OpenVPN client:: public ssh (or ping) not working

[adriansev]

Hi! It seems that all access to router public ip is lost after activating the openvpn client. (complete redirect)
I'm not sure how the routing tables and firewall is set, but wouldn't be possible to keep INPUT access to
the router public ip?

Thanks a lot!
Adrian

 

[eibgrad]

By default, any OpenVPN client connected to a commercial OpenVPN provider will direct all traffic to the VPN, both the router itself and the LAN clients. As a result, any attempt to remotely access devices bound to the VPN over the WAN will have its replies routed back over the VPN. But that's a violation of RPF (reverse-path filtering) as configured in the routing system, which requires all traffic to ingress and egress the network via the same network interface.

There are several ways to circumvent the problem, but the most common is to use Routing Policy to route specific clients over the VPN (even if that means the entire network, 192.168.1.0/24). By doing so, it will remove the router itself from the VPN, and ssh and other router-based services will once again become accessible over the WAN.

For other devices on the LAN, it's the same thing. You can't remotely access them over the WAN *and* bind them to the VPN at the same time. It's one or the other.

 

[adriansev]

Thanks a lot! your answer is on point, all i want is that the internal network to be routed through vpn BUT to access the router through ssh for maintenance/support. Thanks a lot!