Ssh to bastion host While being on OpenVPN

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
mirwasim0
OpenVpn Newbie
Posts: 1
Joined: Fri Mar 01, 2024 8:07 am

Ssh to bastion host While being on OpenVPN

Post by mirwasim0 » Fri Mar 01, 2024 8:15 am

Hello Everyone,
I am new here but I am sure that I will get support on my use case.
I have seen people reporting this issue but my case is slightly different

use case:
I have setup an openvpn in GCP from marketplace, done setup and started using it.
I am able to reach internal load balancers while I am on VPN which is expected.

in my OpenVPn I have set `Should client Internet traffic be routed through the VPN?` as NO because if it is yes then my internet stop working.

Now problem is that I have a bastion host which I have been using as a tunnel to connect with DB in private network earlier. I whitelist IP in firewall of bastion to connect with the DB, I whitelist the IP of openvpn in firewall so that I can ssh only while I am on VPN but it is not working and requests get timeout. in same way when I try to connect with DB while I am on VPN from cli it also time out .

I am expecting that I should be able to ssh in bastion and I should be able login to DB while I am on vpn.

if any logs are required please let me know I can share the related logs here .

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Ssh to bastion host While being on OpenVPN

Post by openvpn_inc » Thu Mar 07, 2024 6:45 pm

Hi mir,

This seems to be OpenVPN Access Server, so I moved this post to the appropriate subforum.

Best way to get support is with the link in my signature, below. Even a free-tier (2 connections) AS user can open a Support ticket.

If you're changing the firewall on your AS host, that is strongly not recommended. AS needs to manage its own firewall.

Also sounds like there could be routing vs. NAT issues here. By default AS uses NAT to connect to VPN destinations, but you might want to configure routing on yours.

HTH, regards, rob0
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

stacey45
OpenVpn Newbie
Posts: 4
Joined: Tue Nov 26, 2024 11:19 am

Re: Ssh to bastion host While being on OpenVPN

Post by stacey45 » Wed Nov 27, 2024 4:45 am

  • Routing Table: Ensure that the VPN client is configured to route traffic to the bastion host and the database through the VPN tunnel. Check the routing table on your VPN client to verify this.
  • DNS Resolution: Make sure that your VPN client is configured to resolve DNS requests through the VPN tunnel. This is crucial for accessing internal resources by their hostnames.
  • Firewall Rules: Verify that the firewall rules on the bastion host and the database server allow traffic from the VPN client's IP address.
  • SSH Configuration: Ensure that SSH is ZYNRewards configured to allow connections from the VPN client's IP address.
  • Firewall Rules: Check the firewall rules on the bastion host to allow traffic from the VPN client's IP address.
  • Network Address Translation (NAT): If NAT is involved in your network setup, ensure that the VPN client's IP address is translated correctly.
  • IP Routing: Verify that the network routing is configured correctly to route traffic from the VPN client to the bastion host and the database.
  • DNS Settings: Ensure that the VPN client is configured to use the correct DNS servers.
  • Routing Table: Check the VPN client's routing table to verify that traffic is being routed through the VPN tunnel.

Post Reply