I would like to tunnel the traffic on my Server through a VPN.
The problem is that when I activate the VPN through openVpn I loose the connection to the server through SSH and have to restart the server through a hard reboot.
Is there a way of routing all traffic through the VPN except SSH?
Id also like this to only be temporary, meaning that I would like to be able to switch it off and just let the traffic go through normal channels.
I already tried the solution posted here https://unix.stackexchange.com/questions/145635/debian-cli-torrent-program-through-vpn/145783#145783 but it did not work.
Additional Info:
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 XXX.XXX.XXX.XXX 0.0.0.0 UG 100 0 0 eth0
XXX.XXX.XXX.XXX 0.0.0.0 255.255.255.0 U 0 0 0 eth0
I get locked out directly when starting OpenVPN. Also my server should run as a client, routing all its traffic through another server.
EDIT:
I followed the explanation from here Anonymizing OpenVPN Allow SSH Access to Internal Server .
Now I am running
openvpn --config USVPN.ovpn --script-security 3 system --up /home/user/startVPNScript.sh
with the startVPNScript.sh containing
ip rule add fwmark 65 table novpn
sudo ip route add default via XXX.XXX.XXX.XXX dev eth0 table novpn
ip route flush cache
iptables -t mangle -A OUTPUT -p tcp --sport 22 -j MARK --set-mark 65
I have also executed this:
echo "201 novpn" >> /etc/iproute2/rt_tables
and it is permanent.
But after executing the openVPN command I still get locked out and have to do a Hard reboot through the ControlPanel of the ServerProvider.
EDIT2
Here are my Routing and firewall rules before starting the VPN ( Everything is empty to test it )
#novpn route table
default via DEFAULT.GATEWAY dev eth0
#normal route table
default DEFAULT.GATEWAY dev eth0 metric 100
XXX.XXX.XXX.XXX/24 dev eth0 proto kernel scope link src XXX.XXX.XXX.YYY
#iptable mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK tcp -- anywhere anywhere tcp spt:ssh MARK set 0x41
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
#iptable main
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Here are the rules after the OpenVPN connection has been established:
#novpn route table
default via DEFAULT.GATEWAY dev eth0
#normal route table
0.0.0.0/1 via 10.165.1.5 dev tun0
default via DEFAULT.GATEWAY dev eth0 metric 100
10.165.1.1 via 10.165.1.5 dev tun0
10.165.1.5 dev tun0 proto kernel scope link src 10.165.1.6
108.61.13.43 via DEFAULT.GATEWAY dev eth0
128.0.0.0/1 via 10.165.1.5 dev tun0
XXX.XXX.XXX.XXX/24 dev eth0 proto kernel scope link src XXX.XXX.XXX.YYY
#iptable mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK tcp -- anywhere anywhere tcp spt:ssh MARK set 0x41
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
#iptable main
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
