0

I want to tunnel my OpenVPN traffic through an SSH tunnel. I have

  • An OpenVPN server behind a router running on port 4321
  • SSH server on the same machine on port 22
  • Router forwards ports to the server's IP to 1234->22 and 4321->4321

The server is configured this way:

dev tun
proto tcp
port 4321
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_eqg0yy05M8ZkQjyy.crt
key /etc/openvpn/easy-rsa/pki/private/server_eqg0yy05M8ZkQjyy.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "block-outside-dns"
push "redirect-gateway def1"
client-to-client
keepalive 10 120
remote-cert-tls client
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3

And my client side looks like this:

client
dev tun
proto tcp-client
remote localhost 4321
route [my public IP] 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_eqg0yy05M8ZkQjyy name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----

If I use these server and client conf files on my Ubuntu laptop, and execute

ssh user@[my public IP] -p 1234 -L 4321:localhost:4321

and

sudo openvpn --config client1.ovpn

it works!

But on Android I can't get it working. I use ConnectBot (which was advised by many people), on which I am able to setup a connection to my SSH server and I have a local port forward 4321 -> localhost:4321.

When I have the SSH with active port forwarding running, I try to connect my OpenVPN with the official app (actually both official apps and two Androipd phones), ConnectBot says "Connection lost", breaking my tunnel. Why does the connection cut with the same configuration with "route [my public IP] 255.255.255.255 net_gateway" that works on my PC?

Anton
  • 1

2 Answers2

2

The question is old, but since there is no accepted answer I thought my answer might help anyone facing this issue... .

This happens because the packets passing through the ssh tunnel are forced to pass through the vpn app once the vpn client connects. This is why the VPN app connects immediately for a blink which causes the packets to go through the vpn app, hence dropping the SSH connection.

The solution is to exclude the ssh tunnel app in the vpn app. This is not possible in OpenVpn Connect. However, OpenVpn For Android has an Allowed Apps tab for each profile which allows you to exclude the ssh tunnel app, ConnectBot in your case.

You might also want to select "Use default Route" in IPv4 and IPv6 sections of the Routing tab of the profile.

Ali Nem
  • 121
  • 3
0

I did not have experience of openvpn through ssh tunnels. but I used a lot of openvpn clients app and most of them are having problems with my openvpn setup. you might try with the one i'm currently using and is working fine: OpenVPN for Android

djv
  • 81
  • 5
  • Hi, this is actually one of the two apps I tried. The other one is OpenVPN Connect. They both work without the tunnel, but they seem to breakthe SSH tunnel if it's used. People have used it successfully for this purpose according to internet. – Anton Apr 18 '18 at 13:54