Hello, I have a server. When I connect it to e.g. one of NordVPN's VPN servers, my ssh connection (from local machine) freezes, and I can't connect to the server anymore. I tried it with other VPN provider and hosting company. To no avail. You can find OpenVPN config files here: https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
>From what I can see, when I start OpenVPN packets coming from my local machine reach the server (its eth0 interface), but disappear when the server makes a routing decision (https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg after nat/PREROUTING). By disappear I mean that this rule logs the packet: iptables -t nat -A PREROUTING -p icmp -j LOG --log-prefix="nat: PREROUTING: " But this one doesn't: iptables -t mangle -A INPUT -p icmp -j LOG --log-prefix="mangle: INPUT: " I have basically no rules in iptables (only -j LOG ones). Nothing custom in routing table: $ ip route default via srv.eth0.gw dev eth0 srv.eth0.net dev eth0 proto kernel scope link src srv.eth0.ip $ ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default Where: my.ip - IP of my local machine srv.eth0.ip - public IP of my server srv.eth0.gw - default gateway of my server srv.eth0.net - my server's network srv.tun0.ip - public IP of my server supplied by VPN server srv.tun0.gw - default gateway of my server supplied by VPN server srv.tun0.net - VPN's network vpn.ip - VPN server's public IP VPN server adds the following rules: 0.0.0.0/1 via srv.tun0.gw dev tun0 srv.tun0.net dev tun0 proto kernel scope link src srv.tun0.ip vpn.ip via srv.eth0.gw dev eth0 128.0.0.0/1 via srv.tun0.gw dev tun0 These two commands make it work: $ ip rule add from srv.eth0.ip table 1 $ ip route add table 1 default via srv.eth0.gw More details can be found here: https://lists.debian.org/debian-user/2018/05/msg00780.html Can you explain what's going on here? Thanks in advance. Regards, Yuri Kanivetsky ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
