0

I have an Arch Linux SSH/SFTP server connected to a PrivateInternetAccess VPN which I want to ssh into from an android phone. The problem is, if the phone is also connected to a PIA VPN, SSH hangs and cannnot connect to my server. If I disconnect the VPN on the phone, I can ssh into the server. If I disconnect the server itself from the VPN, but use the VPN on the phone, SSH also works. I don't know that much about VPNs but from what I've read this has to do with the data getting 'lost' somewhere along the way and that I need to use traceroute to fix it. Can somebody help?

EDIT: It also works when I ssh using the server's local IP address, but not when using its ddns address so user@192.168.1.202 works, but user@server.ddns.net doesn't

EDIT2: Definitely not a problem with the SSH, if I try to use a web browser to access, say, the my home router's settings page by typing in server.ddns.net, I can only load it if I disconnect the device I am trying to access it FROM from the vpn

florosus
  • 1
  • 1

1 Answers1

1

PIA say they allow 5 devices simultaneously, so it should be possible to have both your server and your phone logged in, but for them to communicate via the tunnel, there phone needs to connect to your server using an IP within the VPN, not the IP your server otherwise uses to connect to the internet. It's possible for a public VPN provider like PIA to provide a port forwarding service for this, but I'm not sure that PIA actually do so?

Given that you have your own Linux server, and depending what you want a VPN for, you would probably be better off running openvpn yourself. E.g. see this DigitalOcean tutorial.

Your phone would connect via your own VPN to your server. Your server would forward traffic not destined for it onwards. The world would then see the traffic as coming from your server, which might not suit you (lack of anonymity), but if you want, the server could forward traffic through your PIA VPN.

In my experience, PIAs VPN service is very unstable. It's cheap, but may not meet your needs. It's worth considering that the cost of running a low end VPS for a VPN is not a lot more than the cost of the PIA service.

mc0e
  • 5,866
  • 18
  • 31
  • OK. I guess that connecting my router itself to the VPN and then running the router's DDNS update script every time the VPN IP changes would work. Any thoughts on my 2nd edit? So [link] (https://superuser.com/questions/1195392/vpn-and-dynamic-dns) is referring to the same thing then? Thanks. – florosus Jun 05 '17 at 16:40
  • server.ddns.net is a public IP, so traffic to it from a VPN connected device will go out over the VPN, then go to that public IP. Chances are your server will then attempt to route its reply via the VPN, which gets NAT translated, so your phone would see the reply packets coming from a different IP, and the connection would not get established. I'm guessing a little - have a look at the packets with tcpdump to confirm it. – mc0e Jun 05 '17 at 17:07