SSHing into a RasPi while an openVPN connection is active for all IPs not within the local 10.0.0.* network

0

I would like to be able to SSH into my raspi; which I can do so over the wlan0 interface if it simplifies things.

All other connections Id like to be routed through an openvpn connection at interface tun0.

What Im hoping for is the openvpn configurations or the iptables routing that allows me to ssh into my raspi, while openvpn is active.

Restated:

  • Between my local network and the raspi, dont use the VPN
  • Between my raspi and everything outside my local network, use the VPN

ifconfig on my primary machine (connected over wireless)

$ ifconfig  

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=3<RXCSUM,TXCSUM>
    inet6 ::1 prefixlen 128 
    inet 127.0.0.1 netmask 0xff000000 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=1<PERFORMNUD>
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether ac:bc:32:93:36:c7 
    inet6 fe80::aebc:32ff:fe93:36c7%en0 prefixlen 64 scopeid 0x4 
    inet6 2601:643:8500:614:aebc:32ff:fe93:36c7 prefixlen 64 autoconf 
    inet6 2601:643:8500:614:cbb:be12:9871:b2b4 prefixlen 64 autoconf temporary 
    inet 10.0.0.224 netmask 0xffffff00 broadcast 10.0.0.255
    inet6 2601:643:8500:614::a8ce prefixlen 64 dynamic 
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 0b:0b:0b:0b:0b:0b 
    inet6 fe80::aebc:32ff:fe93:36c7%en5 prefixlen 64 scopeid 0x7 
    inet 169.254.105.195 netmask 0xffff0000 broadcast 169.254.255.255
    nd6 options=1<PERFORMNUD>
    media: autoselect (10baseT/UTP <full-duplex>)
    status: active

awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1452
    ether f6:1e:4f:ec:7b:b8 
    inet6 fe80::f41e:4fff:feec:7bb8%awdl0 prefixlen 64 scopeid 0x9 
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active

ifconfig on the RasPi (connected with a hard-wire ethernet)

$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.130  netmask 255.255.255.0  broadcast 10.0.0.255
        ether b8:27:eb:4d:28:33  txqueuelen 1000  (Ethernet)
        RX packets 130  bytes 17325 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 62  bytes 9923 (9.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.155  netmask 255.255.255.0  broadcast 10.0.0.255
        ether b8:27:eb:18:7d:66  txqueuelen 1000  (Ethernet)
        RX packets 66  bytes 9976 (9.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 2116 (2.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
networking
wireless-networking
ssh
vpn
openvpn
asked on Super User Dec 13, 2018 by carl crott • edited Dec 13, 2018 by carl crott

1 Answer

0

So you just need to setup the appropriate routing on your raspberry pi - exactly how you do this will depend on the distribution your using.

If your local network was using 192.168.0.1-255 then you'd need to tell it to route this via the wlan0 interface. It'll do this automatically unless you configure openvpn to deliberately 'route all traffic' - this is normally an option in the openvpn config which makes it add two routes to achieve this.

And then you just need to make sure the default route, points to the gateway which would be on the other end of your openvpn link.

route add default gateway 192.168.111.1 or whatever IP the gateway will be.

answered on Super User Dec 13, 2018 by djsmiley2kStaysInside

User contributions licensed under CC BY-SA 3.0