OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Ssh to bastion host While being on OpenVPN

https://forums.openvpn.net/viewtopic.php?t=44031

Page 1 of 1

Ssh to bastion host While being on OpenVPN

Posted: Fri Mar 01, 2024 8:15 am
by mirwasim0
Hello Everyone,
I am new here but I am sure that I will get support on my use case.
I have seen people reporting this issue but my case is slightly different

use case:
I have setup an openvpn in GCP from marketplace, done setup and started using it.
I am able to reach internal load balancers while I am on VPN which is expected.

in my OpenVPn I have set `Should client Internet traffic be routed through the VPN?` as NO because if it is yes then my internet stop working.

Now problem is that I have a bastion host which I have been using as a tunnel to connect with DB in private network earlier. I whitelist IP in firewall of bastion to connect with the DB, I whitelist the IP of openvpn in firewall so that I can ssh only while I am on VPN but it is not working and requests get timeout. in same way when I try to connect with DB while I am on VPN from cli it also time out .

I am expecting that I should be able to ssh in bastion and I should be able login to DB while I am on vpn.

if any logs are required please let me know I can share the related logs here .

Re: Ssh to bastion host While being on OpenVPN

Posted: Thu Mar 07, 2024 6:45 pm
by openvpn_inc
Hi mir,

This seems to be OpenVPN Access Server, so I moved this post to the appropriate subforum.

Best way to get support is with the link in my signature, below. Even a free-tier (2 connections) AS user can open a Support ticket.

If you're changing the firewall on your AS host, that is strongly not recommended. AS needs to manage its own firewall.

Also sounds like there could be routing vs. NAT issues here. By default AS uses NAT to connect to VPN destinations, but you might want to configure routing on yours.

HTH, regards, rob0

Re: Ssh to bastion host While being on OpenVPN

Posted: Wed Nov 27, 2024 4:45 am
by stacey45
  • Routing Table: Ensure that the VPN client is configured to route traffic to the bastion host and the database through the VPN tunnel. Check the routing table on your VPN client to verify this.
  • DNS Resolution: Make sure that your VPN client is configured to resolve DNS requests through the VPN tunnel. This is crucial for accessing internal resources by their hostnames.
  • Firewall Rules: Verify that the firewall rules on the bastion host and the database server allow traffic from the VPN client's IP address.
  • SSH Configuration: Ensure that SSH is ZYNRewards configured to allow connections from the VPN client's IP address.
  • Firewall Rules: Check the firewall rules on the bastion host to allow traffic from the VPN client's IP address.
  • Network Address Translation (NAT): If NAT is involved in your network setup, ensure that the VPN client's IP address is translated correctly.
  • IP Routing: Verify that the network routing is configured correctly to route traffic from the VPN client to the bastion host and the database.
  • DNS Settings: Ensure that the VPN client is configured to use the correct DNS servers.
  • Routing Table: Check the VPN client's routing table to verify that traffic is being routed through the VPN tunnel.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/