Hello, On Wed, Jan 17, 2024 at 09:57:41PM +0100, Bo Berglund wrote: > Is there some way when that RPi has connected to my OpenVPN server to reach it > "backwards" via the connected tunnel? I mean to establish a command line SSH > interface through the tunnel or similar.
Well, it has a (presumably private) address on the OpenVPN interface that you can control from the VPN server configuration. For example here, this is an OpenVPN client with no public address (on a CGNAT via a 4G wireless link): The 4G interface with a private IP (wwan0) inet 10.56.90.106/30 brd 10.56.90.107 scope global dynamic wwan1 (obviously, you can't do much with it, as it's CGNAT controlled by the 4G network operator) The OpenVPN interface with a private IP (tap0, also works with tun0) inet 192.168.251.4/24 scope global tap0 So, from the OpenVPN server, assuming your pi has no firewall: schaefer@shakotay:~$ telnet 192.168.251.4 22 Trying 192.168.251.4... Connected to 192.168.251.4. Escape character is '^]'. SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3 Yes, SSH on your pi can be reached, or whatever service you want to be reachable. > But the lack of public IP makes it impossible to run a server on the client > side > to access the RPi and I guess if done it would create a closed loop kind of > connection... Just make your SSH server on the pi listen on 0.0.0.0 (which is the default), it will happily answer on all of the IP addresses, private or public, that it has. > Advice on how to configure the client and server for this is gratefully > appreciated. In my case, there IS a firewall, and the OpenVPN client startup script configures it correctly so that the SSH server is accessible from the VPN. If I remember well, in addition, I had to derive the (private) IP address from the certificate client name (CN) and push it to the client through the server connect script, something like: case $common_name in client[0-9][0-9]) the_ip=${common_name/client} case $the_ip in 0*) the_ip=${the_ip/0};; esac cat > $1 <<EOF ifconfig-push 192.168.251.$the_ip 255.255.255.0 ... _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users