Combining OpenVPN with a reversed SSH tunnel

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
bcnx
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 20, 2021 9:31 pm

Combining OpenVPN with a reversed SSH tunnel

Post by bcnx » Mon Sep 20, 2021 9:48 pm

Hi,

I have a Raspberry Pi in a remote LAN. The Pi does a remote SSH tunnel to a public SSH server, presenting the OpenVPN port (I used port 10012) active on that server. I want to combine OpenVPN with the SSH tunnel. I tried to do this by changing the "remote" statement in a working OpenVPN client file, but then I get:

TCP: connect to [AF_INET]176.58.101.53:10012 failed: Connection refused

I configured OpenVPN to use TCP by the way, SSH tunneling does not support UDP I believe.

What could be wrong? Also, does the OpenVPN server support the use of a SOCKS proxy? That could be another route to accomplish this.

Cheers and thanks for your insights,

BC

bcnx
OpenVpn Newbie
Posts: 2
Joined: Mon Sep 20, 2021 9:31 pm

Re: Combining OpenVPN with a reversed SSH tunnel

Post by bcnx » Mon Sep 20, 2021 9:58 pm

I partially discovered why this does not work: the remote SSH tunnel binds to localhost and not to the public IP. When doing a local forwarding SSH tunnel to bring the remote port to my client and changing the OpenVPN config file to reflect this change, I get:

Mon Sep 20 23:58:28 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
Mon Sep 20 23:58:28 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Private Key Password: *********
Mon Sep 20 23:58:32 2021 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Sep 20 23:58:32 2021 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Sep 20 23:58:32 2021 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Mon Sep 20 23:58:32 2021 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Mon Sep 20 23:58:32 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1194
Mon Sep 20 23:58:32 2021 Socket Buffers: R=[131072->131072] S=[16384->16384]
Mon Sep 20 23:58:32 2021 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
Mon Sep 20 23:58:32 2021 TCP connection established with [AF_INET]127.0.0.1:1194
Mon Sep 20 23:58:32 2021 TCP_CLIENT link local: (not bound)
Mon Sep 20 23:58:32 2021 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1194
Mon Sep 20 23:58:32 2021 Connection reset, restarting [-1]
Mon Sep 20 23:58:32 2021 SIGUSR1[soft,connection-reset] received, process restarting
Mon Sep 20 23:58:32 2021 Restart pause, 5 second(s)
Enter Private Key Password: *********


BC

Post Reply