0

Is it possible to access the host running OpenVPN server through the tunnel itself on Linux (openSUSE)?

For example, if my OpenVPN host's* VPN IP is 10.125.0.1 and its public IP is 1.2.3.4, I would like traffic sent to 1.2.3.4 to go through the tunnel (I'm trying to bypass an SSH-restricting firewall). However, SSHing to both 10.125.0.1 and 1.2.3.4 fails even with the VPN on.

I assume SSH connections are simply blocked from the tun/tap interfaces (10.125.0.1) on the OpenVPN host which is fine, but connections to 1.2.3.4 should still go through surely.

I checked the routing table on my SSH client machine* and the default route is in fact the VPN interface, but the connections to 1.2.3.4 still go through the LAN gateway route:

// Route to VPN Server
user@host:~> sudo ip route get <OpenVPN Host IP>
<OpenVPN Host IP> via <LAN Gateway IP> dev wlan0 src <LAN Host IP> uid 0 
    cache 

// Route to Google's DNS
user@host:~> sudo ip route get 8.8.8.8
8.8.8.8 via <VPN Gateway IP> dev vpn src <VPN Host IP> uid 0 
    cache

(For clarity, the VPN interface on my client machine is called vpn)

I know it's possible to do this on a phone (Android) because it works (SSH) with the OpenVPN app but is it possible and if so, how can it be done on desktop?

I guess in a way my question is, what's the difference between the OpenVPN mobile app and the desktop (Linux) version?

* Additional Info

OpenVPN Server:

  • Ubuntu 18.04 machine
  • Technically runs SoftEther VPN server but with OpenVPN emulation. This cannot be the source of the problem as the desired results are achievable on mobile with OpenVPN app
  • Public IP 1.2.3.4 and private (VPN) IP 10.125.0.1
  • Is VPN gateway

OpenVPN Client:

  • openSUSE Leap 15.1 machine
  • Successfully connects to OpenVPN server
  • All traffic other than that to the OpenVPN Server IP goes through VPN
  • Connection created and managed through NetworkManager
  • Can ping the OpenVPN server host (both IPs) but this happens over the LAN route rather than VPN

I feel like my wording of the question is overcomplicated so please ask for clarification in the comments if needs be.

Thank you in advance

user9123
  • 103
  • 5

1 Answers1

0

Technically yes, but it's not going to work.

Your proposal would put the traffic generated by OpenVPN into the tunnel itself, creating a snake which eats own tail.

OpenVPN host's* VPN IP is 10.125.0.1 and its public IP is 1.2.3.4, I would like traffic sent to 1.2.3.4

If you'd like to send a packet to 10.125.0.1, you will end up wrapping it in an other one addressed to 1.2.3.4. If you do what you want, to send a packet to 1.2.3.4, you'd need to route that packet to 10.125.0.1, which would need to send a packet to 1.2.3.4 and the circle is now closed, and repeats itself forever.

On Android, the traffic generated by the app is captured before it is actually routed by the phone's OS - but here you don't have the layer between apps and the OS.

asdmin
  • 2,050
  • 17
  • 28
  • Ah, I see. Is there any other way to connect to the VPN host through the tunnel then? Or do I need another server to SSH into from which I can SSH into my VPN server? – user9123 Jan 30 '20 at 18:28
  • why don't use the IP on the VPN network instead? – asdmin Feb 17 '20 at 07:42