have a dyndns.org account and I am using it as you stated, it will only update changes on eth1 (WAN).

The VPN server sends a PUSH command that sets up the routing:

PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 80.67.0.2,dhcp-option DNS 91.213.246.2,redirect-gateway def1,route 10.99.1.1,topology net30,ping 10,ping-restart 160,ifconfig 10.99.1.62 10.99.1.61'
 

I believe the redirect-gateway def1 is what is overriding the my ISP default route.

The only problem is I don't know what to do to it get around this......

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to salvo2002
said by salvo2002:

Question:
With the VPN connected is there anyway for me to use my ISP public IP to ssh into my local lan? Is this even possible?

Look up "ssh tunnel with putty," but if this is what you're trying to do, adding the existing OpenVPN connection you
have right now is unneeded overhead in my view.

Regards