1

I am running OpenVPN server on server (EC2 node on AWS). I am using this server as an access to internal AWS network.

In order to route traffic from my PC (VPN client) to restricted AWS resource via whitelisted VPN IP I am using those commands: sudo route add xx.xx.xx.xx tun0 after the VPN connection is up, where xx.xx.xx.xx is the address of the restricted resource.

The traffic to OpenVPN server is allowed on port 1194 UDP only. I would like to connect to OpenVPN server on port 22 (SSH), but this is not allowed.

Is it possible to route traffic, so I connect to VPN then the traffic on port 22 (only) is routed through VPN itself?

The sudo route add xx.xx.xx.xx tun0 where xx.xx.xx.xx is the IP of the VPN server doesn't work, as it routes all the traffic through VPN, including the VPN connection itself, effectively breaking the connection.

Tom Raganowicz
  • 183
  • 1
  • 1
  • 9

1 Answers1

0

In order for this to work, the VPN server would need to have another "internal" IP address, similar to your restricted IP example. Routing tables don't distinguish between ports, only ip addresses. So, as you pointed out, if you: route add <VPN server IP> tun0, your tunnel goes down because you just tried to route your tunnel inside your tunnel...
Another solution would be to connect to a restricted resource and then from their connect back to your VPN server, assuming the restricted resource can reach the VPN server...

Scott Lundberg
  • 2,364
  • 2
  • 14
  • 22