0

I have a Linux Mint 18.1 desktop on my home LAN. I run PIA VPN on this computer, and also run ssh server listening on port 22. I am able to ssh into this computer from other computers on the LAN using the internal IP address.

I wanted to also ssh into this computer from the internet, so I successfully setup port forwarding on my router. But, I initially was unable to ssh from the internet while PIA VPN was connected. I fixed this by creating source-based IP routing rules as described in the top answer to this post: Reply on same interface as incoming?.

Here are the changes I made:

echo 200 isp2 >> /etc/iproute2/rt_tables

ip rule add from 192.168.1.100 table isp2

ip route add default via 192.168.1.1 dev enp0s25 table isp2

192.168.1.100 is the computer's internal IP address

enp0s25 is my network adapter.

With those changes, I am now able to ssh from the internet to the computer, but ssh from a computer on the LAN no longer works (using either the internal IP address or the WAN address). When I remove those changes, ssh from a LAN computer is restored but I lose access from the internet.

So its clear to me I need to make additional IP routing rules to make access from both LAN and internet/WAN possible simultaneously. Can someone point me in the right direction?

thanks!

  • 1
    ssh in the internal lan using the internal IP address . Otherwise, you might not have setup it exactly as pointed out in the linked question. It might be better if you actually document your changes in this question. – Rui F Ribeiro Jul 15 '18 at 23:08
  • 1
    thanks for the response Rui. I've edited my question as you recommended. I have tried using the internal IP address as well as the WAN address with no luck –  Jul 15 '18 at 23:14
  • 1
    Am not sure why you are using a second routing table. I mean you just have one network interface, right? – Ezwig Jul 15 '18 at 23:22
  • Hi Ezwig thanks for the response. Yes I have only one physical network interface, but the way I understand it, when I connect to PIA VPN a second tun0 interface is created. Without making those changes I listed, traffic from an outside ssh connection directly to my WAN IP gets routed out the VPN's tun0 interface and therefore times out. By making those changes the computer routes the traffic back through my router/gateway. –  Jul 15 '18 at 23:29

1 Answers1

2

Basically your current setup makes all traffic from 192.168.1.100 use the second table isp2

that table only has a default gateway setup.

you should add one more route

ip route add 192.168.1.0/24 dev enp0s25 src 192.168.1.100 table isp2
Ezwig
  • 500
  • 1
  • 4
  • 15