Machine connected to a vpn not reachable anymore from the outside

Question

My raspberry is connected to my lan network 192.168.1.0/24 and it has a static ip. From the outside I can reach it by opening some ports on the ISP router. I have installed an openvpn client on it which creates a tun0 network on 10.8.8.0/24. When the raspberry is connected to the vpn of course I cannot reach it anymore from the outside. How can I reroute the traffic on the local network, so that even if the VPN is connected I can still reach it from the outside?

Thanks a lot in advance

score 1 · Accepted Answer · answered Sep 27 '18 at 21:50

1

What you need is policy based routing. Basically, you want answers to packets from outside to go directly back and not to the VPN.

ip rule add from 192.168.1.0/24 table 200
ip route add 192.168.1.0/24 dev eth0 table 200
ip route add default via 192.168.1.1 table 200

This assumes that eth0 is the name of your interface and 192.168.1.1 is the address of your router.

answered Sep 27 '18 at 21:50

RalfFriedl

3,108
4
13
17

That's exactly what I wanted. And it works! thanks! – mariuccio Sep 27 '18 at 22:02

score 0 · Answer 2 · answered Sep 27 '18 at 19:46

0

Even if you're running vpn on the device it shouldn't interfere in the communication with the static ip address because what the vpn does is that it assigns a virtual IP address to the client. have you tried to ping (from inside the router) to the Raspberry when it's connected to the vpn?

answered Sep 27 '18 at 19:46

Humberto Castellon

879
1
7
17

Yes I can connect to 192.168.1.x of the raspberry internally. – mariuccio Sep 27 '18 at 19:48
So if you can ping the Raspberry device internally (when connected to the vpn) something might be happening with the port forwarding in the ISP router (I assume). – Humberto Castellon Sep 27 '18 at 19:50
Not sure. Because as soon as I disconnect the vpn client, then I can again access the raspberry from the outside. Still struggling to understand why. – mariuccio Sep 27 '18 at 19:52
To have more information, what kind of communication you use from outside network to the inside network? – Humberto Castellon Sep 27 '18 at 19:54
I have an ssh port opened on the router with port forwarding on the raspberry and also openvpn – mariuccio Sep 27 '18 at 19:57
and what kind of error message you get when you ssh? My point is that if your device connected to the vpn is reachable from the ISP router but not from outside network the error might be in the packet forwarding. In order to reach inside from outside you're using the public IP address. – Humberto Castellon Sep 27 '18 at 20:02
Looks like the router doesn't know how to reach that ip during the port forwarding – mariuccio Sep 27 '18 at 20:02
I don't receive any error. Connection timeout only – mariuccio Sep 27 '18 at 20:03
What I'd try is to troubleshoot with ping/tracert tool so I'd be able to see where the communication drops/get blocked maybe. – Humberto Castellon Sep 27 '18 at 20:07
Go ahead and post back any update please. – Humberto Castellon Sep 27 '18 at 20:09

Machine connected to a vpn not reachable anymore from the outside

2 Answers2