dpi for SSH protocol
- Thread starter Cake
- Start date
sfx2000
Part of the Furniture
What are you looking for?
SSH by it's nature is very secure, and DPI on a router likely doesn't have the CPU horsepower to do much with it, other than to allow/disallow connectivity, which can be done via config on the ssh daemon (dropbear in this case...)
Cake
Senior Member
Thanks for the reply,
I am trying to figure out why ssh protocol is not being routed through the vpn of router. Its not a port because I changed ssh ports so it must be id'd by the protocol.
I would appreciate if one of you rockstars on here can validate this.
http://www.snbforums.com/threads/ssh-and-openvpn-is-it-operator-error.30102/
I am trying to figure out why ssh protocol is not being routed through the vpn of router. Its not a port because I changed ssh ports so it must be id'd by the protocol.
I would appreciate if one of you rockstars on here can validate this.
http://www.snbforums.com/threads/ssh-and-openvpn-is-it-operator-error.30102/
Cake
Senior Member
The SSH can be the router, but I have been using a device behind router (raspbian) and a desktop (mint).
I take it you don't have the same thing?
I got started with this whole mess following this tutorial, enabling password-less scp login, and locking it down a little. All the device behind my router show up on the VPS as using my ISP IP, I am expecting it to show the VPN IP. The SSH Host's I have been using behind my router are all configured to go through a public VPN. Running curl ipecho.net/plain; echo on the SSH Host's reveal my VPN IP (like expected). However when ssh into my VPS from same device, and run (now on VPS ubuntu) sudo watch lsof -i shows me I did not go through my VPN.
Edit: I want the VPN ip (ex. from="1.1.*.*") in my authorized_keys file on the VPS, not my ISP. (I know it sounds a little crazy), but this is not important, just background info- as to why SSH is not going through the VPN is way more important.
I take it you don't have the same thing?
I got started with this whole mess following this tutorial, enabling password-less scp login, and locking it down a little. All the device behind my router show up on the VPS as using my ISP IP, I am expecting it to show the VPN IP. The SSH Host's I have been using behind my router are all configured to go through a public VPN. Running curl ipecho.net/plain; echo on the SSH Host's reveal my VPN IP (like expected). However when ssh into my VPS from same device, and run (now on VPS ubuntu) sudo watch lsof -i shows me I did not go through my VPN.
Edit: I want the VPN ip (ex. from="1.1.*.*") in my authorized_keys file on the VPS, not my ISP. (I know it sounds a little crazy), but this is not important, just background info- as to why SSH is not going through the VPN is way more important.
Last edited:
Cake
Senior Member
I'm sorry SFX, I meant ssh client behind my router to host sshd running on vps. Its the same for minecraft, so I guess its not just ssh. If I open minecraft game from behind my router and connect to the Minecraft server running on the same vps it shows that my ISP IP is connected. Everything is supposed to go through the openvpn of router.
I might switch versions of firmware to see if its that next week. I'm currently using rmerlin's latest. AC68U
Browser and using curl from behind my router shows I am going through VPN, is there a way to test UDP protocol only?
I might switch versions of firmware to see if its that next week. I'm currently using rmerlin's latest. AC68U
Browser and using curl from behind my router shows I am going through VPN, is there a way to test UDP protocol only?
sfx2000
Part of the Furniture
SSH is TCP.... no UPD on the SSH connection, but once the tunnel is established, then one can run UDP traffic over it...
Have you considered just running SSH direct from your client to the VPS? Going to be faster, and just as secure as OpenVPN, and then no messing around with IPTables and routes...
Have you considered just running SSH direct from your client to the VPS? Going to be faster, and just as secure as OpenVPN, and then no messing around with IPTables and routes...
Cake
Senior Member
I am at a loss. If I run openvpn straight from computer and not use the routers VPN client, ssh will use the VPN.
I have a device behind my router that fetches a file on boot using scp. I want it to use the VPN and set ssh settings for a user on vps to host='x.x.*.*'
That way if the device gets physically stolen from me and later on it gets attached to the same ISP (handing out a dynamic IP) it can't fetch the file.
Nobody else can take a couple minutes and test to confirm ssh is bypassing VPN.
Type watch ss -tp after you connect to your vps. (Using the openvpn of router)
Edit: Resolved
I have a device behind my router that fetches a file on boot using scp. I want it to use the VPN and set ssh settings for a user on vps to host='x.x.*.*'
That way if the device gets physically stolen from me and later on it gets attached to the same ISP (handing out a dynamic IP) it can't fetch the file.
Nobody else can take a couple minutes and test to confirm ssh is bypassing VPN.
Type watch ss -tp after you connect to your vps. (Using the openvpn of router)
Edit: Resolved
Last edited:
Similar threads
Latest threads
-
-
-
News Botnet Dismantled in International Operation- Started by AntonK
- Replies: 0
-
Release ASUS GT-BE98 Pro Firmware version 3.0.0.6.102_37839 5-8-2025 release
- Started by cc666
- Replies: 1
-
🐾 Idefix Terminal — an ultimate terminal in your ASUS-Merlin GUI- Started by MegaMango
- Replies: 10
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!