[Solved] Inbound port forwarding problem - Linux policy based routing
Posted: Wed Mar 11, 2015 6:55 pm
Hi I have a Problem it would be great if anyone can help me. I try since two days get this running but had no luck ;-(
My Problem: Inbound port forwardings from my Internet-Router when running OpenVPN.
When I am away from home I usualy use SSH to log into my machine. So I "dial" in by SSH to my public static IP on port 2222. This Port forwards to my Linux Desktop port 22.
If I start OpenVPN this stops working. I guess that inbound traffic comes from eth0 (192.168.220.1) and outbound traffic goes through vpns tun0. Is there a way to keep local net running?
Network Configuration:
{ Internet } -> [Router] -> [LinuxDesktop]
11.11.11.11 -> 192.168.220.1 -> 192.168.220.174
-> Port 2222 -> Port 22
VPN client Configuration:
client
dev tun
daemon
auth-retry nointeract
proto udp
remote de1.vpn.goldenfrog.com 1194
resolv-retry infinite
nobind
comp-lzo
reneg-sec 0
keepalive 10 60
persist-key
persist-tun
<ca>
...
</ca>
ifconfig:
eth0 Link encap:Ethernet Hardware Adresse 00:0d:b9:33:76:82 * inet Adresse:192.168.220.174 Bcast:192.168.220.255 Maske:255.255.255.0 * UP BROADCAST RUNNING MULTICAST MTU:1492 Metrik:1 * RX packets:517 errors:0 dropped:0 overruns:0 frame:0 * TX packets:492 errors:0 dropped:0 overruns:0 carrier:0 * Kollisionen:0 Sendewarteschlangenlänge:1000 * RX bytes:54426 (53.1 KiB) TX bytes:44948 (43.8 KiB) * Interrupt:30
tun0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-* 00 * inet Adresse:10.24.2.56 P-z-P:10.24.2.56 Maske:255.255.0.0 * UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1500 Metrik:1 * RX packets:6 errors:0 dropped:0 overruns:0 frame:0 * TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 * Kollisionen:0 Sendewarteschlangenlänge:100 * RX bytes:469 (469.0 B) TX bytes:293 (293.0 B)
route with openvpn on:
138.199.67.146 192.168.220.1 255.255.255.255 UGH 0 0 0 eth0
192.168.220.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.24.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
0.0.0.0 10.24.0.1 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.24.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.220.1 0.0.0.0 UG 0 0 0 eth0
Any idea?
Tim
My Problem: Inbound port forwardings from my Internet-Router when running OpenVPN.
When I am away from home I usualy use SSH to log into my machine. So I "dial" in by SSH to my public static IP on port 2222. This Port forwards to my Linux Desktop port 22.
If I start OpenVPN this stops working. I guess that inbound traffic comes from eth0 (192.168.220.1) and outbound traffic goes through vpns tun0. Is there a way to keep local net running?
Network Configuration:
{ Internet } -> [Router] -> [LinuxDesktop]
11.11.11.11 -> 192.168.220.1 -> 192.168.220.174
-> Port 2222 -> Port 22
VPN client Configuration:
client
dev tun
daemon
auth-retry nointeract
proto udp
remote de1.vpn.goldenfrog.com 1194
resolv-retry infinite
nobind
comp-lzo
reneg-sec 0
keepalive 10 60
persist-key
persist-tun
<ca>
...
</ca>
ifconfig:
eth0 Link encap:Ethernet Hardware Adresse 00:0d:b9:33:76:82 * inet Adresse:192.168.220.174 Bcast:192.168.220.255 Maske:255.255.255.0 * UP BROADCAST RUNNING MULTICAST MTU:1492 Metrik:1 * RX packets:517 errors:0 dropped:0 overruns:0 frame:0 * TX packets:492 errors:0 dropped:0 overruns:0 carrier:0 * Kollisionen:0 Sendewarteschlangenlänge:1000 * RX bytes:54426 (53.1 KiB) TX bytes:44948 (43.8 KiB) * Interrupt:30
tun0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-* 00 * inet Adresse:10.24.2.56 P-z-P:10.24.2.56 Maske:255.255.0.0 * UP PUNKTZUPUNKT RUNNING NOARP MULTICAST MTU:1500 Metrik:1 * RX packets:6 errors:0 dropped:0 overruns:0 frame:0 * TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 * Kollisionen:0 Sendewarteschlangenlänge:100 * RX bytes:469 (469.0 B) TX bytes:293 (293.0 B)
route with openvpn on:
138.199.67.146 192.168.220.1 255.255.255.255 UGH 0 0 0 eth0
192.168.220.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.24.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0
0.0.0.0 10.24.0.1 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.24.0.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.220.1 0.0.0.0 UG 0 0 0 eth0
Any idea?
Tim