Force SSH connection through a different interface

Question

I want to connect remotely using SSH.

However, I'm not able to while my VPN is active, so I disconnect from the VPN and then connect using the other connection.

How can I force the connection through my other connection when connected to the VPN?

I'm using Windows 7 and PuTTY client.

Please add more information... Provide a routing table of your current machine, what your client OS is (linux, windows) — RomeNYRR, Aug 13 '12 at 15:51

score 17 · Accepted Answer · edited Jun 09 '19 at 12:23

17

There are 2 options. First, you could modify your routes so that the SSH packets naturally go through the correct interface.

Or you could use the -b SSH option (or in a similar way the -B one):

     -b bind_address
             Use bind_address on the local machine as the source address of
             the connection.  Only useful on systems with more than one
             address.

It will bind your SSH client to a chosen local IP address, so that all packets will be emitted through the associated interface.

edited Jun 09 '19 at 12:23

moth

165
7

answered Aug 13 '12 at 16:00

Trak

186
1
3

1

what's the second option? i'm curious! – Eliran Malka May 01 '16 at 14:59
2

It would also be helpful to know how to do the equivalent in PuTTY, since the question specified that client. – echristopherson Jun 15 '16 at 17:06
It looks like the -b option does not support an IPv6 IP. Am I correct? – Arya Oct 05 '17 at 18:30
not supported on putty – toing_toing Dec 18 '19 at 13:19

score 7 · Answer 2 · edited Jul 30 '17 at 07:13

The issue was with the route taken.

The solution was to update the routing table. I used the route command to add a new route specifying the correct interface and gateway.

The command looks like route add <destination> mask <netmask> <gateway> <interface>, for example:

route -p add 10.100.10.10 mask 255.255.255.0 192.168.1.0 IF 13

-p is for persistent so it remains there after reboot. IF is for interface and you can get this number from the command route print.

moth · Answer 3 · 2019-08-26T09:45:56.723

You must change the route towards your destination.

A previous answer stated that the -b or -B options can be used, but normally, if the VPN is activated this does not work because it reroutes the traffic towards any destination through the VPN network interface - generally named tun0.

Therefore, you must reconfigure the route taken to reach your destination. Let us call it <destination>, and <gate1> the IP address of the gateway (technically the address of the nexthop router) associated to the different interface that you want to use. With ip route, route being deprecated, this should be:

ip route add <destination> via <gate1>

An alternative is

ip route add <destination> via <gate1> dev <different interface>

but given that the address <gate1> is already associated with your different interface, here <different interface>, that changes nothing.

What matters here, is to specify it is <gate1>, the gateway of your different interface, which has to be traversed, instead of that of the VPN.

This worked for me with `sudo ip route add 192.168.1.0/24 via 192.168.1.241 dev eth0` to access the 192.168.1.xxx subnet via eth0 (metric 300, IP address 192.168.1.241) instead of wlan0 (metric 200 = higher preference) — Sean McCarthy, Dec 07 '21 at 22:06

Force SSH connection through a different interface

3 Answers3